ShrewSoft VPN client no longer works on Windows 8.1 x64











up vote
0
down vote

favorite












I used ShrewSoft VPN to access a few work computers.



A few days ago the password has been changed so I have changed it at the credentials settings.



Since that time, I cannot connect to any of the work computers but all of my co-workers can.



There are 2 scenarios:




  • When trying to connect, I get this message:



negotiation timout occurred




Here is the IKE service log for it:



15/03/04 22:12:55 ii : rebuilding vnet device list ...
15/03/04 22:12:55 ii : device ROOTVNET000 disabled
15/03/04 22:12:55 ii : network process thread begin ...
15/03/04 22:12:55 ii : pfkey process thread begin ...
15/03/04 22:12:55 ii : ipc server process thread begin ...
15/03/04 22:13:01 ii : ipc client process thread begin ...
15/03/04 22:13:01 <A : peer config add message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : client config message
15/03/04 22:13:01 <A : local id 'myserver.company.com' message
15/03/04 22:13:01 <A : preshared key message
15/03/04 22:13:01 <A : remote resource message
15/03/04 22:13:01 <A : peer tunnel enable message
15/03/04 22:13:01 DB : peer added ( obj count = 1 )
15/03/04 22:13:01 ii : local address 192.168.0.100 selected for peer
15/03/04 22:13:01 DB : tunnel added ( obj count = 1 )
15/03/04 22:13:01 DB : new phase1 ( ISAKMP initiator )
15/03/04 22:13:01 DB : exchange type is aggressive
15/03/04 22:13:01 DB : 192.168.0.100:500 <-> REMOTEIP:500
15/03/04 22:13:01 DB : e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 DB : phase1 added ( obj count = 1 )
15/03/04 22:13:01 >> : security association payload
15/03/04 22:13:01 >> : - proposal #1 payload
15/03/04 22:13:01 >> : -- transform #1 payload
15/03/04 22:13:01 >> : key exchange payload
15/03/04 22:13:01 >> : nonce payload
15/03/04 22:13:01 >> : identification payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v00 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v01 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v02 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v03 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( rfc )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports DPDv1
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SHREW SOFT compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is NETSCREEN compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SIDEWINDER compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is CISCO UNITY compatible
15/03/04 22:13:01 >= : cookies e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 >= : message 00000000
15/03/04 22:13:01 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
15/03/04 22:13:01 DB : phase1 resend event scheduled ( ref count = 2 )
15/03/04 22:13:06 -> : resend 1 phase1 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:11 -> : resend 1 phase1 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:16 -> : resend 1 phase1 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:21 ii : resend limit exceeded for phase1 exchange
15/03/04 22:13:21 ii : phase1 removal before expire time
15/03/04 22:13:21 DB : phase1 deleted ( obj count = 0 )
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : removing tunnel config references
15/03/04 22:13:21 DB : removing tunnel phase2 references
15/03/04 22:13:21 DB : removing tunnel phase1 references
15/03/04 22:13:21 DB : tunnel deleted ( obj count = 0 )
15/03/04 22:13:21 DB : removing all peer tunnel references
15/03/04 22:13:21 DB : peer deleted ( obj count = 0 )
15/03/04 22:13:21 ii : ipc client process thread exit ...



  • When sometimes it says that the tunnel enabled, I can't reach any computer.


Here is the IKE service log for it:



 22:16:08 ii : ipc client process thread begin ...
22:16:08 <A : peer config add message
22:16:08 <A : proposal config message
22:16:08 <A : proposal config message
22:16:08 <A : client config message
22:16:08 <A : local id 'myserver.company.com' message
22:16:08 <A : preshared key message
22:16:08 <A : remote resource message
22:16:08 <A : peer tunnel enable message
22:16:08 DB : peer added ( obj count = 1 )
22:16:08 ii : local address 192.168.0.100 selected for peer
22:16:08 DB : tunnel added ( obj count = 1 )
22:16:08 DB : new phase1 ( ISAKMP initiator )
22:16:08 DB : exchange type is aggressive
22:16:08 DB : 192.168.0.100:500 <-> REMOTEIP:500
22:16:08 DB : f232ff98c4937c18:0000000000000000
22:16:08 DB : phase1 added ( obj count = 1 )
22:16:08 >> : security association payload
22:16:08 >> : - proposal #1 payload
22:16:08 >> : -- transform #1 payload
22:16:08 >> : key exchange payload
22:16:08 >> : nonce payload
22:16:08 >> : identification payload
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v00 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v01 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v02 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v03 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( rfc )
22:16:08 >> : vendor id payload
22:16:08 >> : vendor id payload
22:16:08 ii : local supports DPDv1
22:16:08 >> : vendor id payload
22:16:08 ii : local is SHREW SOFT compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is NETSCREEN compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is SIDEWINDER compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is CISCO UNITY compatible
22:16:08 >= : cookies f232ff98c4937c18:0000000000000000
22:16:08 >= : message 00000000
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
22:16:08 DB : phase1 resend event scheduled ( ref count = 2 )
22:16:08 <- : recv IKE packet REMOTEIP:500 -> 192.168.0.100:500 ( 276 bytes )
22:16:08 DB : phase1 found
22:16:08 ii : processing phase1 packet ( 276 bytes )
22:16:08 =< : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 =< : message 00000000
22:16:08 << : security association payload
22:16:08 << : - propsal #1 payload
22:16:08 << : -- transform #1 payload
22:16:08 ii : matched isakmp proposal #1 transform #1
22:16:08 ii : - transform = ike
22:16:08 ii : - cipher type = aes
22:16:08 ii : - key length = 256 bits
22:16:08 ii : - hash type = sha1
22:16:08 ii : - dh group = group2 ( modp-1024 )
22:16:08 ii : - auth type = psk
22:16:08 ii : - life seconds = 28800
22:16:08 ii : - life kbytes = 0
22:16:08 << : key exchange payload
22:16:08 << : nonce payload
22:16:08 << : identification payload
22:16:08 ii : phase1 id match ( natt prevents ip match )
22:16:08 ii : received = ipv4-host REMOTEIP
22:16:08 << : hash payload
22:16:08 ii : nat-t is unsupported by remote peer
22:16:08 == : DH shared secret ( 128 bytes )
22:16:08 == : SETKEYID ( 20 bytes )
22:16:08 == : SETKEYID_d ( 20 bytes )
22:16:08 == : SETKEYID_a ( 20 bytes )
22:16:08 == : SETKEYID_e ( 20 bytes )
22:16:08 == : cipher key ( 32 bytes )
22:16:08 == : cipher iv ( 16 bytes )
22:16:08 == : phase1 hash_i ( computed ) ( 20 bytes )
22:16:08 >> : hash payload
22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 >= : message 00000000
22:16:08 >= : encrypt iv ( 16 bytes )
22:16:08 == : encrypt packet ( 52 bytes )
22:16:08 == : stored iv ( 16 bytes )
22:16:08 DB : phase1 resend event canceled ( ref count = 1 )
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 88 bytes )
22:16:08 == : phase1 hash_r ( computed ) ( 20 bytes )
22:16:08 == : phase1 hash_r ( received ) ( 20 bytes )
22:16:08 ii : phase1 sa established
22:16:08 ii : REMOTEIP:500 <-> 192.168.0.100:500
22:16:08 ii : f232ff98c4937c18:c65052785432b59d
22:16:08 ii : sending peer INITIAL-CONTACT notification
22:16:08 ii : - 192.168.0.100:500 -> REMOTEIP:500
22:16:08 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
22:16:08 ii : - data size 0
22:16:08 >> : hash payload
22:16:08 >> : notification payload
22:16:08 == : new informational hash ( 20 bytes )
22:16:08 == : new informational iv ( 16 bytes )
22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 >= : message 5c5ce9fa
22:16:08 >= : encrypt iv ( 16 bytes )
22:16:08 == : encrypt packet ( 80 bytes )
22:16:08 == : stored iv ( 16 bytes )
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
22:16:08 DB : config added ( obj count = 1 )
22:16:08 ii : configuration method is manual
22:16:08 DB : phase2 not found
22:16:08 ii : enabled adapter ROOTVNET000
22:16:08 ii : adapter ROOTVNET000 unavailable, retrying ...
22:16:09 ii : apapter ROOTVNET000 MTU is 1380
22:16:09 ii : generating IPSEC security policies at UNIQUE level
22:16:09 ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
22:16:09 DB : policy added ( obj count = 1 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : created NONE policy route for REMOTEIP/32
22:16:09 DB : policy added ( obj count = 2 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : creating NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
22:16:09 DB : policy added ( obj count = 3 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
22:16:09 DB : policy added ( obj count = 4 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy added ( obj count = 5 )
22:16:09 DB : policy found
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : creating IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : created IPSEC policy route for VPN_LOCAL_IP/24
22:16:09 DB : policy added ( obj count = 6 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : split DNS is disabled
22:16:12 K< : recv pfkey ACQUIRE UNSPEC message
22:16:12 DB : policy found
22:16:12 DB : policy found
22:16:12 DB : tunnel found
22:16:12 DB : new phase2 ( IPSEC initiator )
22:16:12 DB : phase2 added ( obj count = 1 )
22:16:12 K> : send pfkey GETSPI ESP message
22:16:12 K< : recv pfkey GETSPI ESP message
22:16:12 DB : phase2 found
22:16:12 ii : updated spi for 1 ipsec-esp proposal
22:16:12 DB : phase1 found
22:16:12 >> : hash payload
22:16:12 >> : security association payload
22:16:12 >> : - proposal #1 payload
22:16:12 >> : -- transform #1 payload
22:16:12 >> : nonce payload
22:16:12 >> : key exchange payload
22:16:12 >> : identification payload
22:16:12 >> : identification payload
22:16:12 == : phase2 hash_i ( input ) ( 248 bytes )
22:16:12 == : phase2 hash_i ( computed ) ( 20 bytes )
22:16:12 == : new phase2 iv ( 16 bytes )
22:16:12 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:12 >= : message 4a2d1878
22:16:12 >= : encrypt iv ( 16 bytes )
22:16:12 == : encrypt packet ( 296 bytes )
22:16:12 == : stored iv ( 16 bytes )
22:16:12 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
22:16:12 DB : phase2 resend event scheduled ( ref count = 2 )
22:16:17 -> : resend 1 phase2 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:22 -> : resend 1 phase2 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:27 -> : resend 1 phase2 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:30 K< : recv pfkey ACQUIRE UNSPEC message
22:16:30 DB : policy found
22:16:30 DB : policy found
22:16:30 DB : tunnel found
22:16:30 DB : new phase2 ( IPSEC initiator )
22:16:30 DB : phase2 added ( obj count = 2 )
22:16:30 K> : send pfkey GETSPI ESP message
22:16:30 K< : recv pfkey GETSPI ESP message
22:16:30 DB : phase2 found
22:16:30 ii : updated spi for 1 ipsec-esp proposal
22:16:30 DB : phase1 found
22:16:30 >> : hash payload
22:16:30 >> : security association payload
22:16:30 >> : - proposal #1 payload
22:16:30 >> : -- transform #1 payload
22:16:30 >> : nonce payload
22:16:30 >> : key exchange payload
22:16:30 >> : identification payload
22:16:30 >> : identification payload
22:16:30 == : phase2 hash_i ( input ) ( 248 bytes )
22:16:30 == : phase2 hash_i ( computed ) ( 20 bytes )
22:16:30 == : new phase2 iv ( 16 bytes )
22:16:30 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:30 >= : message b4687a6c
22:16:30 >= : encrypt iv ( 16 bytes )
22:16:30 == : encrypt packet ( 296 bytes )
22:16:30 == : stored iv ( 16 bytes )
22:16:30 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
22:16:30 DB : phase2 resend event scheduled ( ref count = 2 )
22:16:32 <A : peer tunnel disable message
22:16:32 DB : policy found
22:16:32 ii : removing IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 ii : removed IPSEC policy route for ANY:VPN_LOCAL_IP/24:*
22:16:32 DB : policy found
22:16:32 ii : removing NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 ii : removed NONE policy route for ANY:REMOTEIP:*
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 5 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 4 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 3 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 2 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 1 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 0 )
22:16:32 ii : disable adapter ROOTVNET000
22:16:32 DB : tunnel stats event canceled ( ref count = 5 )
22:16:32 DB : removing tunnel config references
22:16:32 DB : config deleted ( obj count = 0 )
22:16:32 DB : removing tunnel phase2 references
22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
22:16:32 ii : phase2 removal before expire time
22:16:32 DB : phase2 deleted ( obj count = 1 )
22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
22:16:32 ii : phase2 removal before expire time
22:16:32 DB : phase2 deleted ( obj count = 0 )
22:16:32 DB : removing tunnel phase1 references
22:16:32 DB : phase1 soft event canceled ( ref count = 3 )
22:16:32 DB : phase1 hard event canceled ( ref count = 2 )
22:16:32 DB : phase1 dead event canceled ( ref count = 1 )
22:16:32 ii : sending peer DELETE message
22:16:32 ii : - 192.168.0.100:500 -> REMOTEIP:500
22:16:32 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
22:16:32 ii : - data size 0
22:16:32 >> : hash payload
22:16:32 >> : delete payload
22:16:32 == : new informational hash ( 20 bytes )
22:16:32 == : new informational iv ( 16 bytes )
22:16:32 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:32 >= : message 66fddf83
22:16:32 >= : encrypt iv ( 16 bytes )
22:16:32 == : encrypt packet ( 80 bytes )
22:16:32 == : stored iv ( 16 bytes )
22:16:32 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
22:16:32 ii : phase1 removal before expire time
22:16:32 DB : phase1 deleted ( obj count = 0 )
22:16:32 DB : tunnel deleted ( obj count = 0 )
22:16:32 DB : removing all peer tunnel references
22:16:32 DB : peer deleted ( obj count = 0 )
22:16:32 ii : ipc client process thread exit ...


