Я использовал ShrewSoft VPN для доступа к нескольким рабочим компьютерам.

Несколько дней назад пароль был изменен, поэтому я изменил его в настройках учетных данных.

С тех пор я не могу подключиться ни к одному из рабочих компьютеров, но все мои коллеги могут.

Есть 2 сценария:

  • При попытке подключения я получаю это сообщение:

тайм-аут переговоров

Вот журнал обслуживания IKE для этого:

15/03/04 22:12:55 ii : rebuilding vnet device list ...
15/03/04 22:12:55 ii : device ROOT\VNET\0000 disabled
15/03/04 22:12:55 ii : network process thread begin ...
15/03/04 22:12:55 ii : pfkey process thread begin ...
15/03/04 22:12:55 ii : ipc server process thread begin ...
15/03/04 22:13:01 ii : ipc client process thread begin ...
15/03/04 22:13:01 <A : peer config add message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : client config message
15/03/04 22:13:01 <A : local id 'myserver.company.com' message
15/03/04 22:13:01 <A : preshared key message
15/03/04 22:13:01 <A : remote resource message
15/03/04 22:13:01 <A : peer tunnel enable message
15/03/04 22:13:01 DB : peer added ( obj count = 1 )
15/03/04 22:13:01 ii : local address 192.168.0.100 selected for peer
15/03/04 22:13:01 DB : tunnel added ( obj count = 1 )
15/03/04 22:13:01 DB : new phase1 ( ISAKMP initiator )
15/03/04 22:13:01 DB : exchange type is aggressive
15/03/04 22:13:01 DB : 192.168.0.100:500 <-> REMOTEIP:500
15/03/04 22:13:01 DB : e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 DB : phase1 added ( obj count = 1 )
15/03/04 22:13:01 >> : security association payload
15/03/04 22:13:01 >> : - proposal #1 payload 
15/03/04 22:13:01 >> : -- transform #1 payload 
15/03/04 22:13:01 >> : key exchange payload
15/03/04 22:13:01 >> : nonce payload
15/03/04 22:13:01 >> : identification payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v00 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v01 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v02 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v03 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( rfc )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports DPDv1
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SHREW SOFT compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is NETSCREEN compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SIDEWINDER compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is CISCO UNITY compatible
15/03/04 22:13:01 >= : cookies e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 >= : message 00000000
15/03/04 22:13:01 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
15/03/04 22:13:01 DB : phase1 resend event scheduled ( ref count = 2 )
15/03/04 22:13:06 -> : resend 1 phase1 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:11 -> : resend 1 phase1 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:16 -> : resend 1 phase1 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:21 ii : resend limit exceeded for phase1 exchange
15/03/04 22:13:21 ii : phase1 removal before expire time
15/03/04 22:13:21 DB : phase1 deleted ( obj count = 0 )
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : removing tunnel config references
15/03/04 22:13:21 DB : removing tunnel phase2 references
15/03/04 22:13:21 DB : removing tunnel phase1 references
15/03/04 22:13:21 DB : tunnel deleted ( obj count = 0 )
15/03/04 22:13:21 DB : removing all peer tunnel references
15/03/04 22:13:21 DB : peer deleted ( obj count = 0 )
15/03/04 22:13:21 ii : ipc client process thread exit ...
  • Когда иногда говорят, что туннель включен, я не могу связаться ни с одним компьютером.

Вот журнал обслуживания IKE для этого:

