Hi everybody,<br>I'm trying to set up Shrew VPN to connect to an Arkoon IPSec VPN Gateway with no luck.<br><br>This is iked.log:<br><br><i>09/10/10 02:04:25 ii : ipc client process thread begin ...<br>09/10/10 02:04:25 <A : peer config add message<br>
09/10/10 02:04:25 DB : peer ref increment ( ref count = 1, obj count = 0 )<br>09/10/10 02:04:25 DB : peer added ( obj count = 1 )<br>09/10/10 02:04:25 ii : local address 37.xxx.xxx.xxx:500 selected for peer<br>09/10/10 02:04:25 DB : peer ref increment ( ref count = 2, obj count = 1 )<br>
09/10/10 02:04:25 DB : tunnel ref increment ( ref count = 1, obj count = 0 )<br>09/10/10 02:04:25 DB : tunnel added ( obj count = 1 )<br>09/10/10 02:04:25 <A : proposal config message<br>09/10/10 02:04:25 <A : proposal config message<br>
09/10/10 02:04:25 <A : proposal config message<br>09/10/10 02:04:25 <A : client config message<br>09/10/10 02:04:25 <A : remote cert 'C:\Documents and Settings\MyUser\Desktop\Chiavi per VPN\CAcert.pem' message<br>
09/10/10 02:04:25 ii : 'C:\Documents and Settings\</i><i>MyUser</i><i>\Desktop\Chiavi per VPN\CAcert.pem' loaded<br>09/10/10 02:04:25 <A : local cert 'C:\Documents and Settings\</i><i>MyUser</i><i>\Desktop\Chiavi per VPN\user.pem' message<br>
09/10/10 02:04:25 ii : 'C:\Documents and Settings\</i><i>MyUser</i><i>\Desktop\Chiavi per VPN\user.pem' loaded<br>09/10/10 02:04:25 <A : local key 'C:\Documents and Settings\</i><i>MyUser</i><i>\Desktop\Chiavi per VPN\private_key.pem' message<br>
09/10/10 02:04:25 !! : 'C:\Documents and Settings\</i><i>MyUser</i><i>\Desktop\Chiavi per VPN\</i><i>private_key</i><i>.pem' load failed, requesting password<br>09/10/10 02:04:29 <A : file password<br>09/10/10 02:04:29 <A : local key 'C:\Documents and Settings\</i><i>MyUser</i><i>\Desktop\Chiavi per VPN\</i><i>private_key</i><i>.pem' message<br>
09/10/10 02:04:29 ii : 'C:\Documents and Settings\</i><i>MyUser</i><i>\Desktop\Chiavi per VPN\</i><i>private_key</i><i>.pem' loaded<br>09/10/10 02:04:29 <A : remote resource message<br>09/10/10 02:04:29 <A : peer tunnel enable message<br>
09/10/10 02:04:29 DB : tunnel ref increment ( ref count = 2, obj count = 1 )<br>09/10/10 02:04:29 DB : new phase1 ( ISAKMP initiator )<br>09/10/10 02:04:29 DB : exchange type is identity protect<br>09/10/10 02:04:29 DB : 37.</i><i>xxx.xxx.xxx</i><i>:500 <-> 89.</i><i>xxx.xxx.xxx</i><i>:500<br>
09/10/10 02:04:29 DB : 222ca8d59d7b8431:0000000000000000<br>09/10/10 02:04:29 DB : phase1 ref increment ( ref count = 1, obj count = 0 )<br>09/10/10 02:04:29 DB : phase1 added ( obj count = 1 )<br>09/10/10 02:04:29 >> : security association payload<br>
09/10/10 02:04:29 >> : - proposal #1 payload <br>09/10/10 02:04:29 >> : -- transform #1 payload <br>09/10/10 02:04:29 >> : vendor id payload<br>09/10/10 02:04:29 ii : local supports nat-t ( draft v00 )<br>
09/10/10 02:04:29 >> : vendor id payload<br>09/10/10 02:04:29 ii : local supports nat-t ( draft v01 )<br>09/10/10 02:04:29 >> : vendor id payload<br>09/10/10 02:04:29 ii : local supports nat-t ( draft v02 )<br>
