I ran the Trace Utility as recommended in an earlier thread:<div><br></div><div><div>12/09/28 13:19:45 ## : IKE Daemon, ver 2.1.7</div><div>12/09/28 13:19:45 ## : Copyright 2010 Shrew Soft Inc.</div><div>12/09/28 13:19:45 ## : This product linked OpenSSL 0.9.8h 28 May 2008</div>
<div>12/09/28 13:19:45 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'</div><div>12/09/28 13:19:45 ii : rebuilding vnet device list ...</div><div>12/09/28 13:19:45 ii : device ROOT\VNET\0000 disabled</div>
<div>12/09/28 13:19:45 ii : device ROOT\VNET\0001 disabled</div><div>12/09/28 13:19:45 ii : network process thread begin ...</div><div>12/09/28 13:19:45 ii : pfkey process thread begin ...</div><div>12/09/28 13:19:45 ii : ipc server process thread begin ...</div>
<div>12/09/28 13:20:03 ii : ipc client process thread begin ...</div><div>12/09/28 13:20:03 <A : peer config add message</div><div>12/09/28 13:20:03 <A : proposal config message</div><div>12/09/28 13:20:03 <A : proposal config message</div>
<div>12/09/28 13:20:03 <A : client config message</div><div>12/09/28 13:20:03 <A : xauth username message</div><div>12/09/28 13:20:03 <A : xauth password message</div><div>12/09/28 13:20:03 <A : local id '<a href="mailto:vpn_client@onixnet.com">vpn_client@onixnet.com</a>' message</div>
<div>12/09/28 13:20:03 <A : remote id '<a href="mailto:vpngw@onixnet.com">vpngw@onixnet.com</a>' message</div><div>12/09/28 13:20:03 <A : preshared key message</div><div>12/09/28 13:20:03 <A : remote resource message</div>
<div>12/09/28 13:20:03 <A : peer tunnel enable message</div><div>12/09/28 13:20:03 ii : local supports XAUTH</div><div>12/09/28 13:20:03 ii : local supports nat-t ( draft v00 )</div><div>12/09/28 13:20:03 ii : local supports nat-t ( draft v01 )</div>
<div>12/09/28 13:20:03 ii : local supports nat-t ( draft v02 )</div><div>12/09/28 13:20:03 ii : local supports nat-t ( draft v03 )</div><div>12/09/28 13:20:03 ii : local supports nat-t ( rfc )</div><div>12/09/28 13:20:03 ii : local supports FRAGMENTATION</div>
<div>12/09/28 13:20:03 ii : local supports DPDv1</div><div>12/09/28 13:20:03 ii : local is SHREW SOFT compatible</div><div>12/09/28 13:20:03 ii : local is NETSCREEN compatible</div><div>12/09/28 13:20:03 ii : local is SIDEWINDER compatible</div>
<div>12/09/28 13:20:03 ii : local is CISCO UNITY compatible</div><div>12/09/28 13:20:03 >= : cookies 7897ffb99c264abe:0000000000000000</div><div>12/09/28 13:20:03 >= : message 00000000</div><div>12/09/28 13:20:08 -> : resend 1 phase1 packet(s) <a href="http://10.0.1.32:500">10.0.1.32:500</a> -> 68.109.xxx.xx:500</div>
<div>12/09/28 13:20:13 -> : resend 1 phase1 packet(s) <a href="http://10.0.1.32:500">10.0.1.32:500</a> -> 68.109.xxx.xx:500</div><div>12/09/28 13:20:18 -> : resend 1 phase1 packet(s) <a href="http://10.0.1.32:500">10.0.1.32:500</a> -> 68.109.xxx.xx:500</div>
<div>12/09/28 13:20:23 ii : resend limit exceeded for phase1 exchange</div><div>12/09/28 13:20:23 ii : phase1 removal before expire time</div><div>12/09/28 13:20:23 DB : removing tunnel config references</div><div>12/09/28 13:20:23 DB : removing tunnel phase2 references</div>
<div>12/09/28 13:20:23 DB : removing tunnel phase1 references</div><div>12/09/28 13:20:23 DB : removing all peer tunnel refrences</div><div>12/09/28 13:20:23 ii : ipc client process thread exit ...</div><div>12/09/28 13:20:27 ii : halt signal received, shutting down</div>
<div>12/09/28 13:20:27 ii : ipc server process thread exit ...</div><div>12/09/28 13:20:27 ii : pfkey process thread exit ...</div><div><br></div><div>Any thoughts?</div><div>Terry</div><div><br></div>
<br><br><div class="gmail_quote">On Fri, Sep 28, 2012 at 1:11 PM, Terry Chambers <span dir="ltr"><<a href="mailto:terry@onixnet.com" target="_blank">terry@onixnet.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>I have the exact same situation with the negotiation timeout. Just started in the last week or so.</div><div><br></div><br clear="all"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
Message: 1<br>
Date: Fri, 28 Sep 2012 16:06:21 +0000<br>
From: Greg King <<a href="mailto:taintedmarmot@hotmail.com" target="_blank">taintedmarmot@hotmail.com</a>><br>
Subject: [vpn-help] Win7 x64 negotiation timeout - no packets sent<br>
To: <<a href="mailto:vpn-help@lists.shrew.net" target="_blank">vpn-help@lists.shrew.net</a>><br>
Message-ID: <BAY146-W49A7E7E6F8BD2698EB1DECA0820@phx.gbl><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
<br>
Hi,<br>