 22:16:08 ii : ipc client process thread begin ...
 22:16:08 <A : peer config add message
 22:16:08 <A : proposal config message
 22:16:08 <A : proposal config message
 22:16:08 <A : client config message
 22:16:08 <A : local id 'myserver.company.com' message
 22:16:08 <A : preshared key message
 22:16:08 <A : remote resource message
 22:16:08 <A : peer tunnel enable message
 22:16:08 DB : peer added ( obj count = 1 )
 22:16:08 ii : local address 192.168.0.100 selected for peer
 22:16:08 DB : tunnel added ( obj count = 1 )
 22:16:08 DB : new phase1 ( ISAKMP initiator )
 22:16:08 DB : exchange type is aggressive
 22:16:08 DB : 192.168.0.100:500 <-> REMOTEIP:500
 22:16:08 DB : f232ff98c4937c18:0000000000000000
 22:16:08 DB : phase1 added ( obj count = 1 )
 22:16:08 >> : security association payload
 22:16:08 >> : - proposal #1 payload 
 22:16:08 >> : -- transform #1 payload 
 22:16:08 >> : key exchange payload
 22:16:08 >> : nonce payload
 22:16:08 >> : identification payload
 22:16:08 >> : vendor id payload
 22:16:08 ii : local supports nat-t ( draft v00 )
 22:16:08 >> : vendor id payload
 22:16:08 ii : local supports nat-t ( draft v01 )
 22:16:08 >> : vendor id payload
 22:16:08 ii : local supports nat-t ( draft v02 )
 22:16:08 >> : vendor id payload
 22:16:08 ii : local supports nat-t ( draft v03 )
 22:16:08 >> : vendor id payload
 22:16:08 ii : local supports nat-t ( rfc )
 22:16:08 >> : vendor id payload
 22:16:08 >> : vendor id payload
 22:16:08 ii : local supports DPDv1
 22:16:08 >> : vendor id payload
 22:16:08 ii : local is SHREW SOFT compatible
 22:16:08 >> : vendor id payload
 22:16:08 ii : local is NETSCREEN compatible
 22:16:08 >> : vendor id payload
 22:16:08 ii : local is SIDEWINDER compatible
 22:16:08 >> : vendor id payload
 22:16:08 ii : local is CISCO UNITY compatible
 22:16:08 >= : cookies f232ff98c4937c18:0000000000000000
 22:16:08 >= : message 00000000
 22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
 22:16:08 DB : phase1 resend event scheduled ( ref count = 2 )
 22:16:08 <- : recv IKE packet REMOTEIP:500 -> 192.168.0.100:500 ( 276 bytes )
 22:16:08 DB : phase1 found
 22:16:08 ii : processing phase1 packet ( 276 bytes )
 22:16:08 =< : cookies f232ff98c4937c18:c65052785432b59d
 22:16:08 =< : message 00000000
 22:16:08 << : security association payload
 22:16:08 << : - propsal #1 payload 
 22:16:08 << : -- transform #1 payload 
 22:16:08 ii : matched isakmp proposal #1 transform #1
 22:16:08 ii : - transform    = ike
 22:16:08 ii : - cipher type  = aes
 22:16:08 ii : - key length   = 256 bits
 22:16:08 ii : - hash type    = sha1
 22:16:08 ii : - dh group     = group2 ( modp-1024 )
 22:16:08 ii : - auth type    = psk
 22:16:08 ii : - life seconds = 28800
 22:16:08 ii : - life kbytes  = 0
 22:16:08 << : key exchange payload
 22:16:08 << : nonce payload
 22:16:08 << : identification payload
 22:16:08 ii : phase1 id match ( natt prevents ip match )
 22:16:08 ii : received = ipv4-host REMOTEIP
 22:16:08 << : hash payload
 22:16:08 ii : nat-t is unsupported by remote peer
 22:16:08 == : DH shared secret ( 128 bytes )
 22:16:08 == : SETKEYID ( 20 bytes )
 22:16:08 == : SETKEYID_d ( 20 bytes )
 22:16:08 == : SETKEYID_a ( 20 bytes )
 22:16:08 == : SETKEYID_e ( 20 bytes )
 22:16:08 == : cipher key ( 32 bytes )
 22:16:08 == : cipher iv ( 16 bytes )
 22:16:08 == : phase1 hash_i ( computed ) ( 20 bytes )
 22:16:08 >> : hash payload
 22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
 22:16:08 >= : message 00000000
 22:16:08 >= : encrypt iv ( 16 bytes )
 22:16:08 == : encrypt packet ( 52 bytes )
 22:16:08 == : stored iv ( 16 bytes )
 22:16:08 DB : phase1 resend event canceled ( ref count = 1 )
 22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 88 bytes )
 22:16:08 == : phase1 hash_r ( computed ) ( 20 bytes )
 22:16:08 == : phase1 hash_r ( received ) ( 20 bytes )
 22:16:08 ii : phase1 sa established
 22:16:08 ii : REMOTEIP:500 <-> 192.168.0.100:500
 22:16:08 ii : f232ff98c4937c18:c65052785432b59d
 22:16:08 ii : sending peer INITIAL-CONTACT notification
 22:16:08 ii : - 192.168.0.100:500 -> REMOTEIP:500
 22:16:08 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
 22:16:08 ii : - data size 0
 22:16:08 >> : hash payload
 22:16:08 >> : notification payload
