I appear to be hung up on the config exchange phase when connecting. After I get that message I just see an endless string of keep-alive messages. Can anyone make sense of this log? Thanks!
10/03/17 21:04:42 ## : IKE Daemon, ver 2.1.5 10/03/17 21:04:42 ## : Copyright 2009 Shrew Soft Inc. 10/03/17 21:04:42 ## : This product linked OpenSSL 0.9.8h 28 May 2008 10/03/17 21:04:42 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log' 10/03/17 21:04:42 ii : rebuilding vnet device list ... 10/03/17 21:04:42 ii : device ROOT\VNET\0000 disabled 10/03/17 21:04:42 ii : network process thread begin ... 10/03/17 21:04:42 ii : pfkey process thread begin ... 10/03/17 21:04:42 ii : ipc server process thread begin ... 10/03/17 21:05:00 ii : ipc client process thread begin ... 10/03/17 21:05:00 <A : peer config add message 10/03/17 21:05:00 DB : peer added ( obj count = 1 ) 10/03/17 21:05:00 ii : local address 192.168.1.100 selected for peer 10/03/17 21:05:01 DB : tunnel added ( obj count = 1 ) 10/03/17 21:05:01 <A : proposal config message 10/03/17 21:05:01 <A : proposal config message 10/03/17 21:05:01 <A : client config message 10/03/17 21:05:01 <A : local id 'fairchoicesystems_vpn' message 10/03/17 21:05:01 <A : preshared key message 10/03/17 21:05:01 <A : peer tunnel enable message 10/03/17 21:05:01 DB : new phase1 ( ISAKMP initiator ) 10/03/17 21:05:01 DB : exchange type is aggressive 10/03/17 21:05:01 DB : 192.168.1.100:500 <-> 64.27.67.101:500 10/03/17 21:05:01 DB : 7aa2529dd44ce7c7:0000000000000000 10/03/17 21:05:01 DB : phase1 added ( obj count = 1 ) 10/03/17 21:05:01 >> : security association payload 10/03/17 21:05:01 >> : - proposal #1 payload 10/03/17 21:05:01 >> : -- transform #1 payload 10/03/17 21:05:01 >> : -- transform #2 payload 10/03/17 21:05:01 >> : -- transform #3 payload 10/03/17 21:05:01 >> : -- transform #4 payload 10/03/17 21:05:01 >> : -- transform #5 payload 10/03/17 21:05:01 >> : -- transform #6 payload 10/03/17 21:05:01 >> : -- transform #7 payload 10/03/17 21:05:01 >> : -- transform #8 payload 10/03/17 21:05:01 >> : -- transform #9 payload 10/03/17 21:05:01 >> : key exchange payload 10/03/17 21:05:01 >> : nonce payload 10/03/17 21:05:01 >> : identification payload 10/03/17 21:05:01 >> : vendor id payload 10/03/17 21:05:01 ii : local supports nat-t ( draft v00 ) 10/03/17 21:05:01 >> : vendor id payload 10/03/17 21:05:01 ii : local supports nat-t ( draft v01 ) 10/03/17 21:05:01 >> : vendor id payload 10/03/17 21:05:01 ii : local supports nat-t ( draft v02 ) 10/03/17 21:05:01 >> : vendor id payload 10/03/17 21:05:01 ii : local supports nat-t ( draft v03 ) 10/03/17 21:05:01 >> : vendor id payload 10/03/17 21:05:01 ii : local supports nat-t ( rfc ) 10/03/17 21:05:01 >> : vendor id payload 10/03/17 21:05:01 ii : local is SHREW SOFT compatible 10/03/17 21:05:01 >> : vendor id payload 10/03/17 21:05:01 ii : local is NETSCREEN compatible 10/03/17 21:05:01 >> : vendor id payload 10/03/17 21:05:01 ii : local is SIDEWINDER compatible 10/03/17 21:05:01 >> : vendor id payload 10/03/17 21:05:01 ii : local is CISCO UNITY compatible 10/03/17 21:05:01 >= : cookies 7aa2529dd44ce7c7:0000000000000000 10/03/17 21:05:01 >= : message 00000000 10/03/17 21:05:01 -> : send IKE packet 192.168.1.100:500 -> 64.27.67.101:500( 793 bytes ) 10/03/17 21:05:01 DB : phase1 resend event scheduled ( ref count = 2 ) 10/03/17 21:05:01 <- : recv IKE