09/10/10 02:04:29 >> : vendor id payload<br>09/10/10 02:04:29 ii : local supports nat-t ( draft v03 )<br>09/10/10 02:04:29 >> : vendor id payload<br>09/10/10 02:04:29 ii : local supports nat-t ( rfc )<br>09/10/10 02:04:29 >> : vendor id payload<br>
09/10/10 02:04:29 ii : local supports FRAGMENTATION<br>09/10/10 02:04:29 >> : vendor id payload<br>09/10/10 02:04:29 ii : local supports DPDv1<br>09/10/10 02:04:29 >> : vendor id payload<br>09/10/10 02:04:29 ii : local is SHREW SOFT compatible<br>
09/10/10 02:04:29 >> : vendor id payload<br>09/10/10 02:04:29 ii : local is NETSCREEN compatible<br>09/10/10 02:04:29 >> : vendor id payload<br>09/10/10 02:04:29 ii : local is SIDEWINDER compatible<br>09/10/10 02:04:29 >> : vendor id payload<br>
09/10/10 02:04:29 ii : local is CISCO UNITY compatible<br>09/10/10 02:04:29 >= : cookies 222ca8d59d7b8431:0000000000000000<br>09/10/10 02:04:29 >= : message 00000000<br>09/10/10 02:04:29 -> : send IKE packet 37.</i><i>xxx.xxx.xxx</i><i>:500 -> 89.</i><i>xxx.xxx.xxx</i><i>:500 ( 344 bytes )<br>
09/10/10 02:04:29 DB : phase1 resend event scheduled ( ref count = 2 )<br>09/10/10 02:04:29 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )<br>09/10/10 02:04:29 DB : tunnel ref increment ( ref count = 3, obj count = 1 )<br>
09/10/10 02:04:30 <- : recv IKE packet 89.</i><i>xxx.xxx.xxx</i><i>:500 -> 37.</i><i>xxx.xxx.xxx</i><i>:500 ( 152 bytes )<br>09/10/10 02:04:30 DB : phase1 found<br>09/10/10 02:04:30 DB : phase1 ref increment ( ref count = 2, obj count = 1 )<br>
09/10/10 02:04:30 ii : processing phase1 packet ( 152 bytes )<br>09/10/10 02:04:30 =< : cookies 222ca8d59d7b8431:9c1a4cb064d48a15<br>09/10/10 02:04:30 =< : message 00000000<br>09/10/10 02:04:30 << : security association payload<br>
09/10/10 02:04:30 << : - propsal #1 payload <br>09/10/10 02:04:30 << : -- transform #1 payload <br>09/10/10 02:04:30 ii : matched isakmp proposal #1 transform #1<br>09/10/10 02:04:30 ii : - transform = ike<br>
09/10/10 02:04:30 ii : - cipher type = aes<br>09/10/10 02:04:30 ii : - key length = 128 bits<br>09/10/10 02:04:30 ii : - hash type = md5<br>09/10/10 02:04:30 ii : - dh group = modp-1024<br>09/10/10 02:04:30 ii : - auth type = sig-rsa<br>
09/10/10 02:04:30 ii : - life seconds = 86400<br>09/10/10 02:04:30 ii : - life kbytes = 0<br>09/10/10 02:04:30 << : vendor id payload<br>09/10/10 02:04:30 ii : peer supports nat-t ( rfc )<br>09/10/10 02:04:30 << : vendor id payload<br>
09/10/10 02:04:30 ii : peer supports DPDv1<br>09/10/10 02:04:30 << : vendor id payload<br>09/10/10 02:04:30 ii : unknown vendor id ( 19 bytes )<br>09/10/10 02:04:30 0x : 13006e28 c13e71ec b7deaebb f343b6a0 342e32<br>
09/10/10 02:04:30 >> : key exchange payload<br>09/10/10 02:04:30 >> : nonce payload<br>09/10/10 02:04:30 >> : cert request payload<br>09/10/10 02:04:30 >> : nat discovery payload<br>09/10/10 02:04:30 >> : nat discovery payload<br>
09/10/10 02:04:30 >= : cookies 222ca8d59d7b8431:9c1a4cb064d48a15<br>09/10/10 02:04:30 >= : message 00000000<br>09/10/10 02:04:30 DB : phase1 resend event canceled ( ref count = 1 )<br>09/10/10 02:04:30 -> : send IKE packet 37.</i><i>xxx.xxx.xxx</i><i>:500 -> 89.</i><i>xxx.xxx.xxx</i><i>:500 ( 257 bytes )<br>
