[vpn-help] Simple shrew dialup vpn user with SSG-140 does not works
winterlee
fcc_wli at fastcase.com
Sun Jan 4 00:28:46 CST 2015
Hi , I'm trying to setting dial-up VPN on SSG140 and connect it with shrew
soft vpn client (according to
https://www.shrew.net/support/Howto_Juniper_SSG),
but always failed on connection (timeout) can you give some advice on how to
make it work , thank you.
VPN Configuration :
//-------------------------------------
n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:30
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:1
n:network-notify-enable:1
n:client-dns-used:0
n:client-dns-auto:0
n:client-dns-suffix-auto:0
n:client-splitdns-used:0
n:client-splitdns-auto:0
n:client-wins-used:0
n:client-wins-auto:0
n:phase1-dhgroup:2
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
s:network-host:xxx.xxx.xxx.xxx
s:client-auto-mode:push
s:client-iface:virtual
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk-xauth
s:ident-client-type:ufqdn
s:ident-server-type:any
s:ident-client-data:xxx at xxx.com
b:auth-mutual-psk:xxx
s:phase1-exchange:aggressive
s:phase1-cipher:3des
s:phase1-hash:md5
s:phase2-transform:esp-3des
s:phase2-hmac:md5
s:ipcomp-transform:disabled
n:phase2-pfsgroup:-1
s:policy-level:auto
s:policy-list-include:192.168.150.0 / 255.255.255.0
//-------------------------------------
Log Of SSG140:
//-------------------------------------
IKE xxx.xxx.xxx.xxx Phase 1: Aborted negotiations because the time limit has
elapsed. (0000/9508879)
IKE xxx.xxx.xxx.xxx phase 1:The symmetric crypto key has been generated
successfully.
IKE xxx.xxx.xxx.xxx Phase 1: Responder starts AGGRESSIVE mode negotiations.
//-------------------------------------
Log Of Client:
//-------------------------------------
15/01/04 13:48:16 ## : IKE Daemon, ver 2.2.2
15/01/04 13:48:16 ## : Copyright 2013 Shrew Soft Inc.
15/01/04 13:48:16 ## : This product linked OpenSSL 1.0.1c 10 May 2012
15/01/04 13:48:16 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
15/01/04 13:48:16 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-decrypt.cap'
15/01/04 13:48:16 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-encrypt.cap'
15/01/04 13:48:16 ii : rebuilding vnet device list ...
15/01/04 13:48:16 ii : device ROOT\VNET\0000 disabled
15/01/04 13:48:16 ii : network process thread begin ...
15/01/04 13:48:16 ii : pfkey process thread begin ...
15/01/04 13:48:16 ii : ipc server process thread begin ...
15/01/04 14:12:48 ii : ipc client process thread begin ...
15/01/04 14:12:48 <A : peer config add message
15/01/04 14:12:48 <A : proposal config message
15/01/04 14:12:48 <A : proposal config message
15/01/04 14:12:48 <A : client config message
15/01/04 14:12:48 <A : xauth username message
15/01/04 14:12:48 <A : xauth password message
15/01/04 14:12:48 <A : local id 'fcc_wli at fastcase.com' message
15/01/04 14:12:48 <A : preshared key message
15/01/04 14:12:48 <A : remote resource message
15/01/04 14:12:48 <A : peer tunnel enable message
15/01/04 14:12:48 DB : peer ref increment ( ref count = 1, obj count = 0 )
15/01/04 14:12:48 DB : peer added ( obj count = 1 )
15/01/04 14:12:48 ii : local address 192.168.1.66 selected for peer
15/01/04 14:12:48 DB : peer ref increment ( ref count = 2, obj count = 1 )
15/01/04 14:12:48 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
15/01/04 14:12:48 DB : tunnel added ( obj count = 1 )
15/01/04 14:12:48 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
15/01/04 14:12:48 DB : new phase1 ( ISAKMP initiator )
15/01/04 14:12:48 DB : exchange type is aggressive
15/01/04 14:12:48 DB : 192.168.1.66:500 <-> xxx.xxx.xxx.xxx:500
15/01/04 14:12:48 DB : a3148d632fff51c5:0000000000000000
15/01/04 14:12:48 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
15/01/04 14:12:48 DB : phase1 added ( obj count = 1 )
15/01/04 14:12:48 >> : security association payload
15/01/04 14:12:48 >> : - proposal #1 payload
15/01/04 14:12:48 >> : -- transform #1 payload
15/01/04 14:12:48 >> : key exchange payload
15/01/04 14:12:48 >> : nonce payload
15/01/04 14:12:48 >> : identification payload
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local supports XAUTH
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local supports nat-t ( draft v00 )