packet 64.27.67.101:500 -> 192.168.1.100:500( 440 bytes ) 10/03/17 21:05:01 DB : phase1 found 10/03/17 21:05:01 ii : processing phase1 packet ( 440 bytes ) 10/03/17 21:05:01 =< : cookies 7aa2529dd44ce7c7:ecbb8a2118f81f12 10/03/17 21:05:01 =< : message 00000000 10/03/17 21:05:01 << : security association payload 10/03/17 21:05:01 << : - propsal #1 payload 10/03/17 21:05:01 << : -- transform #7 payload 10/03/17 21:05:01 ii : unmatched isakmp proposal/transform 10/03/17 21:05:01 ii : cipher type ( 3des != aes ) 10/03/17 21:05:01 ii : unmatched isakmp proposal/transform 10/03/17 21:05:01 ii : cipher type ( 3des != aes ) 10/03/17 21:05:01 ii : unmatched isakmp proposal/transform 10/03/17 21:05:01 ii : cipher type ( 3des != aes ) 10/03/17 21:05:01 ii : unmatched isakmp proposal/transform 10/03/17 21:05:01 ii : cipher type ( 3des != blowfish ) 10/03/17 21:05:01 ii : unmatched isakmp proposal/transform 10/03/17 21:05:01 ii : cipher type ( 3des != blowfish ) 10/03/17 21:05:01 ii : unmatched isakmp proposal/transform 10/03/17 21:05:01 ii : cipher type ( 3des != blowfish ) 10/03/17 21:05:01 ii : matched isakmp proposal #1 transform #7 10/03/17 21:05:01 ii : - transform = ike 10/03/17 21:05:01 ii : - cipher type = 3des 10/03/17 21:05:01 ii : - key length = default 10/03/17 21:05:01 ii : - hash type = sha1 10/03/17 21:05:01 ii : - dh group = modp-1024 10/03/17 21:05:01 ii : - auth type = psk 10/03/17 21:05:01 ii : - life seconds = 86400 10/03/17 21:05:01 ii : - life kbytes = 0 10/03/17 21:05:01 << : key exchange payload 10/03/17 21:05:01 << : nonce payload 10/03/17 21:05:01 << : identification payload 10/03/17 21:05:01 ii : phase1 id target is any 10/03/17 21:05:01 ii : phase1 id match 10/03/17 21:05:01 ii : received = ipv4-host 64.27.67.101 10/03/17 21:05:01 << : hash payload 10/03/17 21:05:01 << : vendor id payload 10/03/17 21:05:01 ii : peer is CISCO UNITY compatible 10/03/17 21:05:01 << : vendor id payload 10/03/17 21:05:01 ii : peer supports XAUTH 10/03/17 21:05:01 << : vendor id payload 10/03/17 21:05:01 ii : peer supports DPDv1 10/03/17 21:05:01 << : vendor id payload 10/03/17 21:05:01 ii : peer supports nat-t ( draft v02 ) 10/03/17 21:05:01 << : nat discovery payload 10/03/17 21:05:01 << : nat discovery payload 10/03/17 21:05:01 << : vendor id payload 10/03/17 21:05:01 ii : unknown vendor id ( 20 bytes ) 10/03/17 21:05:01 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000 10/03/17 21:05:01 << : vendor id payload 10/03/17 21:05:01 ii : unknown vendor id ( 16 bytes ) 10/03/17 21:05:01 0x : 1f07f70e aa6514d3 b0fa9654 2a500100 10/03/17 21:05:01 ii : nat discovery - local address is translated 10/03/17 21:05:01 ii : switching to src nat-t udp port 4500 10/03/17 21:05:01 ii : switching to dst nat-t udp port 4500 10/03/17 21:05:01 == : DH shared secret ( 128 bytes ) 10/03/17 21:05:01 == : SETKEYID ( 20 bytes ) 10/03/17 21:05:01 == : SETKEYID_d ( 20 bytes ) 10/03/17 21:05:01 == : SETKEYID_a ( 20 bytes ) 10/03/17 21:05:01 == : SETKEYID_e ( 20 bytes ) 10/03/17 21:05:01 == : cipher key ( 40 bytes ) 10/03/17 21:05:01 == : cipher iv ( 8 bytes ) 10/03/17 21:05:01 == : phase1 hash_i ( computed ) ( 20 bytes ) 10/03/17 21:05:01 >> : hash payload 10/03/17 21:05:01 >> : nat discovery payload 10/03/17 21:05:01 >> : nat discovery payload 10/03/17 21:05:01 >= : cookies 7aa2529dd44ce7c7:ecbb8a2118f81f12 10/03/17 21:05:01 >= : message 00000000 