 22:16:08 == : new informational hash ( 20 bytes )
 22:16:08 == : new informational iv ( 16 bytes )
 22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
 22:16:08 >= : message 5c5ce9fa
 22:16:08 >= : encrypt iv ( 16 bytes )
 22:16:08 == : encrypt packet ( 80 bytes )
 22:16:08 == : stored iv ( 16 bytes )
 22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
 22:16:08 DB : config added ( obj count = 1 )
 22:16:08 ii : configuration method is manual
 22:16:08 DB : phase2 not found
 22:16:08 ii : enabled adapter ROOT\VNET\0000 
 22:16:08 ii : adapter ROOT\VNET\0000 unavailable, retrying ...
 22:16:09 ii : apapter ROOT\VNET\0000 MTU is 1380
 22:16:09 ii : generating IPSEC security policies at UNIQUE level
 22:16:09 ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
 22:16:09 DB : policy added ( obj count = 1 )
 22:16:09 K> : send pfkey X_SPDADD UNSPEC message
 22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
 22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
 22:16:09 DB : policy found
 22:16:09 ii : created NONE policy route for REMOTEIP/32
 22:16:09 DB : policy added ( obj count = 2 )
 22:16:09 K> : send pfkey X_SPDADD UNSPEC message
 22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
 22:16:09 DB : policy found
 22:16:09 ii : creating NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
 22:16:09 DB : policy added ( obj count = 3 )
 22:16:09 K> : send pfkey X_SPDADD UNSPEC message
 22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
 22:16:09 DB : policy added ( obj count = 4 )
 22:16:09 K> : send pfkey X_SPDADD UNSPEC message
 22:16:09 ii : creating IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
 22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
 22:16:09 DB : policy added ( obj count = 5 )
 22:16:09 DB : policy found
 22:16:09 K> : send pfkey X_SPDADD UNSPEC message
 22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
 22:16:09 DB : policy found
 22:16:09 ii : creating IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
 22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
 22:16:09 DB : policy found
 22:16:09 ii : created IPSEC policy route for VPN_LOCAL_IP/24
 22:16:09 DB : policy added ( obj count = 6 )
 22:16:09 K> : send pfkey X_SPDADD UNSPEC message
 22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
 22:16:09 DB : policy found
 22:16:09 ii : split DNS is disabled
 22:16:12 K< : recv pfkey ACQUIRE UNSPEC message
 22:16:12 DB : policy found
 22:16:12 DB : policy found
 22:16:12 DB : tunnel found
 22:16:12 DB : new phase2 ( IPSEC initiator )
 22:16:12 DB : phase2 added ( obj count = 1 )
 22:16:12 K> : send pfkey GETSPI ESP message
 22:16:12 K< : recv pfkey GETSPI ESP message
 22:16:12 DB : phase2 found
 22:16:12 ii : updated spi for 1 ipsec-esp proposal
 22:16:12 DB : phase1 found
 22:16:12 >> : hash payload
 22:16:12 >> : security association payload
 22:16:12 >> : - proposal #1 payload 
 22:16:12 >> : -- transform #1 payload 
 22:16:12 >> : nonce payload
 22:16:12 >> : key exchange payload
 22:16:12 >> : identification payload
 22:16:12 >> : identification payload
 22:16:12 == : phase2 hash_i ( input ) ( 248 bytes )
 22:16:12 == : phase2 hash_i ( computed ) ( 20 bytes )
 22:16:12 == : new phase2 iv ( 16 bytes )
 22:16:12 >= : cookies f232ff98c4937c18:c65052785432b59d
 22:16:12 >= : message 4a2d1878
 22:16:12 >= : encrypt iv ( 16 bytes )
 22:16:12 == : encrypt packet ( 296 bytes )
 22:16:12 == : stored iv ( 16 bytes )
 22:16:12 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
 22:16:12 DB : phase2 resend event scheduled ( ref count = 2 )
 22:16:17 -> : resend 1 phase2 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
 22:16:22 -> : resend 1 phase2 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
 22:16:27 -> : resend 1 phase2 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
 22:16:30 K< : recv pfkey ACQUIRE UNSPEC message
 22:16:30 DB : policy found
 22:16:30 DB : policy found
 22:16:30 DB : tunnel found
 22:16:30 DB : new phase2 ( IPSEC initiator )
 22:16:30 DB : phase2 added ( obj count = 2 )
 22:16:30 K> : send pfkey GETSPI ESP message
 22:16:30 K< : recv pfkey GETSPI ESP message
 22:16:30 DB : phase2 found
 22:16:30 ii : updated spi for 1 ipsec-esp proposal
