[vpn-help] Fwd: Problem establishing VPN

Freddy Turriaf fturriaf at gmail.com
Thu Oct 31 08:32:15 CDT 2013 

HI Alexis
It worked perfectly. Thanks very much!

Regards
-freddy


On Thu, Oct 31, 2013 at 4:52 AM, Alexis La Goutte <alexis.lagoutte at gmail.com
> wrote:

> Hi Freddy,
>
> I think the problem come the IKE Fragmentation.
> Do you try to no use Auto Mode for Phase 2 parameters ?
> Regards,
>
>
> On Thu, Oct 31, 2013 at 6:48 AM, Freddy Turriaf <fturriaf at gmail.com>wrote:
>
>> Hi there (shorter version)
>> I am facing a weird problem: my VPN fail when using my home cable
>> connection but succeed when tethering from my mobile phone.
>>  Here the logs:
>>
>> Failing connection (Cable):
>>
>> ...
>>
>> 13/10/30 22:47:42 -> : resend 1 phase2 packet(s) [0/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:47:47 -> : resend 1 phase2 packet(s) [1/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:47:52 -> : resend 1 phase2 packet(s) [2/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:47:53 >= : cookies 145a9efd828be9f6:9dfba21e6da431fa
>>
>> 13/10/30 22:47:53 >= : message e32a121d
>>
>> 13/10/30 22:47:57 ii : resend limit exceeded for phase2 exchange
>>
>> 13/10/30 22:47:57 ii : phase2 removal before expire time
>>
>> 13/10/30 22:47:58 -> : resend 1 phase2 packet(s) [0/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:48:03 -> : resend 1 phase2 packet(s) [1/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:48:08 -> : resend 1 phase2 packet(s) [2/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:48:09 >= : cookies 145a9efd828be9f6:9dfba21e6da431fa
>>
>> 13/10/30 22:48:09 >= : message c5ce4a49
>>
>> 13/10/30 22:48:13 ii : resend limit exceeded for phase2 exchange
>>
>> 13/10/30 22:48:13 ii : phase2 removal before expire time
>>
>> 13/10/30 22:48:14 -> : resend 1 phase2 packet(s) [0/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:48:19 -> : resend 1 phase2 packet(s) [1/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:48:24 -> : resend 1 phase2 packet(s) [2/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:48:25 >= : cookies 145a9efd828be9f6:9dfba21e6da431fa
>>
>> 13/10/30 22:48:25 >= : message 86f99b76
>>
>> 13/10/30 22:48:29 ii : resend limit exceeded for phase2 exchange
>>
>> 13/10/30 22:48:29 ii : phase2 removal before expire time
>>
>> 13/10/30 22:48:30 -> : resend 1 phase2 packet(s) [0/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:48:35 -> : resend 1 phase2 packet(s) [1/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:48:40 -> : resend 1 phase2 packet(s) [2/2] 192.168.0.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:48:41 >= : cookies 145a9efd828be9f6:9dfba21e6da431fa
>>
>> 13/10/30 22:48:41 >= : message 09019ef0
>>
>> 13/10/30 22:48:45 ii : resend limit exceeded for phase2 exchange
>>
>>
>> Now using my 4G tethering (successful)
>>
>> ...
>>
>> 13/10/30 22:53:12 >= : cookies 594fc69bad4dd2e4:98c94bc25b464bc5
>>
>> 13/10/30 22:53:12 >= : message d4143a8a
>>
>> 13/10/30 22:53:17 -> : resend 1 phase2 packet(s) [0/2] 172.20.10.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:53:22 -> : resend 1 phase2 packet(s) [1/2] 172.20.10.2:4500->
>> 135.244.31.254:4500
>>
