You are not logged in.

#1 2019-05-06 10:15:06

LordChaos73
Member
From: .nl
Registered: 2008-11-11
Posts: 183

Shrew Soft VPN client issue

Hi,

I'm trying to use Shrew (ike) to connect to my corporate network, but I can't get beyond phase1. The error seems to be:

received peer unknown notification

Here's the full log, any pointers please?

19/05/06 15:10:42 ii : ipc client process thread begin ...
19/05/06 15:10:42 <A : peer config add message
19/05/06 15:10:42 <A : proposal config message
19/05/06 15:10:42 <A : proposal config message
19/05/06 15:10:42 <A : client config message
19/05/06 15:10:42 <A : local id '' message
19/05/06 15:10:42 <A : peer tunnel enable message
19/05/06 15:10:42 DB : peer ref increment ( ref count = 1, obj count = 0 )
19/05/06 15:10:42 DB : peer added ( obj count = 1 )
19/05/06 15:10:43 ii : local address 192.168.1.103 selected for peer
19/05/06 15:10:43 DB : peer ref increment ( ref count = 2, obj count = 1 )
19/05/06 15:10:43 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
19/05/06 15:10:43 DB : tunnel added ( obj count = 1 )
19/05/06 15:10:43 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
19/05/06 15:10:43 DB : new phase1 ( ISAKMP initiator )
19/05/06 15:10:43 DB : exchange type is identity protect
19/05/06 15:10:43 DB : 192.168.1.103:500 <-> REMOTE-IP:500
19/05/06 15:10:43 DB : 64eddbab4da42f80:0000000000000000
19/05/06 15:10:43 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
19/05/06 15:10:43 DB : phase1 added ( obj count = 1 )
19/05/06 15:10:43 >> : security association payload
19/05/06 15:10:43 >> : - proposal #1 payload 
19/05/06 15:10:43 >> : -- transform #1 payload 
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local supports nat-t ( draft v00 )
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local supports nat-t ( draft v01 )
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local supports nat-t ( draft v02 )
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local supports nat-t ( draft v03 )
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local supports nat-t ( rfc )
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local supports FRAGMENTATION
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local supports DPDv1
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local is SHREW SOFT compatible
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local is NETSCREEN compatible
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local is SIDEWINDER compatible
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local is CISCO UNITY compatible
19/05/06 15:10:43 >> : vendor id payload
19/05/06 15:10:43 ii : local is CHECKPOINT compatible
19/05/06 15:10:43 >= : cookies 64eddbab4da42f80:0000000000000000
19/05/06 15:10:43 >= : message 00000000
19/05/06 15:10:43 -> : send IKE packet 192.168.1.103:500 -> REMOTE-IP:500 ( 408 bytes )
19/05/06 15:10:43 DB : phase1 resend event scheduled ( ref count = 2 )
19/05/06 15:10:43 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
19/05/06 15:10:43 <- : recv IKE packet REMOTE-IP:500 -> 192.168.1.105:500 ( 286 bytes )
19/05/06 15:10:43 DB : phase1 found
19/05/06 15:10:43 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
19/05/06 15:10:43 ii : processing informational packet ( 286 bytes )
19/05/06 15:10:43 =< : cookies 64eddbab4da42f80:0000000000000000
19/05/06 15:10:43 =< : message b1b5fd9d
19/05/06 15:10:43 << : notification payload
19/05/06 15:10:43 ii : received peer unknown notification
19/05/06 15:10:43 ii : - REMOTE-IP:500 -> 192.168.1.103:500
19/05/06 15:10:43 ii : - isakmp spi = none
19/05/06 15:10:43 ii : - data size 246
19/05/06 15:10:43 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
19/05/06 15:10:48 -> : resend 1 phase1 packet(s) [0/3] 192.168.1.103:500 -> REMOTE-IP:500
19/05/06 15:10:53 -> : resend 1 phase1 packet(s) [1/3] 192.168.1.103:500 -> REMOTE-IP:500
19/05/06 15:10:58 -> : resend 1 phase1 packet(s) [2/3] 192.168.1.103:500 -> REMOTE-IP:500
19/05/06 15:11:03 -> : resend 1 phase1 packet(s) [3/3] 192.168.1.103:500 -> REMOTE-IP:500
19/05/06 15:11:08 ii : resend limit exceeded for phase1 exchange
19/05/06 15:11:08 ii : phase1 removal before expire time
19/05/06 15:11:08 DB : phase1 deleted ( obj count = 0 )
19/05/06 15:11:08 DB : tunnel ref decrement ( ref count = 1, obj count = 1 )
19/05/06 15:11:08 DB : policy not found
19/05/06 15:11:08 DB : policy not found
19/05/06 15:11:08 DB : removing tunnel config references
19/05/06 15:11:08 DB : removing tunnel phase2 references
19/05/06 15:11:08 DB : removing tunnel phase1 references
19/05/06 15:11:08 DB : tunnel deleted ( obj count = 0 )
19/05/06 15:11:08 DB : peer ref decrement ( ref count = 1, obj count = 1 )
19/05/06 15:11:08 DB : removing all peer tunnel references
19/05/06 15:11:08 DB : peer deleted ( obj count = 0 )
19/05/06 15:11:08 ii : ipc client process thread exit ...

Offline

#2 2019-05-06 14:20:36

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: Shrew Soft VPN client issue

Does it work at the local internet cafe?
Is the corporate network blocking VPNs?


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#3 2019-05-06 18:05:32

LordChaos73
Member
From: .nl
Registered: 2008-11-11
Posts: 183

Re: Shrew Soft VPN client issue

ewaller wrote:

Does it work at the local internet cafe?

It doesn't, it works on my Macbook Pro but I want to move to Linux completely. It seems to work on Ubuntu clients though. Not sure why I can't get it to work on Arch.
I've set the iked logging to "decode" but I have no clue what's happening here.

Is the corporate network blocking VPNs?

No, it is not.

Offline

Board footer

Powered by FluxBB