On 08/27/2013 12:39 PM, hp hpf wrote:
in the meantime I think, it's a bug in the shrew software: the client in
some (unforeseeable) cases isn't able to bring up the tunnel.
I've spend this afternoon with trying different IPsec-configurations. Result
- ipsec-tools with daemon racoon works fine
- openswan with pluto daemon works fine
- shrew client qikea with shrew daemon iked hangs during tunnel bringup
multiple switching between these 3 configurations always yields the above
result.
But : after booting the laptop all three configurations work fine, the
shrew-problem disappeared!!!
The iked-log-file indicates a timeout when the problem occurs
13/08/27 17:54:01 -> : send IKE packet 192.168.179.20:500 ->
178.X.XX.XX:500 ( 540 bytes )
13/08/27 17:54:01 DB : phase1 resend event scheduled ( ref count = 2 )
13/08/27 17:54:11 -> : resend 1 phase1 packet(s) [0/2] 192.168.179.20:500->
178.2.28.85:500
13/08/27 17:54:21 -> : resend 1 phase1 packet(s) [1/2] 192.168.179.20:500->
178.2.28.85:500
13/08/27 17:54:31 -> : resend 1 phase1 packet(s) [2/2] 192.168.179.20:500->
178.2.28.85:500
13/08/27 17:54:42 ii : resend limit exceeded for phase1 exchange
13/08/27 17:54:42 ii : phase1 removal before expire time
13/08/27 17:54:42 DB : phase1 deleted ( obj count = 0 )
But the peer side is obviously ok since it cooperates with racoon/openswan
Does anybody know how to file a bug report in this case? I've found a
description an the shre-homepage for collecting symptoms ut no link to send
it.
Hi Hans-Peter,
Is the any chance that the racoon daemon is listing on port 500 and is
intercepting the return packets destined for Shrew? Can you run a
packet sniffer (like wireshark or tcpdump) to see if there are return
packets arriving at your machine?
Another thing you can do with the packet sniffer is compare the
ipsec-tools packets to the shrew packets to see if there's some obvious
difference between them.
When you've collected the symptoms and anonymized the logs, post them to
the mailing list so we can look at it.
_______________________________________________
vpn-help mailing list
[email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