10/03/17 21:05:01 >= : encrypt iv ( 8 bytes ) 10/03/17 21:05:01 == : encrypt packet ( 100 bytes ) 10/03/17 21:05:01 == : stored iv ( 8 bytes ) 10/03/17 21:05:01 DB : phase1 resend event canceled ( ref count = 1 ) 10/03/17 21:05:01 -> : send NAT-T:IKE packet 192.168.1.100:4500 -> 64.27.67.101:4500 ( 132 bytes ) 10/03/17 21:05:01 == : phase1 hash_r ( computed ) ( 20 bytes ) 10/03/17 21:05:01 == : phase1 hash_r ( received ) ( 20 bytes ) 10/03/17 21:05:01 ii : phase1 sa established 10/03/17 21:05:01 ii : 64.27.67.101:4500 <-> 192.168.1.100:4500 10/03/17 21:05:01 ii : 7aa2529dd44ce7c7:ecbb8a2118f81f12 10/03/17 21:05:01 ii : sending peer INITIAL-CONTACT notification 10/03/17 21:05:01 ii : - 192.168.1.100:4500 -> 64.27.67.101:4500 10/03/17 21:05:01 ii : - isakmp spi = 7aa2529dd44ce7c7:ecbb8a2118f81f12 10/03/17 21:05:01 ii : - data size 0 10/03/17 21:05:01 >> : hash payload 10/03/17 21:05:01 >> : notification payload 10/03/17 21:05:01 == : new informational hash ( 20 bytes ) 10/03/17 21:05:01 == : new informational iv ( 8 bytes ) 10/03/17 21:05:01 >= : cookies 7aa2529dd44ce7c7:ecbb8a2118f81f12 10/03/17 21:05:01 >= : message 26a05d07 10/03/17 21:05:01 >= : encrypt iv ( 8 bytes ) 10/03/17 21:05:01 == : encrypt packet ( 80 bytes ) 10/03/17 21:05:01 == : stored iv ( 8 bytes ) 10/03/17 21:05:01 -> : send NAT-T:IKE packet 192.168.1.100:4500 -> 64.27.67.101:4500 ( 116 bytes ) 10/03/17 21:05:01 DB : config added ( obj count = 1 ) 10/03/17 21:05:01 ii : building config attribute list 10/03/17 21:05:01 ii : - IP4 Address 10/03/17 21:05:01 ii : - Address Expiry 10/03/17 21:05:01 ii : - IP4 Netamask 10/03/17 21:05:01 ii : - IP4 DNS Server 10/03/17 21:05:01 ii : - IP4 WINS Server 10/03/17 21:05:01 ii : - DNS Suffix 10/03/17 21:05:01 ii : - Split DNS Domain 10/03/17 21:05:01 ii : - IP4 Split Network Include 10/03/17 21:05:01 ii : - IP4 Split Network Exclude 10/03/17 21:05:01 == : new config iv ( 8 bytes ) 10/03/17 21:05:01 ii : sending config pull request 10/03/17 21:05:01 >> : hash payload 10/03/17 21:05:01 >> : attribute payload 10/03/17 21:05:01 == : new configure hash ( 20 bytes ) 10/03/17 21:05:01 >= : cookies 7aa2529dd44ce7c7:ecbb8a2118f81f12 10/03/17 21:05:01 >= : message 31f3a894 10/03/17 21:05:01 >= : encrypt iv ( 8 bytes ) 10/03/17 21:05:01 == : encrypt packet ( 96 bytes ) 10/03/17 21:05:01 == : stored iv ( 8 bytes ) 10/03/17 21:05:01 -> : send NAT-T:IKE packet 192.168.1.100:4500 -> 64.27.67.101:4500 ( 132 bytes ) 10/03/17 21:05:01 DB : config resend event scheduled ( ref count = 2 ) 10/03/17 21:05:01 DB : phase2 not found 10/03/17 21:05:06 -> : resend 1 config packet(s) 192.168.1.100:4500 -> 64.27.67.101:4500 10/03/17 21:05:11 -> : resend 1 config packet(s) 192.168.1.100:4500 -> 64.27.67.101:4500 10/03/17 21:05:16 DB : phase1 found 10/03/17 21:05:16 -> : send NAT-T:KEEP-ALIVE packet 192.168.1.100:4500 -> 64.27.67.101:4500 10/03/17 21:05:16 -> : resend 1 config packet(s) 192.168.1.100:4500 -> 64.27.67.101:4500 10/03/17 21:05:21 ii : resend limit exceeded for config exchange 10/03/17 21:05:21 DB : config deleted ( obj count = 0 ) 10/03/17 21:05:31 DB : phase1 found 10/03/17 21:05:31 -> : send NAT-T:KEEP-ALIVE packet 192.168.1.100:4500 -> 64.27.67.101:4500 10/03/17 21:05:46 DB : phase1 found 10/03/17 21:05:46 -> : send NAT-T:KEEP-ALIVE packet 192.168.1.100:4500 -> 64.27.67.101:4500
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