This is what I can see:



enter image description here



UPDATE:



This is the log of a working connection:



ii : rebuilding vnet device list ...
ii : device ROOTVNET000 disabled
ii : pfkey process thread begin ...
ii : ipc server process thread begin ...
ii : network process thread begin ...
ii : ipc client process thread begin ...
<A : peer config add message
<A : proposal config message
<A : proposal config message
<A : client config message
<A : local id 'myserver.company.com' message
<A : preshared key message
<A : remote resource message
<A : peer tunnel enable message
DB : peer added ( obj count = 1 )
ii : local address LOCALIP selected for peer
DB : tunnel added ( obj count = 1 )
DB : new phase1 ( ISAKMP initiator )
DB : exchange type is aggressive
DB : LOCALIP:500 <-> REMOTEIP:500
DB : 3cbc1e92c5a533c2:0000000000000000
DB : phase1 added ( obj count = 1 )
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : key exchange payload
>> : nonce payload
>> : identification payload
>> : vendor id payload
ii : local supports nat-t ( draft v00 )
>> : vendor id payload
ii : local supports nat-t ( draft v01 )
>> : vendor id payload
ii : local supports nat-t ( draft v02 )
>> : vendor id payload
ii : local supports nat-t ( draft v03 )
>> : vendor id payload
ii : local supports nat-t ( rfc )
>> : vendor id payload
>> : vendor id payload
ii : local supports DPDv1
>> : vendor id payload
ii : local is SHREW SOFT compatible
>> : vendor id payload
ii : local is NETSCREEN compatible
>> : vendor id payload
ii : local is SIDEWINDER compatible
>> : vendor id payload
ii : local is CISCO UNITY compatible
>= : cookies 3cbc1e92c5a533c2:0000000000000000
>= : message 00000000
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 520 bytes )
DB : phase1 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 276 bytes )
DB : phase1 found
ii : processing phase1 packet ( 276 bytes )
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 00000000
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #1 payload
ii : matched isakmp proposal #1 transform #1
ii : - transform = ike
ii : - cipher type = aes
ii : - key length = 256 bits
ii : - hash type = sha1
ii : - dh group = group2 ( modp-1024 )
ii : - auth type = psk
ii : - life seconds = 28800
ii : - life kbytes = 0
<< : key exchange payload
<< : nonce payload
<< : identification payload
ii : phase1 id match ( natt prevents ip match )
ii : received = ipv4-host REMOTEIP
<< : hash payload
ii : nat-t is unsupported by remote peer
== : DH shared secret ( 128 bytes )
== : SETKEYID ( 20 bytes )
== : SETKEYID_d ( 20 bytes )
== : SETKEYID_a ( 20 bytes )
== : SETKEYID_e ( 20 bytes )
== : cipher key ( 32 bytes )
== : cipher iv ( 16 bytes )
== : phase1 hash_i ( computed ) ( 20 bytes )
>> : hash payload
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 00000000
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase1 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : phase1 hash_r ( computed ) ( 20 bytes )
== : phase1 hash_r ( received ) ( 20 bytes )
ii : phase1 sa established
ii : REMOTEIP:500 <-> LOCALIP:500
ii : 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : sending peer INITIAL-CONTACT notification
ii : - LOCALIP:500 -> REMOTEIP:500
ii : - isakmp spi = 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : - data size 0
>> : hash payload
>> : notification payload
== : new informational hash ( 20 bytes )
== : new informational iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 7061fc09
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 80 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 120 bytes )
DB : config added ( obj count = 1 )
ii : configuration method is manual
DB : phase2 not found
ii : enabled adapter ROOTVNET000
ii : adapter ROOTVNET000 unavailable, retrying ...
ii : apapter ROOTVNET000 MTU is 1380
ii : generating IPSEC security policies at UNIQUE level
ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:LOCALIP:*
DB : policy added ( obj count = 1 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating NONE OUTBOUND policy ANY:LOCALIP:* -> ANY:REMOTEIP:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created NONE policy route for REMOTEIP/32
DB : policy added ( obj count = 2 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : creating IPSEC INBOUND policy ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
DB : policy added ( obj count = 3 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating IPSEC OUTBOUND policy ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created IPSEC policy route for VPN_IP/24
DB : policy added ( obj count = 4 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : split DNS is disabled
K< : recv pfkey ACQUIRE UNSPEC message
DB : policy found
DB : policy found
DB : tunnel found
DB : new phase2 ( IPSEC initiator )
DB : phase2 added ( obj count = 1 )
K> : send pfkey GETSPI ESP message
K< : recv pfkey GETSPI ESP message
DB : phase2 found
ii : updated spi for 1 ipsec-esp proposal
DB : phase1 found
>> : hash payload
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : nonce payload
>> : key exchange payload
>> : identification payload
>> : identification payload
== : phase2 hash_i ( input ) ( 248 bytes )
== : phase2 hash_i ( computed ) ( 20 bytes )
== : new phase2 iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 296 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 328 bytes )
DB : phase2 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 300 bytes )
DB : phase1 found
ii : processing phase2 packet ( 300 bytes )
DB : phase2 found
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 907d2142
=< : decrypt iv ( 16 bytes )
== : decrypt packet ( 300 bytes )
<= : trimmed packet padding ( 8 bytes )
<= : stored iv ( 16 bytes )
<< : hash payload
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #1 payload
<< : nonce payload
<< : key exchange payload
<< : identification payload
<< : identification payload
== : phase2 hash_r ( input ) ( 264 bytes )
== : phase2 hash_r ( computed ) ( 20 bytes )
== : phase2 hash_r ( received ) ( 20 bytes )
ii : matched ipsec-esp proposal #1 transform #1
ii : - transform = esp-aes
ii : - key length = 256 bits
ii : - encap mode = tunnel
ii : - msg auth = hmac-sha1
ii : - pfs dh group = group2 ( modp-1024 )
ii : - life seconds = 3600
ii : - life kbytes = 0
DB : policy found
K> : send pfkey GETSPI ESP message
ii : phase2 ids accepted
ii : - loc ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
ii : - rmt ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
ii : phase2 sa established
ii : LOCALIP:500 <-> REMOTEIP:500
== : phase2 hash_p ( input ) ( 41 bytes )
== : phase2 hash_p ( computed ) ( 20 bytes )
>> : hash payload
K< : recv pfkey GETSPI ESP message
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
DB : phase2 found
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase2 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : PFS DH shared secret ( 128 bytes )
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message


I've already reinstalled the software. What has gone wrong? What should I do?










share|improve this question
























  • After 15/03/04 22:16:32 <A : peer tunnel disable message log looks like things start getting torn down, instead of built. Are you sure you're not disabled? Have you tried comparing logs to co-workers' successful connections? Have you tried re-install (maybe a dumb approach, but may fix some potential issues). Also, be careful about consistent filtering. You blob out the "Remote Host" in picture, but log shows IP addresses. (Not really any real security problem in this case since both 192.168.0.1 and 192.168.17.7 are in RFC 1918 range.)
    – TOOGAM
    Mar 4 '15 at 23:01










  • @TOOGAM: See the update initial post. We share the same configuration file. I'm not disabled, so we can't tell why I can't establish a working connection.
    – Nestor
    Mar 5 '15 at 11:42

















up vote
0
down vote

favorite












I used ShrewSoft VPN to access a few work computers.



A few days ago the password has been changed so I have changed it at the credentials settings.



Since that time, I cannot connect to any of the work computers but all of my co-workers can.



There are 2 scenarios:




  • When trying to connect, I get this message:



negotiation timout occurred




Here is the IKE service log for it:



15/03/04 22:12:55 ii : rebuilding vnet device list ...
15/03/04 22:12:55 ii : device ROOTVNET000 disabled
15/03/04 22:12:55 ii : network process thread begin ...
15/03/04 22:12:55 ii : pfkey process thread begin ...
15/03/04 22:12:55 ii : ipc server process thread begin ...
15/03/04 22:13:01 ii : ipc client process thread begin ...
15/03/04 22:13:01 <A : peer config add message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : client config message
15/03/04 22:13:01 <A : local id 'myserver.company.com' message
15/03/04 22:13:01 <A : preshared key message
15/03/04 22:13:01 <A : remote resource message
15/03/04 22:13:01 <A : peer tunnel enable message
15/03/04 22:13:01 DB : peer added ( obj count = 1 )
15/03/04 22:13:01 ii : local address 192.168.0.100 selected for peer
15/03/04 22:13:01 DB : tunnel added ( obj count = 1 )
15/03/04 22:13:01 DB : new phase1 ( ISAKMP initiator )
15/03/04 22:13:01 DB : exchange type is aggressive
15/03/04 22:13:01 DB : 192.168.0.100:500 <-> REMOTEIP:500
15/03/04 22:13:01 DB : e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 DB : phase1 added ( obj count = 1 )
15/03/04 22:13:01 >> : security association payload
15/03/04 22:13:01 >> : - proposal #1 payload
15/03/04 22:13:01 >> : -- transform #1 payload
15/03/04 22:13:01 >> : key exchange payload
15/03/04 22:13:01 >> : nonce payload
15/03/04 22:13:01 >> : identification payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v00 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v01 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v02 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v03 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( rfc )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports DPDv1
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SHREW SOFT compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is NETSCREEN compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SIDEWINDER compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is CISCO UNITY compatible
15/03/04 22:13:01 >= : cookies e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 >= : message 00000000
15/03/04 22:13:01 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
15/03/04 22:13:01 DB : phase1 resend event scheduled ( ref count = 2 )
15/03/04 22:13:06 -> : resend 1 phase1 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:11 -> : resend 1 phase1 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:16 -> : resend 1 phase1 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:21 ii : resend limit exceeded for phase1 exchange
15/03/04 22:13:21 ii : phase1 removal before expire time
15/03/04 22:13:21 DB : phase1 deleted ( obj count = 0 )
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : removing tunnel config references
15/03/04 22:13:21 DB : removing tunnel phase2 references
15/03/04 22:13:21 DB : removing tunnel phase1 references
15/03/04 22:13:21 DB : tunnel deleted ( obj count = 0 )
15/03/04 22:13:21 DB : removing all peer tunnel references
15/03/04 22:13:21 DB : peer deleted ( obj count = 0 )
15/03/04 22:13:21 ii : ipc client process thread exit ...