 22:16:30 DB : phase1 found
 22:16:30 >> : hash payload
 22:16:30 >> : security association payload
 22:16:30 >> : - proposal #1 payload 
 22:16:30 >> : -- transform #1 payload 
 22:16:30 >> : nonce payload
 22:16:30 >> : key exchange payload
 22:16:30 >> : identification payload
 22:16:30 >> : identification payload
 22:16:30 == : phase2 hash_i ( input ) ( 248 bytes )
 22:16:30 == : phase2 hash_i ( computed ) ( 20 bytes )
 22:16:30 == : new phase2 iv ( 16 bytes )
 22:16:30 >= : cookies f232ff98c4937c18:c65052785432b59d
 22:16:30 >= : message b4687a6c
 22:16:30 >= : encrypt iv ( 16 bytes )
 22:16:30 == : encrypt packet ( 296 bytes )
 22:16:30 == : stored iv ( 16 bytes )
 22:16:30 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
 22:16:30 DB : phase2 resend event scheduled ( ref count = 2 )
 22:16:32 <A : peer tunnel disable message
 22:16:32 DB : policy found
 22:16:32 ii : removing IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
 22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 DB : policy found
 22:16:32 ii : removing IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
 22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 ii : removed IPSEC policy route for ANY:VPN_LOCAL_IP/24:*
 22:16:32 DB : policy found
 22:16:32 ii : removing NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
 22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 DB : policy found
 22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
 22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 DB : policy found
 22:16:32 ii : removing NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
 22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 DB : policy found
 22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
 22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 ii : removed NONE policy route for ANY:REMOTEIP:*
 22:16:32 DB : policy found
 22:16:32 DB : policy deleted ( obj count = 5 )
 22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 DB : policy found
 22:16:32 DB : policy deleted ( obj count = 4 )
 22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 DB : policy found
 22:16:32 DB : policy deleted ( obj count = 3 )
 22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 DB : policy found
 22:16:32 DB : policy deleted ( obj count = 2 )
 22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 DB : policy found
 22:16:32 DB : policy deleted ( obj count = 1 )
 22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
 22:16:32 DB : policy found
 22:16:32 DB : policy deleted ( obj count = 0 )
 22:16:32 ii : disable adapter ROOT\VNET\0000
 22:16:32 DB : tunnel stats event canceled ( ref count = 5 )
 22:16:32 DB : removing tunnel config references
 22:16:32 DB : config deleted ( obj count = 0 )
 22:16:32 DB : removing tunnel phase2 references
 22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
 22:16:32 ii : phase2 removal before expire time
 22:16:32 DB : phase2 deleted ( obj count = 1 )
 22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
 22:16:32 ii : phase2 removal before expire time
 22:16:32 DB : phase2 deleted ( obj count = 0 )
 22:16:32 DB : removing tunnel phase1 references
 22:16:32 DB : phase1 soft event canceled ( ref count = 3 )
 22:16:32 DB : phase1 hard event canceled ( ref count = 2 )
 22:16:32 DB : phase1 dead event canceled ( ref count = 1 )
 22:16:32 ii : sending peer DELETE message
 22:16:32 ii : - 192.168.0.100:500 -> REMOTEIP:500
 22:16:32 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
 22:16:32 ii : - data size 0
 22:16:32 >> : hash payload
 22:16:32 >> : delete payload
 22:16:32 == : new informational hash ( 20 bytes )
 22:16:32 == : new informational iv ( 16 bytes )
 22:16:32 >= : cookies f232ff98c4937c18:c65052785432b59d
 22:16:32 >= : message 66fddf83
 22:16:32 >= : encrypt iv ( 16 bytes )
 22:16:32 == : encrypt packet ( 80 bytes )
 22:16:32 == : stored iv ( 16 bytes )
 22:16:32 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
 22:16:32 ii : phase1 removal before expire time
 22:16:32 DB : phase1 deleted ( obj count = 0 )
 22:16:32 DB : tunnel deleted ( obj count = 0 )
 22:16:32 DB : removing all peer tunnel references
 22:16:32 DB : peer deleted ( obj count = 0 )
 22:16:32 ii : ipc client process thread exit ...