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local supports nat-t ( draft v01 )
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local supports nat-t ( draft v02 )
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local supports nat-t ( draft v03 )
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local supports nat-t ( rfc )
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local supports FRAGMENTATION
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local supports DPDv1
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local is SHREW SOFT compatible
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local is NETSCREEN compatible
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local is SIDEWINDER compatible
15/01/04 14:12:48 >> : vendor id payload
15/01/04 14:12:48 ii : local is CISCO UNITY compatible
15/01/04 14:12:48 >= : cookies a3148d632fff51c5:0000000000000000
15/01/04 14:12:48 >= : message 00000000
15/01/04 14:12:48 -> : send IKE packet 192.168.1.66:500 ->
xxx.xxx.xxx.xxx:500 ( 556 bytes )
15/01/04 14:12:48 0x : 4500022c df1d0000 4011a5f3 c0a80142 98b39912 01f401f4
02188679 a3148d63
15/01/04 14:12:48 0x : 2fff51c5 00000000 00000000 01100400 00000000 00000210
04000038 00000001
15/01/04 14:12:48 0x : 00000001 0000002c 01010001 00000024 01010000 80010005
80020001 80040002
15/01/04 14:12:48 0x : 8003fde9 800b0001 000c0004 00015180 0a000084 42b210e7
494c625d c4ee0f85
15/01/04 14:12:48 0x : e8e67942 f05f3210 affa67a3 e04dfcd7 430ee558 1542646f
02fe57b2 8cf8b00d
15/01/04 14:12:48 0x : 1578ab57 a86ec80d f41746cb f187a326 2f59b0a4 c010dac8
25c3a522 e463a612
15/01/04 14:12:48 0x : 35a2bbd5 5eb16724 be337c2b fb07d883 c870997d 8f70aa09
8eec1c33 d4e74ee2
15/01/04 14:12:48 0x : 99cb3cc8 c1daf1bb 885a8687 d951f985 cef4413a 05000018
fbfa4b78 742ffbb4
15/01/04 14:12:48 0x : d7aca515 ba0190b0 caa66f56 0d00001c 03000000 6663635f
776c6940 66617374
15/01/04 14:12:48 0x : 63617365 2e636f6d 0d00000c 09002689 dfd6b712 0d000014
4485152d 18b6bbcd
15/01/04 14:12:48 0x : 0be8a846 9579ddcc 0d000014 16f6ca16 e4a4066d 83821a0f
0aeaa862 0d000014
15/01/04 14:12:48 0x : 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 7d9419a6
5310ca6f 2c179d92
15/01/04 14:12:48 0x : 15529d56 0d000014 4a131c81 07035845 5c5728f2 0e95452f
0d000018 4048b7d5
15/01/04 14:12:48 0x : 6ebce885 25e7de7f 00d6c2d3 80000000 0d000014 afcad713
68a1f1c9 6b8696fc
15/01/04 14:12:48 0x : 77570100 0d000014 3b9031dc e4fcf88b 489a9239 63dd0c49
0d000014 f14b94b7
15/01/04 14:12:48 0x : bff1fef0 2773b8c4 9feded26 0d000018 166f932d 55eb64d8
e4df4fd3 7e2313f0
15/01/04 14:12:48 0x : d0fd8451 0d000014 8404adf9 cda05760 b2ca292e 4bff537b
00000014 12f5f28c
15/01/04 14:12:48 0x : 457168a9 702d9fe2 74cc0100
15/01/04 14:12:48 DB : phase1 resend event scheduled ( ref count = 2 )
15/01/04 14:12:48 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
15/01/04 14:12:53 -> : resend 1 phase1 packet(s) [0/2] 192.168.1.66:500 ->
xxx.xxx.xxx.xxx:500
15/01/04 14:12:58 -> : resend 1 phase1 packet(s) [1/2] 192.168.1.66:500 ->
xxx.xxx.xxx.xxx:500
15/01/04 14:13:03 -> : resend 1 phase1 packet(s) [2/2] 192.168.1.66:500 ->
xxx.xxx.xxx.xxx:500
15/01/04 14:13:08 ii : resend limit exceeded for phase1 exchange
15/01/04 14:13:08 ii : phase1 removal before expire time
15/01/04 14:13:08 DB : phase1 deleted ( obj count = 0 )
15/01/04 14:13:08 DB : tunnel ref decrement ( ref count = 1, obj count = 1 )
15/01/04 14:13:08 DB : policy not found
15/01/04 14:13:08 DB : policy not found
15/01/04 14:13:08 DB : policy not found
15/01/04 14:13:08 DB : policy not found
15/01/04 14:13:08 DB : policy not found
15/01/04 14:13:08 DB : policy not found
15/01/04 14:13:08 DB : removing tunnel config references
15/01/04 14:13:08 DB : removing tunnel phase2 references
15/01/04 14:13:08 DB : removing tunnel phase1 references
15/01/04 14:13:08 DB : tunnel deleted ( obj count = 0 )
15/01/04 14:13:08 DB : peer ref decrement ( ref count = 1, obj count = 1 )
15/01/04 14:13:08 DB : removing all peer tunnel references
15/01/04 14:13:08 DB : peer deleted ( obj count = 0 )
15/01/04 14:13:08 ii : ipc client process thread exit ...
//-------------------------------------
Thank you.
Winter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20150104/5aa1dbf5/attachment-0001.html>
More information about the vpn-help
mailing list