09/10/10 02:04:30 DB : phase1 resend event scheduled ( ref count = 2 )<br>09/10/10 02:04:30 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )<br>09/10/10 02:04:30 <- : recv IKE packet 89.</i><i>xxx.xxx.xxx</i><i>:500 -> 37.</i><i>xxx.xxx.xxx</i><i>:500 ( 228 bytes )<br>
09/10/10 02:04:30 DB : phase1 found<br>09/10/10 02:04:30 DB : phase1 ref increment ( ref count = 2, obj count = 1 )<br>09/10/10 02:04:30 ii : processing phase1 packet ( 228 bytes )<br>09/10/10 02:04:30 =< : cookies 222ca8d59d7b8431:9c1a4cb064d48a15<br>
09/10/10 02:04:30 =< : message 00000000<br>09/10/10 02:04:30 << : key exchange payload<br>09/10/10 02:04:30 << : nonce payload<br>09/10/10 02:04:30 << : cert request payload<br>09/10/10 02:04:30 << : nat discovery payload<br>
09/10/10 02:04:30 << : nat discovery payload<br>09/10/10 02:04:30 ii : disabled nat-t ( no nat detected )<br>09/10/10 02:04:30 == : DH shared secret ( 128 bytes )<br>09/10/10 02:04:30 == : SETKEYID ( 16 bytes )<br>09/10/10 02:04:30 == : SETKEYID_d ( 16 bytes )<br>
09/10/10 02:04:30 == : SETKEYID_a ( 16 bytes )<br>09/10/10 02:04:30 == : SETKEYID_e ( 16 bytes )<br>09/10/10 02:04:30 == : cipher key ( 16 bytes )<br>09/10/10 02:04:30 == : cipher iv ( 16 bytes )<br>09/10/10 02:04:30 >> : identification payload<br>
09/10/10 02:04:30 >> : certificate payload<br>09/10/10 02:04:30 == : phase1 hash_i ( computed ) ( 16 bytes )<br>09/10/10 02:04:30 >> : signature payload<br>09/10/10 02:04:30 >= : cookies 222ca8d59d7b8431:9c1a4cb064d48a15<br>
09/10/10 02:04:30 >= : message 00000000<br>09/10/10 02:04:30 >= : encrypt iv ( 16 bytes )<br>09/10/10 02:04:30 == : encrypt packet ( 787 bytes )<br>09/10/10 02:04:30 == : stored iv ( 16 bytes )<br>09/10/10 02:04:30 DB : phase1 resend event canceled ( ref count = 1 )<br>
09/10/10 02:04:30 -> : send IKE packet 37.</i><i>xxx.xxx.xxx</i><i>:500 -> 89.</i><i>xxx.xxx.xxx</i><i>:500 ( 824 bytes )<br>09/10/10 02:04:30 DB : phase1 ref decrement ( ref count = 0, obj count = 1 )<br>09/10/10 02:04:35 <- : recv IKE packet 89.</i><i>xxx.xxx.xxx</i><i>:500 -> 37.</i><i>xxx.xxx.xxx</i><i>:500 ( 40 bytes )<br>
09/10/10 02:04:35 DB : phase1 found<br>09/10/10 02:04:35 DB : phase1 ref increment ( ref count = 1, obj count = 1 )<br>09/10/10 02:04:35 ii : processing informational packet ( 40 bytes )<br>09/10/10 02:04:35 == : new informational iv ( 16 bytes )<br>
09/10/10 02:04:35 =< : cookies 222ca8d59d7b8431:9c1a4cb064d48a15<br>09/10/10 02:04:35 =< : message 00000000<br>09/10/10 02:04:35 << : notification payload<br>09/10/10 02:04:35 ii : received peer INVALID-ID-INFORMATION notification<br>
09/10/10 02:04:35 ii : - 89.</i><i>xxx.xxx.xxx</i><i>:500 -> 37.</i><i>xxx.xxx.xxx</i><i>:500<br>09/10/10 02:04:35 ii : - isakmp spi = none<br>09/10/10 02:04:35 ii : - data size 0<br>09/10/10 02:04:35 DB : phase1 ref decrement ( ref count = 0, obj count = 1 )<br>
09/10/10 02:04:41 <- : recv IKE packet 89.</i><i>xxx.xxx.xxx</i><i>:500 -> 37.</i><i>xxx.xxx.xxx</i><i>:500 ( 228 bytes )<br>09/10/10 02:04:41 DB : phase1 found<br>09/10/10 02:04:41 DB : phase1 ref increment ( ref count = 1, obj count = 1 )<br>