  • When sometimes it says that the tunnel enabled, I can't reach any computer.


Here is the IKE service log for it:



 22:16:08 ii : ipc client process thread begin ...
22:16:08 <A : peer config add message
22:16:08 <A : proposal config message
22:16:08 <A : proposal config message
22:16:08 <A : client config message
22:16:08 <A : local id 'myserver.company.com' message
22:16:08 <A : preshared key message
22:16:08 <A : remote resource message
22:16:08 <A : peer tunnel enable message
22:16:08 DB : peer added ( obj count = 1 )
22:16:08 ii : local address 192.168.0.100 selected for peer
22:16:08 DB : tunnel added ( obj count = 1 )
22:16:08 DB : new phase1 ( ISAKMP initiator )
22:16:08 DB : exchange type is aggressive
22:16:08 DB : 192.168.0.100:500 <-> REMOTEIP:500
22:16:08 DB : f232ff98c4937c18:0000000000000000
22:16:08 DB : phase1 added ( obj count = 1 )
22:16:08 >> : security association payload
22:16:08 >> : - proposal #1 payload
22:16:08 >> : -- transform #1 payload
22:16:08 >> : key exchange payload
22:16:08 >> : nonce payload
22:16:08 >> : identification payload
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v00 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v01 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v02 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v03 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( rfc )
22:16:08 >> : vendor id payload
22:16:08 >> : vendor id payload
22:16:08 ii : local supports DPDv1
22:16:08 >> : vendor id payload
22:16:08 ii : local is SHREW SOFT compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is NETSCREEN compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is SIDEWINDER compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is CISCO UNITY compatible
22:16:08 >= : cookies f232ff98c4937c18:0000000000000000
22:16:08 >= : message 00000000
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
22:16:08 DB : phase1 resend event scheduled ( ref count = 2 )
22:16:08 <- : recv IKE packet REMOTEIP:500 -> 192.168.0.100:500 ( 276 bytes )
22:16:08 DB : phase1 found
22:16:08 ii : processing phase1 packet ( 276 bytes )
22:16:08 =< : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 =< : message 00000000
22:16:08 << : security association payload
22:16:08 << : - propsal #1 payload
22:16:08 << : -- transform #1 payload
22:16:08 ii : matched isakmp proposal #1 transform #1
22:16:08 ii : - transform = ike
22:16:08 ii : - cipher type = aes
22:16:08 ii : - key length = 256 bits
22:16:08 ii : - hash type = sha1
22:16:08 ii : - dh group = group2 ( modp-1024 )
22:16:08 ii : - auth type = psk
22:16:08 ii : - life seconds = 28800
22:16:08 ii : - life kbytes = 0
22:16:08 << : key exchange payload
22:16:08 << : nonce payload
22:16:08 << : identification payload
22:16:08 ii : phase1 id match ( natt prevents ip match )
22:16:08 ii : received = ipv4-host REMOTEIP
22:16:08 << : hash payload
22:16:08 ii : nat-t is unsupported by remote peer
22:16:08 == : DH shared secret ( 128 bytes )
22:16:08 == : SETKEYID ( 20 bytes )
22:16:08 == : SETKEYID_d ( 20 bytes )
22:16:08 == : SETKEYID_a ( 20 bytes )
22:16:08 == : SETKEYID_e ( 20 bytes )
22:16:08 == : cipher key ( 32 bytes )
22:16:08 == : cipher iv ( 16 bytes )
22:16:08 == : phase1 hash_i ( computed ) ( 20 bytes )
22:16:08 >> : hash payload
22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 >= : message 00000000
22:16:08 >= : encrypt iv ( 16 bytes )
22:16:08 == : encrypt packet ( 52 bytes )
22:16:08 == : stored iv ( 16 bytes )
22:16:08 DB : phase1 resend event canceled ( ref count = 1 )
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 88 bytes )
22:16:08 == : phase1 hash_r ( computed ) ( 20 bytes )
22:16:08 == : phase1 hash_r ( received ) ( 20 bytes )
22:16:08 ii : phase1 sa established
22:16:08 ii : REMOTEIP:500 <-> 192.168.0.100:500
22:16:08 ii : f232ff98c4937c18:c65052785432b59d
22:16:08 ii : sending peer INITIAL-CONTACT notification
22:16:08 ii : - 192.168.0.100:500 -> REMOTEIP:500
22:16:08 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
22:16:08 ii : - data size 0
22:16:08 >> : hash payload
22:16:08 >> : notification payload
22:16:08 == : new informational hash ( 20 bytes )
22:16:08 == : new informational iv ( 16 bytes )
22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 >= : message 5c5ce9fa
22:16:08 >= : encrypt iv ( 16 bytes )
22:16:08 == : encrypt packet ( 80 bytes )
22:16:08 == : stored iv ( 16 bytes )
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
22:16:08 DB : config added ( obj count = 1 )
22:16:08 ii : configuration method is manual
22:16:08 DB : phase2 not found
22:16:08 ii : enabled adapter ROOTVNET000
22:16:08 ii : adapter ROOTVNET000 unavailable, retrying ...
22:16:09 ii : apapter ROOTVNET000 MTU is 1380
22:16:09 ii : generating IPSEC security policies at UNIQUE level
22:16:09 ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
22:16:09 DB : policy added ( obj count = 1 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : created NONE policy route for REMOTEIP/32
22:16:09 DB : policy added ( obj count = 2 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : creating NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
22:16:09 DB : policy added ( obj count = 3 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
22:16:09 DB : policy added ( obj count = 4 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy added ( obj count = 5 )
22:16:09 DB : policy found
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : creating IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : created IPSEC policy route for VPN_LOCAL_IP/24
22:16:09 DB : policy added ( obj count = 6 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : split DNS is disabled
22:16:12 K< : recv pfkey ACQUIRE UNSPEC message
22:16:12 DB : policy found
22:16:12 DB : policy found
22:16:12 DB : tunnel found
22:16:12 DB : new phase2 ( IPSEC initiator )
22:16:12 DB : phase2 added ( obj count = 1 )
22:16:12 K> : send pfkey GETSPI ESP message
22:16:12 K< : recv pfkey GETSPI ESP message
22:16:12 DB : phase2 found
22:16:12 ii : updated spi for 1 ipsec-esp proposal
22:16:12 DB : phase1 found
22:16:12 >> : hash payload
22:16:12 >> : security association payload
22:16:12 >> : - proposal #1 payload
22:16:12 >> : -- transform #1 payload
22:16:12 >> : nonce payload
22:16:12 >> : key exchange payload
22:16:12 >> : identification payload
22:16:12 >> : identification payload
22:16:12 == : phase2 hash_i ( input ) ( 248 bytes )
22:16:12 == : phase2 hash_i ( computed ) ( 20 bytes )
22:16:12 == : new phase2 iv ( 16 bytes )
22:16:12 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:12 >= : message 4a2d1878
22:16:12 >= : encrypt iv ( 16 bytes )
22:16:12 == : encrypt packet ( 296 bytes )
22:16:12 == : stored iv ( 16 bytes )
22:16:12 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
22:16:12 DB : phase2 resend event scheduled ( ref count = 2 )
22:16:17 -> : resend 1 phase2 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:22 -> : resend 1 phase2 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:27 -> : resend 1 phase2 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:30 K< : recv pfkey ACQUIRE UNSPEC message
22:16:30 DB : policy found
22:16:30 DB : policy found
22:16:30 DB : tunnel found
22:16:30 DB : new phase2 ( IPSEC initiator )
22:16:30 DB : phase2 added ( obj count = 2 )
22:16:30 K> : send pfkey GETSPI ESP message
22:16:30 K< : recv pfkey GETSPI ESP message
22:16:30 DB : phase2 found
22:16:30 ii : updated spi for 1 ipsec-esp proposal
22:16:30 DB : phase1 found
22:16:30 >> : hash payload
22:16:30 >> : security association payload
22:16:30 >> : - proposal #1 payload
22:16:30 >> : -- transform #1 payload
22:16:30 >> : nonce payload
22:16:30 >> : key exchange payload
22:16:30 >> : identification payload
22:16:30 >> : identification payload
22:16:30 == : phase2 hash_i ( input ) ( 248 bytes )
22:16:30 == : phase2 hash_i ( computed ) ( 20 bytes )
22:16:30 == : new phase2 iv ( 16 bytes )
22:16:30 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:30 >= : message b4687a6c
22:16:30 >= : encrypt iv ( 16 bytes )
22:16:30 == : encrypt packet ( 296 bytes )
22:16:30 == : stored iv ( 16 bytes )
22:16:30 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
22:16:30 DB : phase2 resend event scheduled ( ref count = 2 )
22:16:32 <A : peer tunnel disable message
22:16:32 DB : policy found
22:16:32 ii : removing IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 ii : removed IPSEC policy route for ANY:VPN_LOCAL_IP/24:*
22:16:32 DB : policy found
22:16:32 ii : removing NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 ii : removed NONE policy route for ANY:REMOTEIP:*
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 5 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 4 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 3 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 2 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 1 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 0 )
22:16:32 ii : disable adapter ROOTVNET000
22:16:32 DB : tunnel stats event canceled ( ref count = 5 )
22:16:32 DB : removing tunnel config references
22:16:32 DB : config deleted ( obj count = 0 )
22:16:32 DB : removing tunnel phase2 references
22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
22:16:32 ii : phase2 removal before expire time
22:16:32 DB : phase2 deleted ( obj count = 1 )
22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
22:16:32 ii : phase2 removal before expire time
22:16:32 DB : phase2 deleted ( obj count = 0 )
22:16:32 DB : removing tunnel phase1 references
22:16:32 DB : phase1 soft event canceled ( ref count = 3 )
22:16:32 DB : phase1 hard event canceled ( ref count = 2 )
22:16:32 DB : phase1 dead event canceled ( ref count = 1 )
22:16:32 ii : sending peer DELETE message
22:16:32 ii : - 192.168.0.100:500 -> REMOTEIP:500
22:16:32 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
22:16:32 ii : - data size 0
22:16:32 >> : hash payload
22:16:32 >> : delete payload
22:16:32 == : new informational hash ( 20 bytes )
22:16:32 == : new informational iv ( 16 bytes )
22:16:32 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:32 >= : message 66fddf83
22:16:32 >= : encrypt iv ( 16 bytes )
22:16:32 == : encrypt packet ( 80 bytes )
22:16:32 == : stored iv ( 16 bytes )
22:16:32 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
22:16:32 ii : phase1 removal before expire time
22:16:32 DB : phase1 deleted ( obj count = 0 )
22:16:32 DB : tunnel deleted ( obj count = 0 )
22:16:32 DB : removing all peer tunnel references
22:16:32 DB : peer deleted ( obj count = 0 )
22:16:32 ii : ipc client process thread exit ...