>> 13/10/30 22:53:23 ii : processing phase2 packet ( 180 bytes )
>>
>> 13/10/30 22:53:23 =< : cookies 594fc69bad4dd2e4:98c94bc25b464bc5
>>
>> 13/10/30 22:53:23 =< : message d4143a8a
>>
>> 13/10/30 22:53:23 ii : matched ipsec-esp proposal #1 transform #32
>>
>> 13/10/30 22:53:23 ii : - transform    = esp-3des
>>
>> 13/10/30 22:53:23 ii : - key length   = default
>>
>> 13/10/30 22:53:23 ii : - encap mode   = udp-tunnel ( rfc )
>>
>> 13/10/30 22:53:23 ii : - msg auth     = hmac-sha1
>>
>> 13/10/30 22:53:23 ii : - pfs dh group = none
>>
>> 13/10/30 22:53:23 ii : - life seconds = 3600
>>
>> 13/10/30 22:53:23 ii : - life kbytes  = 0
>>
>> 13/10/30 22:53:23 ii : received peer RESPONDER-LIFETIME notification
>>
>> 13/10/30 22:53:23 ii : - 135.244.31.254:4500 -> 172.20.10.2:4500
>>
>> 13/10/30 22:53:23 ii : - ipsec-esp spi = 0x11134bca
>>
>> 13/10/30 22:53:23 ii : - data size 12
>>
>> 13/10/30 22:53:23 ii : phase2 ids accepted
>>
>> 13/10/30 22:53:23 ii : - loc ANY:135.244.1.243:* -> ANY:0.0.0.0/0:*
>>
>> 13/10/30 22:53:23 ii : - rmt ANY:0.0.0.0/0:* -> ANY:135.244.1.243:*
>>
>> 13/10/30 22:53:23 ii : phase2 sa established
>>
>> 13/10/30 22:53:23 ii : 172.20.10.2:4500 <-> 135.244.31.254:4500
>>
>> 13/10/30 22:53:23 >= : cookies 594fc69bad4dd2e4:98c94bc25b464bc5
>>
>> 13/10/30 22:53:23 >= : message d4143a8a
>>
>> I tried disabling NAT-T or Policy Generation to "Unique" (from auto) but
>> continue failing:
>>
>> ...
>>
>> 13/10/30 23:34:11 >= : cookies b80be3b5dbceeb8b:ee028b0319409d9c
>>
>> 13/10/30 23:34:11 >= : message 2758cac5
>>
>> 13/10/30 23:34:16 -> : resend 1 phase2 packet(s) [0/2] 192.168.1.106:500->
>> 135.244.31.254:500
>>
>> 13/10/30 23:34:21 -> : resend 1 phase2 packet(s) [1/2] 192.168.1.106:500->
>> 135.244.31.254:500
>>
>> 13/10/30 23:34:26 -> : resend 1 phase2 packet(s) [2/2] 192.168.1.106:500->
>> 135.244.31.254:500
>>
>> 13/10/30 23:34:27 >= : cookies b80be3b5dbceeb8b:ee028b0319409d9c
>>
>> 13/10/30 23:34:27 >= : message 0d575009
>>
>> 13/10/30 23:34:31 ii : resend limit exceeded for phase2 exchange
>>
>> 13/10/30 23:34:31 ii : phase2 removal before expire time
>>
>> 13/10/30 23:34:32 -> : resend 1 phase2 packet(s) [0/2] 192.168.1.106:500->
>> 135.244.31.254:500
>>
>> 13/10/30 23:34:37 -> : resend 1 phase2 packet(s) [1/2] 192.168.1.106:500->
>> 135.244.31.254:500
>>
>> 13/10/30 23:34:42 -> : resend 1 phase2 packet(s) [2/2] 192.168.1.106:500->
>> 135.244.31.254:500
>>
>> 13/10/30 23:34:43 >= : cookies b80be3b5dbceeb8b:ee028b0319409d9c
>>
>> 13/10/30 23:34:43 >= : message 077b253a
>>
>> 13/10/30 23:34:47 ii : resend limit exceeded for phase2 exchange
>>
>> 13/10/30 23:34:47 ii : phase2 removal before expire time
>>
>> 13/10/30 23:34:48 -> : resend 1 phase2 packet(s) [0/2] 192.168.1.106:500->
>> 135.244.31.254:500
>>
>> 13/10/30 23:34:48 <A : peer tunnel disable message
>>
>>
>> Any clue on what may wrong?
>>
>> Thanks very much
>> -f
>>
>> I am running 2.2.2 on Win 7
>>
>>
>> _______________________________________________
>> vpn-help mailing list
>> vpn-help at lists.shrew.net
>> https://lists.shrew.net/mailman/listinfo/vpn-help
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20131031/484d6b4d/attachment-0001.html>

More information about the vpn-help mailing list