Hi Stefan, many thanks for the reply. Certificate is definitely not broken. I use it with Cisco client on 32 bit Vista. Problem may be importing. I don not understand why I have to import server certificate, client and private key and if it's correct or not. In npc client I imported the same certificate only once and it worked from the start.
I reimported the pcf file and invalid message problem persists, but log is different: 10/03/04 08:43:58 ## : IKE Daemon, ver 2.1.6 10/03/04 08:43:58 ## : Copyright 2009 Shrew Soft Inc. 10/03/04 08:43:58 ## : This product linked OpenSSL 0.9.8h 28 May 2008 10/03/04 08:43:58 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log' 10/03/04 08:43:58 ii : rebuilding vnet device list ... 10/03/04 08:43:58 ii : device ROOT\VNET\0000 disabled 10/03/04 08:43:58 ii : network process thread begin ... 10/03/04 08:43:58 ii : pfkey process thread begin ... 10/03/04 08:43:58 ii : ipc server process thread begin ... 10/03/04 08:44:33 ii : ipc client process thread begin ... 10/03/04 08:44:33 <A : peer config add message 10/03/04 08:44:33 <A : proposal config message 10/03/04 08:44:33 <A : proposal config message 10/03/04 08:44:33 <A : client config message 10/03/04 08:44:33 <A : xauth username message 10/03/04 08:44:33 <A : xauth password message 10/03/04 08:44:33 <A : remote cert 'C:\Users\Libor Arndt\Documents\Shrew Soft VPN\certs\gncs_new.pfx' message 10/03/04 08:44:33 !! : 'C:\Users\Libor Arndt\Documents\Shrew Soft VPN\certs\gncs_new.pfx' load failed, requesting password 10/03/04 08:44:41 <A : file password 10/03/04 08:44:41 <A : remote cert 'C:\Users\Libor Arndt\Documents\Shrew Soft VPN\certs\gncs_new.pfx' message 10/03/04 08:44:41 <A : local cert 'C:\Users\Libor Arndt\Documents\Shrew Soft VPN\certs\gncs_new.pfx' message 10/03/04 08:44:41 <A : local key 'C:\Users\Libor Arndt\Documents\Shrew Soft VPN\certs\gncs_new.pfx' message 10/03/04 08:44:41 <A : peer tunnel enable message 10/03/04 08:44:41 ii : local supports XAUTH 10/03/04 08:44:41 ii : local supports nat-t ( draft v00 ) 10/03/04 08:44:41 ii : local supports nat-t ( draft v01 ) 10/03/04 08:44:41 ii : local supports nat-t ( draft v02 ) 10/03/04 08:44:41 ii : local supports nat-t ( draft v03 ) 10/03/04 08:44:41 ii : local supports nat-t ( rfc ) 10/03/04 08:44:41 ii : local supports DPDv1 10/03/04 08:44:41 ii : local is SHREW SOFT compatible 10/03/04 08:44:41 ii : local is NETSCREEN compatible 10/03/04 08:44:41 ii : local is SIDEWINDER compatible 10/03/04 08:44:41 ii : local is CISCO UNITY compatible 10/03/04 08:44:41 >= : cookies c89db27fd0a150f4:0000000000000000 10/03/04 08:44:41 >= : message 00000000 10/03/04 08:44:41 ii : processing phase1 packet ( 1472 bytes ) 10/03/04 08:44:41 =< : cookies c89db27fd0a150f4:d4fbd4db89f645e1 10/03/04 08:44:41 =< : message 00000000 10/03/04 08:44:41 ii : matched isakmp proposal #1 transform #13 10/03/04 08:44:41 ii : - transform = ike 10/03/04 08:44:41 ii : - cipher type = 3des 10/03/04 08:44:41 ii : - key length = default 10/03/04 08:44:41 ii : - hash type = md5 10/03/04 08:44:41 ii : - dh group = modp-1024 10/03/04 08:44:41 ii : - auth type = xauth-initiator-rsa 10/03/04 08:44:41 ii : - life seconds = 86400 10/03/04 08:44:41 ii : - life kbytes = 0 10/03/04 08:44:41 ii : phase1 id target is any 10/03/04 08:44:41 ii : phase1 id match 10/03/04 08:44:41 ii : received = asn1-dn C=CZ,ST=Czech Republic,L=Prague,O=Radiomobil a.s.,OU=IT Security,CN=vpngw2.t-mobile.cz 10/03/04 08:44:41 !! : unprocessed payload data 10/03/04 08:44:41 !! : unprocessed payload data 10/03/04 08:44:41 !! : unhandled phase1 payload 'unknown' ( 48 ) 10/03/04 08:44:41 !! : unprocessed payload data 10/03/04 08:44:41 ii : phase1 removal before expire time 10/03/04 08:44:41 ww : ike packet from 62.141.6.250 ignored, unknown phase1 sa for peer 10/03/04 08:44:41 ww : 8201010058d64d45:bdff0578d7a2c435 10/03/04 08:44:41 ww : ike packet from 62.141.6.250 ignored, unknown phase1 sa for peer 10/03/04 08:44:41 ww : c89db27fd0a150f4:d4fbd4db89f645e1 10/03/04 08:44:41 DB : removing tunnel config references 10/03/04 08:44:41 DB : removing tunnel phase2 references 10/03/04 08:44:41 DB : removing tunnel phase1 references 10/03/04 08:44:41 DB : removing all peer tunnel refrences 10/03/04 08:44:41 ii : ipc client process thread exit ... Thanks for any help. Libor (I'm inserting log wit INFORMATIONAL level to avoid long posts, if DEBUG level is preferred, let me know, please ) _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