This is what I can see:



enter image description here



UPDATE:



This is the log of a working connection:



ii : rebuilding vnet device list ...
ii : device ROOTVNET000 disabled
ii : pfkey process thread begin ...
ii : ipc server process thread begin ...
ii : network process thread begin ...
ii : ipc client process thread begin ...
<A : peer config add message
<A : proposal config message
<A : proposal config message
<A : client config message
<A : local id 'myserver.company.com' message
<A : preshared key message
<A : remote resource message
<A : peer tunnel enable message
DB : peer added ( obj count = 1 )
ii : local address LOCALIP selected for peer
DB : tunnel added ( obj count = 1 )
DB : new phase1 ( ISAKMP initiator )
DB : exchange type is aggressive
DB : LOCALIP:500 <-> REMOTEIP:500
DB : 3cbc1e92c5a533c2:0000000000000000
DB : phase1 added ( obj count = 1 )
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : key exchange payload
>> : nonce payload
>> : identification payload
>> : vendor id payload
ii : local supports nat-t ( draft v00 )
>> : vendor id payload
ii : local supports nat-t ( draft v01 )
>> : vendor id payload
ii : local supports nat-t ( draft v02 )
>> : vendor id payload
ii : local supports nat-t ( draft v03 )
>> : vendor id payload
ii : local supports nat-t ( rfc )
>> : vendor id payload
>> : vendor id payload
ii : local supports DPDv1
>> : vendor id payload
ii : local is SHREW SOFT compatible
>> : vendor id payload
ii : local is NETSCREEN compatible
>> : vendor id payload
ii : local is SIDEWINDER compatible
>> : vendor id payload
ii : local is CISCO UNITY compatible
>= : cookies 3cbc1e92c5a533c2:0000000000000000
>= : message 00000000
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 520 bytes )
DB : phase1 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 276 bytes )
DB : phase1 found
ii : processing phase1 packet ( 276 bytes )
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 00000000
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #1 payload
ii : matched isakmp proposal #1 transform #1
ii : - transform = ike
ii : - cipher type = aes
ii : - key length = 256 bits
ii : - hash type = sha1
ii : - dh group = group2 ( modp-1024 )
ii : - auth type = psk
ii : - life seconds = 28800
ii : - life kbytes = 0
<< : key exchange payload
<< : nonce payload
<< : identification payload
ii : phase1 id match ( natt prevents ip match )
ii : received = ipv4-host REMOTEIP
<< : hash payload
ii : nat-t is unsupported by remote peer
== : DH shared secret ( 128 bytes )
== : SETKEYID ( 20 bytes )
== : SETKEYID_d ( 20 bytes )
== : SETKEYID_a ( 20 bytes )
== : SETKEYID_e ( 20 bytes )
== : cipher key ( 32 bytes )
== : cipher iv ( 16 bytes )
== : phase1 hash_i ( computed ) ( 20 bytes )
>> : hash payload
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 00000000
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase1 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : phase1 hash_r ( computed ) ( 20 bytes )
== : phase1 hash_r ( received ) ( 20 bytes )
ii : phase1 sa established
ii : REMOTEIP:500 <-> LOCALIP:500
ii : 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : sending peer INITIAL-CONTACT notification
ii : - LOCALIP:500 -> REMOTEIP:500
ii : - isakmp spi = 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : - data size 0
>> : hash payload
>> : notification payload
== : new informational hash ( 20 bytes )
== : new informational iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 7061fc09
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 80 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 120 bytes )
DB : config added ( obj count = 1 )
ii : configuration method is manual
DB : phase2 not found
ii : enabled adapter ROOTVNET000
ii : adapter ROOTVNET000 unavailable, retrying ...
ii : apapter ROOTVNET000 MTU is 1380
ii : generating IPSEC security policies at UNIQUE level
ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:LOCALIP:*
DB : policy added ( obj count = 1 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating NONE OUTBOUND policy ANY:LOCALIP:* -> ANY:REMOTEIP:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created NONE policy route for REMOTEIP/32
DB : policy added ( obj count = 2 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : creating IPSEC INBOUND policy ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
DB : policy added ( obj count = 3 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating IPSEC OUTBOUND policy ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created IPSEC policy route for VPN_IP/24
DB : policy added ( obj count = 4 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : split DNS is disabled
K< : recv pfkey ACQUIRE UNSPEC message
DB : policy found
DB : policy found
DB : tunnel found
DB : new phase2 ( IPSEC initiator )
DB : phase2 added ( obj count = 1 )
K> : send pfkey GETSPI ESP message
K< : recv pfkey GETSPI ESP message
DB : phase2 found
ii : updated spi for 1 ipsec-esp proposal
DB : phase1 found
>> : hash payload
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : nonce payload
>> : key exchange payload
>> : identification payload
>> : identification payload
== : phase2 hash_i ( input ) ( 248 bytes )
== : phase2 hash_i ( computed ) ( 20 bytes )
== : new phase2 iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 296 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 328 bytes )
DB : phase2 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 300 bytes )
DB : phase1 found
ii : processing phase2 packet ( 300 bytes )
DB : phase2 found
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 907d2142
=< : decrypt iv ( 16 bytes )
== : decrypt packet ( 300 bytes )
<= : trimmed packet padding ( 8 bytes )
<= : stored iv ( 16 bytes )
<< : hash payload
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #1 payload
<< : nonce payload
<< : key exchange payload
<< : identification payload
<< : identification payload
== : phase2 hash_r ( input ) ( 264 bytes )
== : phase2 hash_r ( computed ) ( 20 bytes )
== : phase2 hash_r ( received ) ( 20 bytes )
ii : matched ipsec-esp proposal #1 transform #1
ii : - transform = esp-aes
ii : - key length = 256 bits
ii : - encap mode = tunnel
ii : - msg auth = hmac-sha1
ii : - pfs dh group = group2 ( modp-1024 )
ii : - life seconds = 3600
ii : - life kbytes = 0
DB : policy found
K> : send pfkey GETSPI ESP message
ii : phase2 ids accepted
ii : - loc ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
ii : - rmt ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
ii : phase2 sa established
ii : LOCALIP:500 <-> REMOTEIP:500
== : phase2 hash_p ( input ) ( 41 bytes )
== : phase2 hash_p ( computed ) ( 20 bytes )
>> : hash payload
K< : recv pfkey GETSPI ESP message
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
DB : phase2 found
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase2 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : PFS DH shared secret ( 128 bytes )
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message


I've already reinstalled the software. What has gone wrong? What should I do?










share|improve this question
























  • After 15/03/04 22:16:32 <A : peer tunnel disable message log looks like things start getting torn down, instead of built. Are you sure you're not disabled? Have you tried comparing logs to co-workers' successful connections? Have you tried re-install (maybe a dumb approach, but may fix some potential issues). Also, be careful about consistent filtering. You blob out the "Remote Host" in picture, but log shows IP addresses. (Not really any real security problem in this case since both 192.168.0.1 and 192.168.17.7 are in RFC 1918 range.)
    – TOOGAM
    Mar 4 '15 at 23:01










  • @TOOGAM: See the update initial post. We share the same configuration file. I'm not disabled, so we can't tell why I can't establish a working connection.
    – Nestor
    Mar 5 '15 at 11:42















up vote
0
down vote

favorite









up vote
0
down vote

favorite











I used ShrewSoft VPN to access a few work computers.



A few days ago the password has been changed so I have changed it at the credentials settings.



Since that time, I cannot connect to any of the work computers but all of my co-workers can.



There are 2 scenarios:




  • When trying to connect, I get this message:



negotiation timout occurred




Here is the IKE service log for it:



15/03/04 22:12:55 ii : rebuilding vnet device list ...
15/03/04 22:12:55 ii : device ROOTVNET000 disabled
15/03/04 22:12:55 ii : network process thread begin ...
15/03/04 22:12:55 ii : pfkey process thread begin ...
15/03/04 22:12:55 ii : ipc server process thread begin ...
15/03/04 22:13:01 ii : ipc client process thread begin ...
15/03/04 22:13:01 <A : peer config add message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : client config message
15/03/04 22:13:01 <A : local id 'myserver.company.com' message
15/03/04 22:13:01 <A : preshared key message
15/03/04 22:13:01 <A : remote resource message
15/03/04 22:13:01 <A : peer tunnel enable message
15/03/04 22:13:01 DB : peer added ( obj count = 1 )
15/03/04 22:13:01 ii : local address 192.168.0.100 selected for peer
15/03/04 22:13:01 DB : tunnel added ( obj count = 1 )
15/03/04 22:13:01 DB : new phase1 ( ISAKMP initiator )
15/03/04 22:13:01 DB : exchange type is aggressive
15/03/04 22:13:01 DB : 192.168.0.100:500 <-> REMOTEIP:500
15/03/04 22:13:01 DB : e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 DB : phase1 added ( obj count = 1 )
15/03/04 22:13:01 >> : security association payload
15/03/04 22:13:01 >> : - proposal #1 payload
15/03/04 22:13:01 >> : -- transform #1 payload
15/03/04 22:13:01 >> : key exchange payload
15/03/04 22:13:01 >> : nonce payload
15/03/04 22:13:01 >> : identification payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v00 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v01 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v02 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v03 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( rfc )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports DPDv1
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SHREW SOFT compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is NETSCREEN compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SIDEWINDER compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is CISCO UNITY compatible
15/03/04 22:13:01 >= : cookies e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 >= : message 00000000
15/03/04 22:13:01 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
15/03/04 22:13:01 DB : phase1 resend event scheduled ( ref count = 2 )
15/03/04 22:13:06 -> : resend 1 phase1 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:11 -> : resend 1 phase1 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:16 -> : resend 1 phase1 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:21 ii : resend limit exceeded for phase1 exchange
15/03/04 22:13:21 ii : phase1 removal before expire time
15/03/04 22:13:21 DB : phase1 deleted ( obj count = 0 )
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : removing tunnel config references
15/03/04 22:13:21 DB : removing tunnel phase2 references
15/03/04 22:13:21 DB : removing tunnel phase1 references
15/03/04 22:13:21 DB : tunnel deleted ( obj count = 0 )
15/03/04 22:13:21 DB : removing all peer tunnel references
15/03/04 22:13:21 DB : peer deleted ( obj count = 0 )
15/03/04 22:13:21 ii : ipc client process thread exit ...



  • When sometimes it says that the tunnel enabled, I can't reach any computer.


Here is the IKE service log for it:



 22:16:08 ii : ipc client process thread begin ...
22:16:08 <A : peer config add message
22:16:08 <A : proposal config message
22:16:08 <A : proposal config message
22:16:08 <A : client config message
22:16:08 <A : local id 'myserver.company.com' message
22:16:08 <A : preshared key message
22:16:08 <A : remote resource message
22:16:08 <A : peer tunnel enable message
22:16:08 DB : peer added ( obj count = 1 )
22:16:08 ii : local address 192.168.0.100 selected for peer
22:16:08 DB : tunnel added ( obj count = 1 )
22:16:08 DB : new phase1 ( ISAKMP initiator )
22:16:08 DB : exchange type is aggressive
22:16:08 DB : 192.168.0.100:500 <-> REMOTEIP:500
22:16:08 DB : f232ff98c4937c18:0000000000000000
22:16:08 DB : phase1 added ( obj count = 1 )
22:16:08 >> : security association payload
22:16:08 >> : - proposal #1 payload
22:16:08 >> : -- transform #1 payload
22:16:08 >> : key exchange payload
22:16:08 >> : nonce payload
22:16:08 >> : identification payload
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v00 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v01 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v02 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v03 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( rfc )
22:16:08 >> : vendor id payload
22:16:08 >> : vendor id payload
22:16:08 ii : local supports DPDv1
22:16:08 >> : vendor id payload
22:16:08 ii : local is SHREW SOFT compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is NETSCREEN compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is SIDEWINDER compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is CISCO UNITY compatible
22:16:08 >= : cookies f232ff98c4937c18:0000000000000000
22:16:08 >= : message 00000000
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
22:16:08 DB : phase1 resend event scheduled ( ref count = 2 )
22:16:08 <- : recv IKE packet REMOTEIP:500 -> 192.168.0.100:500 ( 276 bytes )
22:16:08 DB : phase1 found
22:16:08 ii : processing phase1 packet ( 276 bytes )
22:16:08 =< : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 =< : message 00000000
22:16:08 << : security association payload
22:16:08 << : - propsal #1 payload
22:16:08 << : -- transform #1 payload
22:16:08 ii : matched isakmp proposal #1 transform #1
22:16:08 ii : - transform = ike
22:16:08 ii : - cipher type = aes
22:16:08 ii : - key length = 256 bits
22:16:08 ii : - hash type = sha1
22:16:08 ii : - dh group = group2 ( modp-1024 )
22:16:08 ii : - auth type = psk
22:16:08 ii : - life seconds = 28800
22:16:08 ii : - life kbytes = 0
22:16:08 << : key exchange payload
22:16:08 << : nonce payload
22:16:08 << : identification payload
22:16:08 ii : phase1 id match ( natt prevents ip match )
22:16:08 ii : received = ipv4-host REMOTEIP
22:16:08 << : hash payload
22:16:08 ii : nat-t is unsupported by remote peer
22:16:08 == : DH shared secret ( 128 bytes )
22:16:08 == : SETKEYID ( 20 bytes )
22:16:08 == : SETKEYID_d ( 20 bytes )
22:16:08 == : SETKEYID_a ( 20 bytes )
22:16:08 == : SETKEYID_e ( 20 bytes )
22:16:08 == : cipher key ( 32 bytes )
22:16:08 == : cipher iv ( 16 bytes )
22:16:08 == : phase1 hash_i ( computed ) ( 20 bytes )
22:16:08 >> : hash payload
22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 >= : message 00000000
22:16:08 >= : encrypt iv ( 16 bytes )
22:16:08 == : encrypt packet ( 52 bytes )
22:16:08 == : stored iv ( 16 bytes )
22:16:08 DB : phase1 resend event canceled ( ref count = 1 )
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 88 bytes )
22:16:08 == : phase1 hash_r ( computed ) ( 20 bytes )
22:16:08 == : phase1 hash_r ( received ) ( 20 bytes )
22:16:08 ii : phase1 sa established
22:16:08 ii : REMOTEIP:500 <-> 192.168.0.100:500
22:16:08 ii : f232ff98c4937c18:c65052785432b59d
22:16:08 ii : sending peer INITIAL-CONTACT notification
22:16:08 ii : - 192.168.0.100:500 -> REMOTEIP:500
22:16:08 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
22:16:08 ii : - data size 0
22:16:08 >> : hash payload
22:16:08 >> : notification payload
22:16:08 == : new informational hash ( 20 bytes )
22:16:08 == : new informational iv ( 16 bytes )
22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 >= : message 5c5ce9fa
22:16:08 >= : encrypt iv ( 16 bytes )
22:16:08 == : encrypt packet ( 80 bytes )
22:16:08 == : stored iv ( 16 bytes )
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
22:16:08 DB : config added ( obj count = 1 )
22:16:08 ii : configuration method is manual
22:16:08 DB : phase2 not found
22:16:08 ii : enabled adapter ROOTVNET000
22:16:08 ii : adapter ROOTVNET000 unavailable, retrying ...
22:16:09 ii : apapter ROOTVNET000 MTU is 1380
22:16:09 ii : generating IPSEC security policies at UNIQUE level
22:16:09 ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
22:16:09 DB : policy added ( obj count = 1 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : created NONE policy route for REMOTEIP/32
22:16:09 DB : policy added ( obj count = 2 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : creating NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
22:16:09 DB : policy added ( obj count = 3 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
22:16:09 DB : policy added ( obj count = 4 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy added ( obj count = 5 )
22:16:09 DB : policy found
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : creating IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : created IPSEC policy route for VPN_LOCAL_IP/24
22:16:09 DB : policy added ( obj count = 6 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : split DNS is disabled
22:16:12 K< : recv pfkey ACQUIRE UNSPEC message
22:16:12 DB : policy found
22:16:12 DB : policy found
22:16:12 DB : tunnel found
22:16:12 DB : new phase2 ( IPSEC initiator )
22:16:12 DB : phase2 added ( obj count = 1 )
22:16:12 K> : send pfkey GETSPI ESP message
22:16:12 K< : recv pfkey GETSPI ESP message
22:16:12 DB : phase2 found
22:16:12 ii : updated spi for 1 ipsec-esp proposal
22:16:12 DB : phase1 found
22:16:12 >> : hash payload
22:16:12 >> : security association payload
22:16:12 >> : - proposal #1 payload
22:16:12 >> : -- transform #1 payload
22:16:12 >> : nonce payload
22:16:12 >> : key exchange payload
22:16:12 >> : identification payload
22:16:12 >> : identification payload
22:16:12 == : phase2 hash_i ( input ) ( 248 bytes )
22:16:12 == : phase2 hash_i ( computed ) ( 20 bytes )
22:16:12 == : new phase2 iv ( 16 bytes )
22:16:12 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:12 >= : message 4a2d1878
22:16:12 >= : encrypt iv ( 16 bytes )
22:16:12 == : encrypt packet ( 296 bytes )
22:16:12 == : stored iv ( 16 bytes )
22:16:12 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
22:16:12 DB : phase2 resend event scheduled ( ref count = 2 )
22:16:17 -> : resend 1 phase2 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:22 -> : resend 1 phase2 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:27 -> : resend 1 phase2 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:30 K< : recv pfkey ACQUIRE UNSPEC message
22:16:30 DB : policy found
22:16:30 DB : policy found
22:16:30 DB : tunnel found
22:16:30 DB : new phase2 ( IPSEC initiator )
22:16:30 DB : phase2 added ( obj count = 2 )
22:16:30 K> : send pfkey GETSPI ESP message
22:16:30 K< : recv pfkey GETSPI ESP message
22:16:30 DB : phase2 found
22:16:30 ii : updated spi for 1 ipsec-esp proposal
22:16:30 DB : phase1 found
22:16:30 >> : hash payload
22:16:30 >> : security association payload
22:16:30 >> : - proposal #1 payload
22:16:30 >> : -- transform #1 payload
22:16:30 >> : nonce payload
22:16:30 >> : key exchange payload
22:16:30 >> : identification payload
22:16:30 >> : identification payload
22:16:30 == : phase2 hash_i ( input ) ( 248 bytes )
22:16:30 == : phase2 hash_i ( computed ) ( 20 bytes )
22:16:30 == : new phase2 iv ( 16 bytes )
22:16:30 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:30 >= : message b4687a6c
22:16:30 >= : encrypt iv ( 16 bytes )
22:16:30 == : encrypt packet ( 296 bytes )
22:16:30 == : stored iv ( 16 bytes )
22:16:30 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
22:16:30 DB : phase2 resend event scheduled ( ref count = 2 )
22:16:32 <A : peer tunnel disable message
22:16:32 DB : policy found
22:16:32 ii : removing IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 ii : removed IPSEC policy route for ANY:VPN_LOCAL_IP/24:*
22:16:32 DB : policy found
22:16:32 ii : removing NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 ii : removed NONE policy route for ANY:REMOTEIP:*
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 5 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 4 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 3 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 2 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 1 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 0 )
22:16:32 ii : disable adapter ROOTVNET000
22:16:32 DB : tunnel stats event canceled ( ref count = 5 )
22:16:32 DB : removing tunnel config references
22:16:32 DB : config deleted ( obj count = 0 )
22:16:32 DB : removing tunnel phase2 references
22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
22:16:32 ii : phase2 removal before expire time
22:16:32 DB : phase2 deleted ( obj count = 1 )
22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
22:16:32 ii : phase2 removal before expire time
22:16:32 DB : phase2 deleted ( obj count = 0 )
22:16:32 DB : removing tunnel phase1 references
22:16:32 DB : phase1 soft event canceled ( ref count = 3 )
22:16:32 DB : phase1 hard event canceled ( ref count = 2 )
22:16:32 DB : phase1 dead event canceled ( ref count = 1 )
22:16:32 ii : sending peer DELETE message
22:16:32 ii : - 192.168.0.100:500 -> REMOTEIP:500
22:16:32 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
22:16:32 ii : - data size 0
22:16:32 >> : hash payload
22:16:32 >> : delete payload
22:16:32 == : new informational hash ( 20 bytes )
22:16:32 == : new informational iv ( 16 bytes )
22:16:32 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:32 >= : message 66fddf83
22:16:32 >= : encrypt iv ( 16 bytes )
22:16:32 == : encrypt packet ( 80 bytes )
22:16:32 == : stored iv ( 16 bytes )
22:16:32 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
22:16:32 ii : phase1 removal before expire time
22:16:32 DB : phase1 deleted ( obj count = 0 )
22:16:32 DB : tunnel deleted ( obj count = 0 )
22:16:32 DB : removing all peer tunnel references
22:16:32 DB : peer deleted ( obj count = 0 )
22:16:32 ii : ipc client process thread exit ...


This is what I can see:



enter image description here



UPDATE:



This is the log of a working connection:



ii : rebuilding vnet device list ...
ii : device ROOTVNET000 disabled
ii : pfkey process thread begin ...
ii : ipc server process thread begin ...
ii : network process thread begin ...
ii : ipc client process thread begin ...
<A : peer config add message
<A : proposal config message
<A : proposal config message
<A : client config message
<A : local id 'myserver.company.com' message
<A : preshared key message
<A : remote resource message
<A : peer tunnel enable message
DB : peer added ( obj count = 1 )
ii : local address LOCALIP selected for peer
DB : tunnel added ( obj count = 1 )
DB : new phase1 ( ISAKMP initiator )
DB : exchange type is aggressive
DB : LOCALIP:500 <-> REMOTEIP:500
DB : 3cbc1e92c5a533c2:0000000000000000
DB : phase1 added ( obj count = 1 )
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : key exchange payload
>> : nonce payload
>> : identification payload
>> : vendor id payload
ii : local supports nat-t ( draft v00 )
>> : vendor id payload
ii : local supports nat-t ( draft v01 )
>> : vendor id payload
ii : local supports nat-t ( draft v02 )
>> : vendor id payload
ii : local supports nat-t ( draft v03 )
>> : vendor id payload
ii : local supports nat-t ( rfc )
>> : vendor id payload
>> : vendor id payload
ii : local supports DPDv1
>> : vendor id payload
ii : local is SHREW SOFT compatible
>> : vendor id payload
ii : local is NETSCREEN compatible
>> : vendor id payload
ii : local is SIDEWINDER compatible
>> : vendor id payload
ii : local is CISCO UNITY compatible
>= : cookies 3cbc1e92c5a533c2:0000000000000000
>= : message 00000000
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 520 bytes )
DB : phase1 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 276 bytes )
DB : phase1 found
ii : processing phase1 packet ( 276 bytes )
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 00000000
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #1 payload
ii : matched isakmp proposal #1 transform #1
ii : - transform = ike
ii : - cipher type = aes
ii : - key length = 256 bits
ii : - hash type = sha1
ii : - dh group = group2 ( modp-1024 )
ii : - auth type = psk
ii : - life seconds = 28800
ii : - life kbytes = 0
<< : key exchange payload
<< : nonce payload
<< : identification payload
ii : phase1 id match ( natt prevents ip match )
ii : received = ipv4-host REMOTEIP
<< : hash payload
ii : nat-t is unsupported by remote peer
== : DH shared secret ( 128 bytes )
== : SETKEYID ( 20 bytes )
== : SETKEYID_d ( 20 bytes )
== : SETKEYID_a ( 20 bytes )
== : SETKEYID_e ( 20 bytes )
== : cipher key ( 32 bytes )
== : cipher iv ( 16 bytes )
== : phase1 hash_i ( computed ) ( 20 bytes )
>> : hash payload
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 00000000
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase1 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : phase1 hash_r ( computed ) ( 20 bytes )
== : phase1 hash_r ( received ) ( 20 bytes )
ii : phase1 sa established
ii : REMOTEIP:500 <-> LOCALIP:500
ii : 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : sending peer INITIAL-CONTACT notification
ii : - LOCALIP:500 -> REMOTEIP:500
ii : - isakmp spi = 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : - data size 0
>> : hash payload
>> : notification payload
== : new informational hash ( 20 bytes )
== : new informational iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 7061fc09
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 80 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 120 bytes )
DB : config added ( obj count = 1 )
ii : configuration method is manual
DB : phase2 not found
ii : enabled adapter ROOTVNET000
ii : adapter ROOTVNET000 unavailable, retrying ...
ii : apapter ROOTVNET000 MTU is 1380
ii : generating IPSEC security policies at UNIQUE level
ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:LOCALIP:*
DB : policy added ( obj count = 1 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating NONE OUTBOUND policy ANY:LOCALIP:* -> ANY:REMOTEIP:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created NONE policy route for REMOTEIP/32
DB : policy added ( obj count = 2 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : creating IPSEC INBOUND policy ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
DB : policy added ( obj count = 3 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating IPSEC OUTBOUND policy ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created IPSEC policy route for VPN_IP/24
DB : policy added ( obj count = 4 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : split DNS is disabled
K< : recv pfkey ACQUIRE UNSPEC message
DB : policy found
DB : policy found
DB : tunnel found
DB : new phase2 ( IPSEC initiator )
DB : phase2 added ( obj count = 1 )
K> : send pfkey GETSPI ESP message
K< : recv pfkey GETSPI ESP message
DB : phase2 found
ii : updated spi for 1 ipsec-esp proposal
DB : phase1 found
>> : hash payload
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : nonce payload
>> : key exchange payload
>> : identification payload
>> : identification payload
== : phase2 hash_i ( input ) ( 248 bytes )
== : phase2 hash_i ( computed ) ( 20 bytes )
== : new phase2 iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 296 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 328 bytes )
DB : phase2 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 300 bytes )
DB : phase1 found
ii : processing phase2 packet ( 300 bytes )
DB : phase2 found
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 907d2142
=< : decrypt iv ( 16 bytes )
== : decrypt packet ( 300 bytes )
<= : trimmed packet padding ( 8 bytes )
<= : stored iv ( 16 bytes )
<< : hash payload
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #1 payload
<< : nonce payload
<< : key exchange payload
<< : identification payload
<< : identification payload
== : phase2 hash_r ( input ) ( 264 bytes )
== : phase2 hash_r ( computed ) ( 20 bytes )
== : phase2 hash_r ( received ) ( 20 bytes )
ii : matched ipsec-esp proposal #1 transform #1
ii : - transform = esp-aes
ii : - key length = 256 bits
ii : - encap mode = tunnel
ii : - msg auth = hmac-sha1
ii : - pfs dh group = group2 ( modp-1024 )
ii : - life seconds = 3600
ii : - life kbytes = 0
DB : policy found
K> : send pfkey GETSPI ESP message
ii : phase2 ids accepted
ii : - loc ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
ii : - rmt ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
ii : phase2 sa established
ii : LOCALIP:500 <-> REMOTEIP:500
== : phase2 hash_p ( input ) ( 41 bytes )
== : phase2 hash_p ( computed ) ( 20 bytes )
>> : hash payload
K< : recv pfkey GETSPI ESP message
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
DB : phase2 found
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase2 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : PFS DH shared secret ( 128 bytes )
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message


