Hello, I set debug level in registry and got the log output, so again:
I succesfully imported a pcf profile with 2.1.6 beta. I imported certificate (the same pfx file for server, client and private key, I hope it's ok). Unfortunately I got invalid message from gateway IPSEC.log: 10/02/27 13:16:52 ## : IPSEC Daemon, ver 2.1.6 10/02/27 13:16:52 ## : Copyright 2009 Shrew Soft Inc. 10/02/27 13:16:52 ## : This product linked OpenSSL 0.9.8h 28 May 2008 10/02/27 13:16:52 ## : This product linked zlib v1.2.3 10/02/27 13:16:52 ii : network send process thread begin ... 10/02/27 13:16:52 ii : network recv process thread begin ... 10/02/27 13:16:52 ii : pfkey server process thread begin ... 10/02/27 13:16:52 ii : vflt recv device attached 10/02/27 13:16:52 ii : vflt send device attached 10/02/27 13:16:53 ii : pfkey client process thread begin ... 10/02/27 13:16:53 ii : pfkey client process thread begin ... 10/02/27 13:16:56 ii : inspecting ARP request ... 10/02/27 13:16:56 !! : ARP packet has invalid header 10/02/27 13:17:30 ii : inspecting ARP request ... 10/02/27 13:17:48 ii : inspecting ARP request ... 10/02/27 13:18:05 ii : inspecting ARP request ... IKED.log: 10/02/27 13:16:47 ## : IKE Daemon, ver 2.1.6 10/02/27 13:16:47 ## : Copyright 2009 Shrew Soft Inc. 10/02/27 13:16:47 ## : This product linked OpenSSL 0.9.8h 28 May 2008 10/02/27 13:16:47 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log' 10/02/27 13:16:47 ii : rebuilding vnet device list ... 10/02/27 13:16:47 ii : device ROOT\VNET\0000 disabled 10/02/27 13:16:47 ii : network process thread begin ... 10/02/27 13:16:47 ii : pfkey process thread begin ... 10/02/27 13:16:47 ii : ipc server process thread begin ... 10/02/27 13:16:52 !! : unable to connect to pfkey interface 10/02/27 13:17:15 ii : ipc client process thread begin ... 10/02/27 13:17:15 <A : peer config add message 10/02/27 13:17:15 <A : proposal config message 10/02/27 13:17:15 <A : proposal config message 10/02/27 13:17:15 <A : client config message 10/02/27 13:17:15 <A : xauth username message 10/02/27 13:17:15 <A : xauth password message 10/02/27 13:17:15 <A : remote cert 'D:\certifikaty gncs\gncs_new.pfx' message 10/02/27 13:17:15 !! : 'D:\certifikaty gncs\gncs_new.pfx' load failed, requesting password 10/02/27 13:17:30 <A : file password 10/02/27 13:17:30 <A : remote cert 'D:\certifikaty gncs\gncs_new.pfx' message 10/02/27 13:17:30 <A : local cert 'D:\certifikaty gncs\gncs_new.pfx' message 10/02/27 13:17:30 <A : local key 'D:\certifikaty gncs\gncs_new.pfx' message 10/02/27 13:17:30 <A : peer tunnel enable message 10/02/27 13:17:30 ii : local supports XAUTH 10/02/27 13:17:30 ii : local supports nat-t ( draft v00 ) 10/02/27 13:17:30 ii : local supports nat-t ( draft v01 ) 10/02/27 13:17:30 ii : local supports nat-t ( draft v02 ) 10/02/27 13:17:30 ii : local supports nat-t ( draft v03 ) 10/02/27 13:17:30 ii : local supports nat-t ( rfc ) 10/02/27 13:17:30 ii : local supports DPDv1 10/02/27 13:17:30 ii : local is SHREW SOFT compatible 10/02/27 13:17:30 ii : local is NETSCREEN compatible 10/02/27 13:17:30 ii : local is SIDEWINDER compatible 10/02/27 13:17:30 ii : local is CISCO UNITY compatible 10/02/27 13:17:30 >= : cookies dd5895241fbc3554:0000000000000000 10/02/27 13:17:30 >= : message 00000000 10/02/27 13:17:30 ii : processing phase1 packet ( 128 bytes ) 10/02/27 13:17:30 =< : cookies dd5895241fbc3554:d3aab0972360e1c8 10/02/27 13:17:30 =< : message 00000000 10/02/27 13:17:30 ii : matched isakmp proposal #1 transform #68 10/02/27 13:17:30 ii : - transform = ike 10/02/27 13:17:30 ii : - cipher type = 3des 10/02/27 13:17:30 ii : - key length = default 10/02/27 13:17:30 ii : - hash type = sha1 10/02/27 13:17:30 ii : - dh group = modp-1536 10/02/27 13:17:30 ii : - auth type = xauth-initiator-rsa 10/02/27 13:17:30 ii : - life seconds = 86400 10/02/27 13:17:30 ii : - life kbytes = 0 10/02/27 13:17:30 ii : peer supports nat-t ( draft v02 ) 10/02/27 13:17:30 >= : cookies dd5895241fbc3554:d3aab0972360e1c8 10/02/27 13:17:30 >= : message 00000000 10/02/27 13:17:30 ii : processing phase1 packet ( 1472 bytes ) 10/02/27 13:17:30 =< : cookies dd5895241fbc3554:d3aab0972360e1c8 10/02/27 13:17:30 =< : message 00000000 10/02/27 13:17:30 !! : unprocessed payload data 10/02/27 13:17:30 !! : invalid certificate request size ( 42028 > 4096 ) 10/02/27 13:17:30 !! : unprocessed payload data 10/02/27 13:17:30 ii : phase1 removal before expire time 10/02/27 13:17:30 ww : ike packet from 62.141.6.250 ignored, unknown phase1 sa for peer 10/02/27 13:17:30 ww : dd5895241fbc3554:d3aab0972360e1c8 10/02/27 13:17:30 DB : removing tunnel config references 10/02/27 13:17:30 DB : removing tunnel phase2 references 10/02/27 13:17:30 DB : removing tunnel phase1 references 10/02/27 13:17:30 DB : removing all peer tunnel refrences 10/02/27 13:17:30 ii : ipc client process thread exit ... thanks in advance for any advice. Libor Arndt _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