Вот что я вижу:

ОБНОВИТЬ:

Это журнал рабочего соединения:

ii : rebuilding vnet device list ...
ii : device ROOT\VNET\0000 disabled
ii : pfkey process thread begin ...
ii : ipc server process thread begin ...
ii : network process thread begin ...
ii : ipc client process thread begin ...
<A : peer config add message
<A : proposal config message
<A : proposal config message
<A : client config message
<A : local id 'myserver.company.com' message
<A : preshared key message
<A : remote resource message
<A : peer tunnel enable message
DB : peer added ( obj count = 1 )
ii : local address LOCALIP selected for peer
DB : tunnel added ( obj count = 1 )
DB : new phase1 ( ISAKMP initiator )
DB : exchange type is aggressive
DB : LOCALIP:500 <-> REMOTEIP:500
DB : 3cbc1e92c5a533c2:0000000000000000
DB : phase1 added ( obj count = 1 )
>> : security association payload
>> : - proposal #1 payload 
>> : -- transform #1 payload 
>> : key exchange payload
>> : nonce payload
>> : identification payload
>> : vendor id payload
ii : local supports nat-t ( draft v00 )
>> : vendor id payload
ii : local supports nat-t ( draft v01 )
>> : vendor id payload
ii : local supports nat-t ( draft v02 )
>> : vendor id payload
ii : local supports nat-t ( draft v03 )
>> : vendor id payload
ii : local supports nat-t ( rfc )
>> : vendor id payload
>> : vendor id payload
ii : local supports DPDv1
>> : vendor id payload
ii : local is SHREW SOFT compatible
>> : vendor id payload
ii : local is NETSCREEN compatible
>> : vendor id payload
ii : local is SIDEWINDER compatible
>> : vendor id payload
ii : local is CISCO UNITY compatible
>= : cookies 3cbc1e92c5a533c2:0000000000000000
>= : message 00000000
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 520 bytes )
DB : phase1 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 276 bytes )
DB : phase1 found
ii : processing phase1 packet ( 276 bytes )
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 00000000
<< : security association payload
<< : - propsal #1 payload 
<< : -- transform #1 payload 
ii : matched isakmp proposal #1 transform #1
ii : - transform    = ike
ii : - cipher type  = aes
ii : - key length   = 256 bits
ii : - hash type    = sha1
ii : - dh group     = group2 ( modp-1024 )
ii : - auth type    = psk
ii : - life seconds = 28800
ii : - life kbytes  = 0
<< : key exchange payload
<< : nonce payload
<< : identification payload
ii : phase1 id match ( natt prevents ip match )
ii : received = ipv4-host REMOTEIP
<< : hash payload
ii : nat-t is unsupported by remote peer
== : DH shared secret ( 128 bytes )
== : SETKEYID ( 20 bytes )
== : SETKEYID_d ( 20 bytes )
== : SETKEYID_a ( 20 bytes )
== : SETKEYID_e ( 20 bytes )
== : cipher key ( 32 bytes )
== : cipher iv ( 16 bytes )
== : phase1 hash_i ( computed ) ( 20 bytes )
>> : hash payload
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 00000000
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase1 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : phase1 hash_r ( computed ) ( 20 bytes )
== : phase1 hash_r ( received ) ( 20 bytes )
ii : phase1 sa established
ii : REMOTEIP:500 <-> LOCALIP:500
ii : 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : sending peer INITIAL-CONTACT notification
ii : - LOCALIP:500 -> REMOTEIP:500
ii : - isakmp spi = 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : - data size 0
>> : hash payload
>> : notification payload
== : new informational hash ( 20 bytes )
== : new informational iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 7061fc09
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 80 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 120 bytes )
DB : config added ( obj count = 1 )
ii : configuration method is manual
DB : phase2 not found
ii : enabled adapter ROOT\VNET\0000 
ii : adapter ROOT\VNET\0000 unavailable, retrying ...
ii : apapter ROOT\VNET\0000 MTU is 1380
ii : generating IPSEC security policies at UNIQUE level
ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:LOCALIP:*
DB : policy added ( obj count = 1 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating NONE OUTBOUND policy ANY:LOCALIP:* -> ANY:REMOTEIP:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created NONE policy route for REMOTEIP/32
DB : policy added ( obj count = 2 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : creating IPSEC INBOUND policy ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
DB : policy added ( obj count = 3 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating IPSEC OUTBOUND policy ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created IPSEC policy route for VPN_IP/24
DB : policy added ( obj count = 4 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : split DNS is disabled
K< : recv pfkey ACQUIRE UNSPEC message
DB : policy found
DB : policy found
DB : tunnel found
DB : new phase2 ( IPSEC initiator )
DB : phase2 added ( obj count = 1 )
K> : send pfkey GETSPI ESP message
K< : recv pfkey GETSPI ESP message
DB : phase2 found
ii : updated spi for 1 ipsec-esp proposal
DB : phase1 found
>> : hash payload
>> : security association payload
>> : - proposal #1 payload 
>> : -- transform #1 payload 
>> : nonce payload
>> : key exchange payload
>> : identification payload
>> : identification payload
== : phase2 hash_i ( input ) ( 248 bytes )
== : phase2 hash_i ( computed ) ( 20 bytes )
== : new phase2 iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 296 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 328 bytes )
DB : phase2 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 300 bytes )
DB : phase1 found
ii : processing phase2 packet ( 300 bytes )
DB : phase2 found
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 907d2142
=< : decrypt iv ( 16 bytes )
== : decrypt packet ( 300 bytes )
<= : trimmed packet padding ( 8 bytes )
<= : stored iv ( 16 bytes )
<< : hash payload
<< : security association payload
<< : - propsal #1 payload 
<< : -- transform #1 payload 
<< : nonce payload
<< : key exchange payload
<< : identification payload
<< : identification payload
== : phase2 hash_r ( input ) ( 264 bytes )
== : phase2 hash_r ( computed ) ( 20 bytes )
== : phase2 hash_r ( received ) ( 20 bytes )
ii : matched ipsec-esp proposal #1 transform #1
ii : - transform    = esp-aes
ii : - key length   = 256 bits
ii : - encap mode   = tunnel
ii : - msg auth     = hmac-sha1
ii : - pfs dh group = group2 ( modp-1024 )
ii : - life seconds = 3600
ii : - life kbytes  = 0
DB : policy found
K> : send pfkey GETSPI ESP message
ii : phase2 ids accepted
ii : - loc ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
ii : - rmt ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
ii : phase2 sa established
ii : LOCALIP:500 <-> REMOTEIP:500
== : phase2 hash_p ( input ) ( 41 bytes )
== : phase2 hash_p ( computed ) ( 20 bytes )
>> : hash payload
K< : recv pfkey GETSPI ESP message
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
DB : phase2 found
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase2 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : PFS DH shared secret ( 128 bytes )
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message