I've already reinstalled the software. What has gone wrong? What should I do?










share|improve this question















I used ShrewSoft VPN to access a few work computers.



A few days ago the password has been changed so I have changed it at the credentials settings.



Since that time, I cannot connect to any of the work computers but all of my co-workers can.



There are 2 scenarios:




  • When trying to connect, I get this message:



negotiation timout occurred




Here is the IKE service log for it:



15/03/04 22:12:55 ii : rebuilding vnet device list ...
15/03/04 22:12:55 ii : device ROOTVNET000 disabled
15/03/04 22:12:55 ii : network process thread begin ...
15/03/04 22:12:55 ii : pfkey process thread begin ...
15/03/04 22:12:55 ii : ipc server process thread begin ...
15/03/04 22:13:01 ii : ipc client process thread begin ...
15/03/04 22:13:01 <A : peer config add message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : client config message
15/03/04 22:13:01 <A : local id 'myserver.company.com' message
15/03/04 22:13:01 <A : preshared key message
15/03/04 22:13:01 <A : remote resource message
15/03/04 22:13:01 <A : peer tunnel enable message
15/03/04 22:13:01 DB : peer added ( obj count = 1 )
15/03/04 22:13:01 ii : local address 192.168.0.100 selected for peer
15/03/04 22:13:01 DB : tunnel added ( obj count = 1 )
15/03/04 22:13:01 DB : new phase1 ( ISAKMP initiator )
15/03/04 22:13:01 DB : exchange type is aggressive
15/03/04 22:13:01 DB : 192.168.0.100:500 <-> REMOTEIP:500
15/03/04 22:13:01 DB : e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 DB : phase1 added ( obj count = 1 )
15/03/04 22:13:01 >> : security association payload
15/03/04 22:13:01 >> : - proposal #1 payload
15/03/04 22:13:01 >> : -- transform #1 payload
15/03/04 22:13:01 >> : key exchange payload
15/03/04 22:13:01 >> : nonce payload
15/03/04 22:13:01 >> : identification payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v00 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v01 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v02 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v03 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( rfc )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports DPDv1
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SHREW SOFT compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is NETSCREEN compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SIDEWINDER compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is CISCO UNITY compatible
15/03/04 22:13:01 >= : cookies e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 >= : message 00000000
15/03/04 22:13:01 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
15/03/04 22:13:01 DB : phase1 resend event scheduled ( ref count = 2 )
15/03/04 22:13:06 -> : resend 1 phase1 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:11 -> : resend 1 phase1 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:16 -> : resend 1 phase1 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:21 ii : resend limit exceeded for phase1 exchange
15/03/04 22:13:21 ii : phase1 removal before expire time
15/03/04 22:13:21 DB : phase1 deleted ( obj count = 0 )
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : removing tunnel config references
15/03/04 22:13:21 DB : removing tunnel phase2 references
15/03/04 22:13:21 DB : removing tunnel phase1 references
15/03/04 22:13:21 DB : tunnel deleted ( obj count = 0 )
15/03/04 22:13:21 DB : removing all peer tunnel references
15/03/04 22:13:21 DB : peer deleted ( obj count = 0 )
15/03/04 22:13:21 ii : ipc client process thread exit ...



  • When sometimes it says that the tunnel enabled, I can't reach any computer.


Here is the IKE service log for it:



 22:16:08 ii : ipc client process thread begin ...
22:16:08 <A : peer config add message
22:16:08 <A : proposal config message
22:16:08 <A : proposal config message
22:16:08 <A : client config message
22:16:08 <A : local id 'myserver.company.com' message
22:16:08 <A : preshared key message
22:16:08 <A : remote resource message
22:16:08 <A : peer tunnel enable message
22:16:08 DB : peer added ( obj count = 1 )
22:16:08 ii : local address 192.168.0.100 selected for peer
22:16:08 DB : tunnel added ( obj count = 1 )
22:16:08 DB : new phase1 ( ISAKMP initiator )
22:16:08 DB : exchange type is aggressive
22:16:08 DB : 192.168.0.100:500 <-> REMOTEIP:500
22:16:08 DB : f232ff98c4937c18:0000000000000000
22:16:08 DB : phase1 added ( obj count = 1 )
22:16:08 >> : security association payload
22:16:08 >> : - proposal #1 payload
22:16:08 >> : -- transform #1 payload
22:16:08 >> : key exchange payload
22:16:08 >> : nonce payload
22:16:08 >> : identification payload
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v00 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v01 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v02 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v03 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( rfc )
22:16:08 >> : vendor id payload
22:16:08 >> : vendor id payload
22:16:08 ii : local supports DPDv1
22:16:08 >> : vendor id payload
22:16:08 ii : local is SHREW SOFT compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is NETSCREEN compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is SIDEWINDER compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is CISCO UNITY compatible
22:16:08 >= : cookies f232ff98c4937c18:0000000000000000
22:16:08 >= : message 00000000
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
22:16:08 DB : phase1 resend event scheduled ( ref count = 2 )
22:16:08 <- : recv IKE packet REMOTEIP:500 -> 192.168.0.100:500 ( 276 bytes )
22:16:08 DB : phase1 found
22:16:08 ii : processing phase1 packet ( 276 bytes )
22:16:08 =< : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 =< : message 00000000
22:16:08 << : security association payload
22:16:08 << : - propsal #1 payload
22:16:08 << : -- transform #1 payload
22:16:08 ii : matched isakmp proposal #1 transform #1
22:16:08 ii : - transform = ike
22:16:08 ii : - cipher type = aes
22:16:08 ii : - key length = 256 bits
22:16:08 ii : - hash type = sha1
22:16:08 ii : - dh group = group2 ( modp-1024 )
22:16:08 ii : - auth type = psk
22:16:08 ii : - life seconds = 28800
22:16:08 ii : - life kbytes = 0
22:16:08 << : key exchange payload
22:16:08 << : nonce payload
22:16:08 << : identification payload
22:16:08 ii : phase1 id match ( natt prevents ip match )
22:16:08 ii : received = ipv4-host REMOTEIP
22:16:08 << : hash payload
22:16:08 ii : nat-t is unsupported by remote peer
22:16:08 == : DH shared secret ( 128 bytes )
22:16:08 == : SETKEYID ( 20 bytes )
22:16:08 == : SETKEYID_d ( 20 bytes )
22:16:08 == : SETKEYID_a ( 20 bytes )
22:16:08 == : SETKEYID_e ( 20 bytes )
22:16:08 == : cipher key ( 32 bytes )
22:16:08 == : cipher iv ( 16 bytes )
22:16:08 == : phase1 hash_i ( computed ) ( 20 bytes )
22:16:08 >> : hash payload
22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 >= : message 00000000
22:16:08 >= : encrypt iv ( 16 bytes )
22:16:08 == : encrypt packet ( 52 bytes )
22:16:08 == : stored iv ( 16 bytes )
22:16:08 DB : phase1 resend event canceled ( ref count = 1 )
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 88 bytes )
22:16:08 == : phase1 hash_r ( computed ) ( 20 bytes )
22:16:08 == : phase1 hash_r ( received ) ( 20 bytes )
22:16:08 ii : phase1 sa established
22:16:08 ii : REMOTEIP:500 <-> 192.168.0.100:500
22:16:08 ii : f232ff98c4937c18:c65052785432b59d
22:16:08 ii : sending peer INITIAL-CONTACT notification
22:16:08 ii : - 192.168.0.100:500 -> REMOTEIP:500
22:16:08 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
22:16:08 ii : - data size 0
22:16:08 >> : hash payload
22:16:08 >> : notification payload
22:16:08 == : new informational hash ( 20 bytes )
22:16:08 == : new informational iv ( 16 bytes )
22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 >= : message 5c5ce9fa
22:16:08 >= : encrypt iv ( 16 bytes )
22:16:08 == : encrypt packet ( 80 bytes )
22:16:08 == : stored iv ( 16 bytes )
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
22:16:08 DB : config added ( obj count = 1 )
22:16:08 ii : configuration method is manual
22:16:08 DB : phase2 not found
22:16:08 ii : enabled adapter ROOTVNET000
22:16:08 ii : adapter ROOTVNET000 unavailable, retrying ...
22:16:09 ii : apapter ROOTVNET000 MTU is 1380
22:16:09 ii : generating IPSEC security policies at UNIQUE level
22:16:09 ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
22:16:09 DB : policy added ( obj count = 1 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : created NONE policy route for REMOTEIP/32
22:16:09 DB : policy added ( obj count = 2 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : creating NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
22:16:09 DB : policy added ( obj count = 3 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
22:16:09 DB : policy added ( obj count = 4 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy added ( obj count = 5 )
22:16:09 DB : policy found
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : creating IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : created IPSEC policy route for VPN_LOCAL_IP/24
22:16:09 DB : policy added ( obj count = 6 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : split DNS is disabled
22:16:12 K< : recv pfkey ACQUIRE UNSPEC message
22:16:12 DB : policy found
22:16:12 DB : policy found
22:16:12 DB : tunnel found
22:16:12 DB : new phase2 ( IPSEC initiator )
22:16:12 DB : phase2 added ( obj count = 1 )
22:16:12 K> : send pfkey GETSPI ESP message
22:16:12 K< : recv pfkey GETSPI ESP message
22:16:12 DB : phase2 found
22:16:12 ii : updated spi for 1 ipsec-esp proposal
22:16:12 DB : phase1 found
22:16:12 >> : hash payload
22:16:12 >> : security association payload
22:16:12 >> : - proposal #1 payload
22:16:12 >> : -- transform #1 payload
22:16:12 >> : nonce payload
22:16:12 >> : key exchange payload
22:16:12 >> : identification payload
22:16:12 >> : identification payload
22:16:12 == : phase2 hash_i ( input ) ( 248 bytes )
22:16:12 == : phase2 hash_i ( computed ) ( 20 bytes )
22:16:12 == : new phase2 iv ( 16 bytes )
22:16:12 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:12 >= : message 4a2d1878
22:16:12 >= : encrypt iv ( 16 bytes )
22:16:12 == : encrypt packet ( 296 bytes )
22:16:12 == : stored iv ( 16 bytes )
22:16:12 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
22:16:12 DB : phase2 resend event scheduled ( ref count = 2 )
22:16:17 -> : resend 1 phase2 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:22 -> : resend 1 phase2 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:27 -> : resend 1 phase2 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:30 K< : recv pfkey ACQUIRE UNSPEC message
22:16:30 DB : policy found
22:16:30 DB : policy found
22:16:30 DB : tunnel found
22:16:30 DB : new phase2 ( IPSEC initiator )
22:16:30 DB : phase2 added ( obj count = 2 )
22:16:30 K> : send pfkey GETSPI ESP message
22:16:30 K< : recv pfkey GETSPI ESP message
22:16:30 DB : phase2 found
22:16:30 ii : updated spi for 1 ipsec-esp proposal
22:16:30 DB : phase1 found
22:16:30 >> : hash payload
22:16:30 >> : security association payload
22:16:30 >> : - proposal #1 payload
22:16:30 >> : -- transform #1 payload
22:16:30 >> : nonce payload
22:16:30 >> : key exchange payload
22:16:30 >> : identification payload
22:16:30 >> : identification payload
22:16:30 == : phase2 hash_i ( input ) ( 248 bytes )
22:16:30 == : phase2 hash_i ( computed ) ( 20 bytes )
22:16:30 == : new phase2 iv ( 16 bytes )
22:16:30 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:30 >= : message b4687a6c
22:16:30 >= : encrypt iv ( 16 bytes )
22:16:30 == : encrypt packet ( 296 bytes )
22:16:30 == : stored iv ( 16 bytes )
22:16:30 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
22:16:30 DB : phase2 resend event scheduled ( ref count = 2 )
22:16:32 <A : peer tunnel disable message
22:16:32 DB : policy found
22:16:32 ii : removing IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 ii : removed IPSEC policy route for ANY:VPN_LOCAL_IP/24:*
22:16:32 DB : policy found
22:16:32 ii : removing NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 ii : removed NONE policy route for ANY:REMOTEIP:*
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 5 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 4 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 3 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 2 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 1 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 0 )
22:16:32 ii : disable adapter ROOTVNET000
22:16:32 DB : tunnel stats event canceled ( ref count = 5 )
22:16:32 DB : removing tunnel config references
22:16:32 DB : config deleted ( obj count = 0 )
22:16:32 DB : removing tunnel phase2 references
22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
22:16:32 ii : phase2 removal before expire time
22:16:32 DB : phase2 deleted ( obj count = 1 )
22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
22:16:32 ii : phase2 removal before expire time
22:16:32 DB : phase2 deleted ( obj count = 0 )
22:16:32 DB : removing tunnel phase1 references
22:16:32 DB : phase1 soft event canceled ( ref count = 3 )
22:16:32 DB : phase1 hard event canceled ( ref count = 2 )
22:16:32 DB : phase1 dead event canceled ( ref count = 1 )
22:16:32 ii : sending peer DELETE message
22:16:32 ii : - 192.168.0.100:500 -> REMOTEIP:500
22:16:32 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
22:16:32 ii : - data size 0
22:16:32 >> : hash payload
22:16:32 >> : delete payload
22:16:32 == : new informational hash ( 20 bytes )
22:16:32 == : new informational iv ( 16 bytes )
22:16:32 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:32 >= : message 66fddf83
22:16:32 >= : encrypt iv ( 16 bytes )
22:16:32 == : encrypt packet ( 80 bytes )
22:16:32 == : stored iv ( 16 bytes )
22:16:32 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
22:16:32 ii : phase1 removal before expire time
22:16:32 DB : phase1 deleted ( obj count = 0 )
22:16:32 DB : tunnel deleted ( obj count = 0 )
22:16:32 DB : removing all peer tunnel references
22:16:32 DB : peer deleted ( obj count = 0 )
22:16:32 ii : ipc client process thread exit ...