I'm using Shrew 2.2 beta2 to connect from Win7 x64 to a Netgear FVS318v3, but I'm getting a negotiation timeout.<br>
The same machine (dual boot) under Ubuntu 12.04 connects fine with 2.2beta2 client.<br>
What I've tried:I exported shrew configuration from working Ubuntu client and imported it into Win7 client, so shouldn't be any problem there.I've switched off both ZoneAlarm and Windows Firewall. No joy.I've tried running VPN Access Manager as Administrator. No joy.In case it's relevant: previously had openVPN and VirtualBox installed. I uninstalled them, rebooted Windows, uninstalled Shrew, rebooted Windows, reinstalled Shrew, rebooted Windows. Still no joy.Other information:Local Area Connection Properties dialog does have a 'Shrew Soft Lightweight Filter' in the Properties dialog, and the checkbox next to it is ticked.Task Manager lists the following related processes as running: ipseca.exe, ipsecc.exe, ipsect.exeWhen trying to connect, Wireshark (running on the same Win7 box) doesn't detect any UDP/TCP packets on port 500, nor any packets on isakmp filter (but does detect other packets e.g. web browsing).I do see isakmp packets on Ubuntu Wireshark when connecting fr!<br>
om Ubuntu shrew client.The FVS318 and Win7 box are on different subnets, but the connection works under Ubuntu from same machine, so I doubt the router is the problem.<br>
So it seems something under Win7 x64 is stopping the packets getting out onto the network, but I'm at a loss to explain it.<br>
I've been Googling for hours, but can't find a solution. Any help anyone could give would be gratefully received.<br>
Greg<br>
VPN Connect log:attached to key daemon ...peer configurediskamp proposal configuredesp proposal configuredclient configuredlocal id configuredremote id configuredpre-shared key configuredbringing up tunnel ...negotiation timout occurredtunnel disableddetached from key daemon<br>
VPN Trace IKE Service log:12/09/16 20:09:09 ii : ipc client process thread begin ...12/09/16 20:09:09 <A : peer config add message12/09/16 20:09:09 <A : proposal config message12/09/16 20:09:09 <A : proposal config message12/09/16 20:09:09 <A : client config message12/09/16 20:09:09 <A : local id 'fvs_local_grg' message12/09/16 20:09:09 <A : preshared key message12/09/16 20:09:09 <A : remote resource message12/09/16 20:09:09 <A : remote resource message12/09/16 20:09:09 <A : remote resource message12/09/16 20:09:09 <A : peer tunnel enable message12/09/16 20:09:09 ii : local is SHREW SOFT compatible12/09/16 20:09:09 ii : local is NETSCREEN compatible12/09/16 20:09:09 ii : local is SIDEWINDER compatible12/09/16 20:09:09 ii : local is CISCO UNITY compatible12/09/16 20:09:09 >= : cookies 8219a4a29c1c6360:000000000000000012/09/16 20:09:09 >= : message 0000000012/09/16 20:09:14 -> : resend 1 phase1 packet(s) [0/2] <a href="http://10.0.0.10:500" target="_blank">10.0.0.10:500</a> -> <a href="http://192.168.0.100:50012/09/16" target="_blank">192.168.0.100:50012/09/16</a> 20:09:19 -> : resend 1 p!<br>
hase1 packet(s) [1/2] <a href="http://10.0.0.10:500" target="_blank">10.0.0.10:500</a> -> <a href="http://192.168.0.100:50012/09/16" target="_blank">192.168.0.100:50012/09/16</a> 20:09:24 -> : resend 1 phase1 packet(s) [2/2] <a href="http://10.0.0.10:500" target="_blank">10.0.0.10:500</a> -> <a href="http://192.168.0.100:50012/09/16" target="_blank">192.168.0.100:50012/09/16</a> 20:09:29 ii : resend limit exceeded for phase1 exchange12/09/16 20:09:29 ii : phase1 removal before expire time12/09/16 20:09:29 DB : removing tunnel config references12/09/16 20:09:29 DB : removing tunnel phase2 references12/09/16 20:09:29 DB : removing tunnel phase1 references12/09/16 20:09:29 DB : removing all peer tunnel refrences12/09/16 20:09:29 ii : ipc client process thread exit ...<br>
<br>
<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.shrew.net/pipermail/vpn-help/attachments/20120928/a6abf84a/attachment-0001.html" target="_blank">http://lists.shrew.net/pipermail/vpn-help/attachments/20120928/a6abf84a/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
vpn-help mailing list<br>
<a href="mailto:vpn-help@lists.shrew.net" target="_blank">vpn-help@lists.shrew.net</a><br>
<a href="http://lists.shrew.net/mailman/listinfo/vpn-help" target="_blank">http://lists.shrew.net/mailman/listinfo/vpn-help</a><br>
<br>
<br>
End of vpn-help Digest, Vol 72, Issue 6<br>
***************************************<br>
</blockquote></div><br>
</blockquote></div><br></div>