09/10/10 02:04:41 ii : processing phase1 packet ( 228 bytes )<br>09/10/10 02:04:41 =< : cookies 222ca8d59d7b8431:9c1a4cb064d48a15<br>09/10/10 02:04:41 =< : message 00000000<br>09/10/10 02:04:41 << : ignoring duplicate key excahnge payload<br>
09/10/10 02:04:41 !! : unprocessed payload data<br>09/10/10 02:04:41 << : ignoring duplicate nonce payload<br>09/10/10 02:04:41 !! : unprocessed payload data<br>09/10/10 02:04:41 !! : unhandled phase1 payload 'unknown' ( 101 )<br>
09/10/10 02:04:41 !! : unprocessed payload data<br>09/10/10 02:04:41 ii : sending peer DELETE message<br>09/10/10 02:04:41 ii : - 37.</i><i>xxx.xxx.xxx</i><i>:500 -> 89.</i><i>xxx.xxx.xxx</i><i>:500<br>09/10/10 02:04:41 ii : - isakmp spi = 222ca8d59d7b8431:9c1a4cb064d48a15<br>
09/10/10 02:04:41 ii : - data size 0<br>09/10/10 02:04:41 >> : hash payload<br>09/10/10 02:04:41 >> : delete payload<br>09/10/10 02:04:41 == : new informational hash ( 16 bytes )<br>09/10/10 02:04:41 == : new informational iv ( 16 bytes )<br>
09/10/10 02:04:41 >= : cookies 222ca8d59d7b8431:9c1a4cb064d48a15<br>09/10/10 02:04:41 >= : message d910492b<br>09/10/10 02:04:41 >= : encrypt iv ( 16 bytes )<br>09/10/10 02:04:41 == : encrypt packet ( 76 bytes )<br>
09/10/10 02:04:41 == : stored iv ( 16 bytes )<br>09/10/10 02:04:41 -> : send IKE packet 37.</i><i>xxx.xxx.xxx</i><i>:500 -> 89.xxx.xxx.xxx:500 ( 104 bytes )<br>09/10/10 02:04:41 ii : phase1 removal before expire time<br>
09/10/10 02:04:41 DB : phase1 deleted ( obj count = 0 )<br>09/10/10 02:04:41 DB : tunnel ref decrement ( ref count = 2, obj count = 1 )<br>09/10/10 02:04:41 DB : policy not found<br>09/10/10 02:04:41 DB : policy not found<br>
09/10/10 02:04:41 DB : tunnel stats event canceled ( ref count = 1 )<br>09/10/10 02:04:41 DB : removing tunnel config references<br>09/10/10 02:04:41 DB : removing tunnel phase2 references<br>09/10/10 02:04:41 DB : removing tunnel phase1 references<br>
09/10/10 02:04:41 DB : tunnel deleted ( obj count = 0 )<br>09/10/10 02:04:41 DB : peer ref decrement ( ref count = 1, obj count = 1 )<br>09/10/10 02:04:41 DB : removing all peer tunnel refrences<br>09/10/10 02:04:41 DB : peer deleted ( obj count = 0 )<br>
09/10/10 02:04:41 ii : ipc client process thread exit ...<br><br><br></i>Ipsec.log instead reports:<i><br><br>09/10/10 02:03:23 ii : inspecting ARP request ...<br>09/10/10 02:03:23 DB : policy not found<br>09/10/10 02:03:23 ii : ignoring ARP request for 37.xxx.xxx.xxx, no policy found<br>
09/10/10 02:04:44 ii : inspecting ARP request ...<br>09/10/10 02:04:44 DB : policy not found<br>09/10/10 02:04:44 ii : ignoring ARP request for 37.xxx.xxx.xxx, no policy found<br><br></i>Shrew Soft VPN Access Manager's main window:<br>
<br><i>configuring client settings ...<br>attached to key daemon ...<br>peer configured<br>iskamp proposal configured<br>esp proposal configured<br>ipcomp proposal configured<br>client configured<br>server cert configured<br>
client cert configured<br>client key configured<br>bringing up tunnel ...<br>invalid message from gateway<br>tunnel disabled<br>detached from key daemon ...</i><br><br><br>Can anybody help me?<br>Thanks a lot!<br><br><br>