This is what I can see:



enter image description here



UPDATE:



This is the log of a working connection:



ii : rebuilding vnet device list ...
ii : device ROOTVNET000 disabled
ii : pfkey process thread begin ...
ii : ipc server process thread begin ...
ii : network process thread begin ...
ii : ipc client process thread begin ...
<A : peer config add message
<A : proposal config message
<A : proposal config message
<A : client config message
<A : local id 'myserver.company.com' message
<A : preshared key message
<A : remote resource message
<A : peer tunnel enable message
DB : peer added ( obj count = 1 )
ii : local address LOCALIP selected for peer
DB : tunnel added ( obj count = 1 )
DB : new phase1 ( ISAKMP initiator )
DB : exchange type is aggressive
DB : LOCALIP:500 <-> REMOTEIP:500
DB : 3cbc1e92c5a533c2:0000000000000000
DB : phase1 added ( obj count = 1 )
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : key exchange payload
>> : nonce payload
>> : identification payload
>> : vendor id payload
ii : local supports nat-t ( draft v00 )
>> : vendor id payload
ii : local supports nat-t ( draft v01 )
>> : vendor id payload
ii : local supports nat-t ( draft v02 )
>> : vendor id payload
ii : local supports nat-t ( draft v03 )
>> : vendor id payload
ii : local supports nat-t ( rfc )
>> : vendor id payload
>> : vendor id payload
ii : local supports DPDv1
>> : vendor id payload
ii : local is SHREW SOFT compatible
>> : vendor id payload
ii : local is NETSCREEN compatible
>> : vendor id payload
ii : local is SIDEWINDER compatible
>> : vendor id payload
ii : local is CISCO UNITY compatible
>= : cookies 3cbc1e92c5a533c2:0000000000000000
>= : message 00000000
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 520 bytes )
DB : phase1 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 276 bytes )
DB : phase1 found
ii : processing phase1 packet ( 276 bytes )
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 00000000
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #1 payload
ii : matched isakmp proposal #1 transform #1
ii : - transform = ike
ii : - cipher type = aes
ii : - key length = 256 bits
ii : - hash type = sha1
ii : - dh group = group2 ( modp-1024 )
ii : - auth type = psk
ii : - life seconds = 28800
ii : - life kbytes = 0
<< : key exchange payload
<< : nonce payload
<< : identification payload
ii : phase1 id match ( natt prevents ip match )
ii : received = ipv4-host REMOTEIP
<< : hash payload
ii : nat-t is unsupported by remote peer
== : DH shared secret ( 128 bytes )
== : SETKEYID ( 20 bytes )
== : SETKEYID_d ( 20 bytes )
== : SETKEYID_a ( 20 bytes )
== : SETKEYID_e ( 20 bytes )
== : cipher key ( 32 bytes )
== : cipher iv ( 16 bytes )
== : phase1 hash_i ( computed ) ( 20 bytes )
>> : hash payload
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 00000000
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase1 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : phase1 hash_r ( computed ) ( 20 bytes )
== : phase1 hash_r ( received ) ( 20 bytes )
ii : phase1 sa established
ii : REMOTEIP:500 <-> LOCALIP:500
ii : 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : sending peer INITIAL-CONTACT notification
ii : - LOCALIP:500 -> REMOTEIP:500
ii : - isakmp spi = 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : - data size 0
>> : hash payload
>> : notification payload
== : new informational hash ( 20 bytes )
== : new informational iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 7061fc09
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 80 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 120 bytes )
DB : config added ( obj count = 1 )
ii : configuration method is manual
DB : phase2 not found
ii : enabled adapter ROOTVNET000
ii : adapter ROOTVNET000 unavailable, retrying ...
ii : apapter ROOTVNET000 MTU is 1380
ii : generating IPSEC security policies at UNIQUE level
ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:LOCALIP:*
DB : policy added ( obj count = 1 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating NONE OUTBOUND policy ANY:LOCALIP:* -> ANY:REMOTEIP:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created NONE policy route for REMOTEIP/32
DB : policy added ( obj count = 2 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : creating IPSEC INBOUND policy ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
DB : policy added ( obj count = 3 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating IPSEC OUTBOUND policy ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created IPSEC policy route for VPN_IP/24
DB : policy added ( obj count = 4 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : split DNS is disabled
K< : recv pfkey ACQUIRE UNSPEC message
DB : policy found
DB : policy found
DB : tunnel found
DB : new phase2 ( IPSEC initiator )
DB : phase2 added ( obj count = 1 )
K> : send pfkey GETSPI ESP message
K< : recv pfkey GETSPI ESP message
DB : phase2 found
ii : updated spi for 1 ipsec-esp proposal
DB : phase1 found
>> : hash payload
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : nonce payload
>> : key exchange payload
>> : identification payload
>> : identification payload
== : phase2 hash_i ( input ) ( 248 bytes )
== : phase2 hash_i ( computed ) ( 20 bytes )
== : new phase2 iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 296 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 328 bytes )
DB : phase2 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 300 bytes )
DB : phase1 found
ii : processing phase2 packet ( 300 bytes )
DB : phase2 found
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 907d2142
=< : decrypt iv ( 16 bytes )
== : decrypt packet ( 300 bytes )
<= : trimmed packet padding ( 8 bytes )
<= : stored iv ( 16 bytes )
<< : hash payload
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #1 payload
<< : nonce payload
<< : key exchange payload
<< : identification payload
<< : identification payload
== : phase2 hash_r ( input ) ( 264 bytes )
== : phase2 hash_r ( computed ) ( 20 bytes )
== : phase2 hash_r ( received ) ( 20 bytes )
ii : matched ipsec-esp proposal #1 transform #1
ii : - transform = esp-aes
ii : - key length = 256 bits
ii : - encap mode = tunnel
ii : - msg auth = hmac-sha1
ii : - pfs dh group = group2 ( modp-1024 )
ii : - life seconds = 3600
ii : - life kbytes = 0
DB : policy found
K> : send pfkey GETSPI ESP message
ii : phase2 ids accepted
ii : - loc ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
ii : - rmt ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
ii : phase2 sa established
ii : LOCALIP:500 <-> REMOTEIP:500
== : phase2 hash_p ( input ) ( 41 bytes )
== : phase2 hash_p ( computed ) ( 20 bytes )
>> : hash payload
K< : recv pfkey GETSPI ESP message
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
DB : phase2 found
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase2 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : PFS DH shared secret ( 128 bytes )
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message


I've already reinstalled the software. What has gone wrong? What should I do?







windows-8.1 vpn shrew






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 5 '15 at 11:40

























asked Mar 4 '15 at 21:33









Nestor

3881926




3881926












  • After 15/03/04 22:16:32 <A : peer tunnel disable message log looks like things start getting torn down, instead of built. Are you sure you're not disabled? Have you tried comparing logs to co-workers' successful connections? Have you tried re-install (maybe a dumb approach, but may fix some potential issues). Also, be careful about consistent filtering. You blob out the "Remote Host" in picture, but log shows IP addresses. (Not really any real security problem in this case since both 192.168.0.1 and 192.168.17.7 are in RFC 1918 range.)
    – TOOGAM
    Mar 4 '15 at 23:01