Я уже переустановил программное обеспечение. Что пошло не так? Что я должен делать?

3 ответа3

0

Я установил опцию совместимости .exe с Windows 7, и Шрю теперь отлично работает.

0

У меня была такая же проблема с ShrewSoft VPN на Windows 8.1 x64. Это не было соединением - это было только достижение:


локальный идентификатор настроен

удаленный идентификатор настроен

настроен предварительный общий ключ

поднимая туннель ...


и это все. Через некоторое время он отключился на время ожидания.

То, что я сделал, было:

папка appdata, скрытая папка programdata

  • реестр - откройте regedit.exe и найдите строку "shrew" и удалите все, что найдете. Самое главное запись о виртуальном адаптере ShrewSoft

  • перейдите в папку c:windows\system32\drivers и удалите "virtualnet.sys" и "vfilter.sys"

  • перезагружать

  • установите ShrewSoft снова

  • перезагружать

  • наконец загрузитесь, запустите ShrewSoft, импортируйте ваш pcf и все готово - наконец-то работает!

-1

Все, что вам нужно сделать, это открыть REGEDIT. Перейдите на страницу HKEY_LOCAL_MACHINE/ ПРОГРАММНОЕ ОБЕСПЕЧЕНИЕ / SHREWSOFT / VPN. и удалите все записи. Некоторые записи не будут удалены, но не волнуйтесь. Затем откройте установщик приложения SHREWSOFT. Не меняйте место установки. Он не сможет найти определенные значения (значения, которые мы удалили) во время установки. Если ошибка POPS, игнорировать ее. После установки. Запустите VPN КЛИЕНТ, Импорт.Файл PCF и вуаля. Это будет работать.

Всё ещё ищете ответ? Посмотрите другие вопросы с метками .