  • @TOOGAM: See the update initial post. We share the same configuration file. I'm not disabled, so we can't tell why I can't establish a working connection.
    – Nestor
    Mar 5 '15 at 11:42




















  • After 15/03/04 22:16:32 <A : peer tunnel disable message log looks like things start getting torn down, instead of built. Are you sure you're not disabled? Have you tried comparing logs to co-workers' successful connections? Have you tried re-install (maybe a dumb approach, but may fix some potential issues). Also, be careful about consistent filtering. You blob out the "Remote Host" in picture, but log shows IP addresses. (Not really any real security problem in this case since both 192.168.0.1 and 192.168.17.7 are in RFC 1918 range.)
    – TOOGAM
    Mar 4 '15 at 23:01










  • @TOOGAM: See the update initial post. We share the same configuration file. I'm not disabled, so we can't tell why I can't establish a working connection.
    – Nestor
    Mar 5 '15 at 11:42


















After 15/03/04 22:16:32 <A : peer tunnel disable message log looks like things start getting torn down, instead of built. Are you sure you're not disabled? Have you tried comparing logs to co-workers' successful connections? Have you tried re-install (maybe a dumb approach, but may fix some potential issues). Also, be careful about consistent filtering. You blob out the "Remote Host" in picture, but log shows IP addresses. (Not really any real security problem in this case since both 192.168.0.1 and 192.168.17.7 are in RFC 1918 range.)
– TOOGAM
Mar 4 '15 at 23:01




After 15/03/04 22:16:32 <A : peer tunnel disable message log looks like things start getting torn down, instead of built. Are you sure you're not disabled? Have you tried comparing logs to co-workers' successful connections? Have you tried re-install (maybe a dumb approach, but may fix some potential issues). Also, be careful about consistent filtering. You blob out the "Remote Host" in picture, but log shows IP addresses. (Not really any real security problem in this case since both 192.168.0.1 and 192.168.17.7 are in RFC 1918 range.)
– TOOGAM
Mar 4 '15 at 23:01












@TOOGAM: See the update initial post. We share the same configuration file. I'm not disabled, so we can't tell why I can't establish a working connection.
– Nestor
Mar 5 '15 at 11:42






@TOOGAM: See the update initial post. We share the same configuration file. I'm not disabled, so we can't tell why I can't establish a working connection.
– Nestor
Mar 5 '15 at 11:42












3 Answers
3






active

oldest

votes

















up vote
0
down vote













I set the compatibility option of the .exe with Windows 7 and Shrew now works fine.






share|improve this answer



















  • 1




    Which .exe exactly are you referring to?
    – Daniel B
    Aug 2 '15 at 19:58


















up vote
0
down vote













I had the same problem with ShrewSoft VPN on Windows 8.1 x64.
It wasn't connecting - it was only reaching to:





local id configured



remote id configured



pre-shared key configured



bringing up tunnel ...





and that's all. After some time it was disconnecting for timeout.



What I did was:




  • uninstall ShrewSoft the usual way, then remove the leftovers


  • found this article - https://lists.shrew.net/pipermail/vpn-help/2008-May/010123.html - it helped me uninstall ShrewSoft completely from the following locations:



the appdata folder, the programdata hidden folder




  • the registry - open regedit.exe and search for the string "shrew" and delete everything you find. Most importantly the entry about the ShrewSoft Virtual adapter


  • go to the folder c:windowssystem32drivers and delete "virtualnet.sys" and "vfilter.sys"


  • reboot


  • install ShrewSoft again


  • reboot


  • finally boot, start ShrewSoft, import your pcf and you're done - it works, finally!







share|improve this answer




























    up vote
    -1
    down vote













    All you need to do is open REGEDIT. Go to HKEY_LOCAL_MACHINE/SOFTWARE/ SHREWSOFT/VPN. and delete all entries. Some entries won't get deleted though don't worry. Then, open the SHREWSOFT Application installer. Don't change install location. It will fail to search for certain values (the values we deleted) while installing. If error POPS, IGNORE it. Once installed. Start VPN CLIENT, Import .PCF file and Voila. It will work.






    share|improve this answer





















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "3"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f885622%2fshrewsoft-vpn-client-no-longer-works-on-windows-8-1-x64%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      3 Answers
      3






      active

      oldest

      votes








      3 Answers
      3






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      0
      down vote













      I set the compatibility option of the .exe with Windows 7 and Shrew now works fine.






      share|improve this answer



















      • 1




        Which .exe exactly are you referring to?
        – Daniel B
        Aug 2 '15 at 19:58















      up vote
      0
      down vote













      I set the compatibility option of the .exe with Windows 7 and Shrew now works fine.






      share|improve this answer



















      • 1




        Which .exe exactly are you referring to?
        – Daniel B
        Aug 2 '15 at 19:58













      up vote
      0
      down vote










      up vote
      0
      down vote









      I set the compatibility option of the .exe with Windows 7 and Shrew now works fine.






      share|improve this answer














      I set the compatibility option of the .exe with Windows 7 and Shrew now works fine.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Aug 3 '15 at 0:39









      Jamal

      4561617




      4561617










      answered Aug 2 '15 at 19:56









      Sebastinovitch

      1




      1








      • 1




        Which .exe exactly are you referring to?
        – Daniel B
        Aug 2 '15 at 19:58














      • 1




        Which .exe exactly are you referring to?
        – Daniel B
        Aug 2 '15 at 19:58








      1




      1




      Which .exe exactly are you referring to?
      – Daniel B
      Aug 2 '15 at 19:58




      Which .exe exactly are you referring to?
      – Daniel B
      Aug 2 '15 at 19:58












      up vote
      0
      down vote













      I had the same problem with ShrewSoft VPN on Windows 8.1 x64.
      It wasn't connecting - it was only reaching to:





      local id configured



      remote id configured



      pre-shared key configured



      bringing up tunnel ...





      and that's all. After some time it was disconnecting for timeout.



      What I did was:




      • uninstall ShrewSoft the usual way, then remove the leftovers


      • found this article - https://lists.shrew.net/pipermail/vpn-help/2008-May/010123.html - it helped me uninstall ShrewSoft completely from the following locations:



      the appdata folder, the programdata hidden folder




      • the registry - open regedit.exe and search for the string "shrew" and delete everything you find. Most importantly the entry about the ShrewSoft Virtual adapter


      • go to the folder c:windowssystem32drivers and delete "virtualnet.sys" and "vfilter.sys"


      • reboot


      • install ShrewSoft again


      • reboot


      • finally boot, start ShrewSoft, import your pcf and you're done - it works, finally!







      share|improve this answer

























        up vote
        0
        down vote













        I had the same problem with ShrewSoft VPN on Windows 8.1 x64.
        It wasn't connecting - it was only reaching to:





        local id configured



        remote id configured



        pre-shared key configured



        bringing up tunnel ...





        and that's all. After some time it was disconnecting for timeout.



        What I did was:




        • uninstall ShrewSoft the usual way, then remove the leftovers


        • found this article - https://lists.shrew.net/pipermail/vpn-help/2008-May/010123.html - it helped me uninstall ShrewSoft completely from the following locations:



        the appdata folder, the programdata hidden folder




        • the registry - open regedit.exe and search for the string "shrew" and delete everything you find. Most importantly the entry about the ShrewSoft Virtual adapter


        • go to the folder c:windowssystem32drivers and delete "virtualnet.sys" and "vfilter.sys"


        • reboot


        • install ShrewSoft again


        • reboot


        • finally boot, start ShrewSoft, import your pcf and you're done - it works, finally!







        share|improve this answer























          up vote
          0
          down vote










          up vote
          0
          down vote









          I had the same problem with ShrewSoft VPN on Windows 8.1 x64.
          It wasn't connecting - it was only reaching to:





          local id configured



          remote id configured



          pre-shared key configured



          bringing up tunnel ...





          and that's all. After some time it was disconnecting for timeout.



          What I did was:




          • uninstall ShrewSoft the usual way, then remove the leftovers


          • found this article - https://lists.shrew.net/pipermail/vpn-help/2008-May/010123.html - it helped me uninstall ShrewSoft completely from the following locations:



          the appdata folder, the programdata hidden folder




          • the registry - open regedit.exe and search for the string "shrew" and delete everything you find. Most importantly the entry about the ShrewSoft Virtual adapter


          • go to the folder c:windowssystem32drivers and delete "virtualnet.sys" and "vfilter.sys"


          • reboot


          • install ShrewSoft again


          • reboot


          • finally boot, start ShrewSoft, import your pcf and you're done - it works, finally!







          share|improve this answer












          I had the same problem with ShrewSoft VPN on Windows 8.1 x64.
          It wasn't connecting - it was only reaching to:





          local id configured



          remote id configured



          pre-shared key configured



          bringing up tunnel ...





          and that's all. After some time it was disconnecting for timeout.



          What I did was:




          • uninstall ShrewSoft the usual way, then remove the leftovers


          • found this article - https://lists.shrew.net/pipermail/vpn-help/2008-May/010123.html - it helped me uninstall ShrewSoft completely from the following locations:



          the appdata folder, the programdata hidden folder




          • the registry - open regedit.exe and search for the string "shrew" and delete everything you find. Most importantly the entry about the ShrewSoft Virtual adapter


          • go to the folder c:windowssystem32drivers and delete "virtualnet.sys" and "vfilter.sys"


          • reboot


          • install ShrewSoft again


          • reboot


          • finally boot, start ShrewSoft, import your pcf and you're done - it works, finally!








          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Apr 10 '16 at 17:35









          Johnny Rotten

          1




          1






















              up vote
              -1
              down vote













              All you need to do is open REGEDIT. Go to HKEY_LOCAL_MACHINE/SOFTWARE/ SHREWSOFT/VPN. and delete all entries. Some entries won't get deleted though don't worry. Then, open the SHREWSOFT Application installer. Don't change install location. It will fail to search for certain values (the values we deleted) while installing. If error POPS, IGNORE it. Once installed. Start VPN CLIENT, Import .PCF file and Voila. It will work.






              share|improve this answer

























                up vote
                -1
                down vote













                All you need to do is open REGEDIT. Go to HKEY_LOCAL_MACHINE/SOFTWARE/ SHREWSOFT/VPN. and delete all entries. Some entries won't get deleted though don't worry. Then, open the SHREWSOFT Application installer. Don't change install location. It will fail to search for certain values (the values we deleted) while installing. If error POPS, IGNORE it. Once installed. Start VPN CLIENT, Import .PCF file and Voila. It will work.






                share|improve this answer























                  up vote
                  -1
                  down vote










                  up vote
                  -1
                  down vote









                  All you need to do is open REGEDIT. Go to HKEY_LOCAL_MACHINE/SOFTWARE/ SHREWSOFT/VPN. and delete all entries. Some entries won't get deleted though don't worry. Then, open the SHREWSOFT Application installer. Don't change install location. It will fail to search for certain values (the values we deleted) while installing. If error POPS, IGNORE it. Once installed. Start VPN CLIENT, Import .PCF file and Voila. It will work.






                  share|improve this answer












                  All you need to do is open REGEDIT. Go to HKEY_LOCAL_MACHINE/SOFTWARE/ SHREWSOFT/VPN. and delete all entries. Some entries won't get deleted though don't worry. Then, open the SHREWSOFT Application installer. Don't change install location. It will fail to search for certain values (the values we deleted) while installing. If error POPS, IGNORE it. Once installed. Start VPN CLIENT, Import .PCF file and Voila. It will work.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Feb 14 at 16:59









                  Karry0077

                  1




                  1






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Super User!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f885622%2fshrewsoft-vpn-client-no-longer-works-on-windows-8-1-x64%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

                      Mangá

                      Eduardo VII do Reino Unido