Discussion:
ShrewSoft VPN Client / "negotiation timout occurred"
(too old to reply)
Fabian Schroeter
2013-05-17 12:08:26 UTC
Permalink
Hi,

when trying to connect to my AVM Fritz!Box 7390 (firmware up-to-date) with
ShrewSoft VPN Client, I get the following message:

config loaded for site 'FRITZ!Box-VPN'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
ipcomp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
negotiation timout occurred
tunnel disabled
detached from key daemon

I configured the VPN-profile according to the instructions on that page:
http://www.avm.de/de/Service/Service-Portale/Service-Portal/VPN_Interoperabi
litaet/15729.php.
Nevertheless, it does not work. I get VPN-access (IPSEC) without any
problems via two iPhones I configured recently so I suppose the Box is not
the problem.

Of course I googled the problem and also searched the Shrew-database but did
not find anything which helped. In the system configuration, I found another
VPN-adapter installed by TeamViewer which I deactivated for testing but with
no change.

So maybe anyone out there might help me or at least tell me at which point
the problem occurs as I am novice at VPN. For that I attached my debug
report as well as my system information.

Any help is highly appreciated!

Thanks
Fabian

--
VPN Client Version = 2.2.0
Windows OS Version = Windows Vista Home Premium SP2
Gateway Make/Model = AVM FRITZ!Box 7390
Gateway OS Version = FRITZ!OS 5.50 (84.05.50)

--
Debug report:

13/05/17 13:03:22 ## : IKE Daemon, ver 2.2.0
13/05/17 13:03:22 ## : Copyright 2013 Shrew Soft Inc.
13/05/17 13:03:22 ## : This product linked OpenSSL 1.0.1c 10 May 2012
13/05/17 13:03:22 ii : opened 'C:\Program
Files\ShrewVPNClient\debug\iked.log'
13/05/17 13:03:22 ii : rebuilding vnet device list ...
13/05/17 13:03:22 ii : device ROOT\VNET\0000 disabled
13/05/17 13:03:22 ii : network process thread begin ...
13/05/17 13:03:22 ii : pfkey process thread begin ...
13/05/17 13:03:22 ii : ipc server process thread begin ...
13/05/17 13:03:38 ii : ipc client process thread begin ...
13/05/17 13:03:38 <A : peer config add message
13/05/17 13:03:38 <A : proposal config message
13/05/17 13:03:38 <A : proposal config message
13/05/17 13:03:38 <A : proposal config message
13/05/17 13:03:38 <A : client config message
13/05/17 13:03:38 <A : local id 'XXX at XXX.XX' message
13/05/17 13:03:38 <A : preshared key message
13/05/17 13:03:38 <A : remote resource message
13/05/17 13:03:38 <A : peer tunnel enable message
13/05/17 13:03:38 DB : peer added ( obj count = 1 )
13/05/17 13:03:38 ii : local address 192.168.0.23 selected for peer
13/05/17 13:03:38 DB : tunnel added ( obj count = 1 )
13/05/17 13:03:38 DB : new phase1 ( ISAKMP initiator )
13/05/17 13:03:38 DB : exchange type is aggressive
13/05/17 13:03:38 DB : 192.168.0.23:500 <-> XX.XXX.XX.XXX:500
13/05/17 13:03:38 DB : a89a19dff2be5329:0000000000000000
13/05/17 13:03:38 DB : phase1 added ( obj count = 1 )
13/05/17 13:03:38 >> : security association payload
13/05/17 13:03:38 >> : - proposal #1 payload
13/05/17 13:03:38 >> : -- transform #1 payload
13/05/17 13:03:38 >> : key exchange payload
13/05/17 13:03:38 >> : nonce payload
13/05/17 13:03:38 >> : identification payload
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local supports nat-t ( draft v00 )
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local supports nat-t ( draft v01 )
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local supports nat-t ( draft v02 )
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local supports nat-t ( draft v03 )
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local supports nat-t ( rfc )
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local supports FRAGMENTATION
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local supports DPDv1
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local is SHREW SOFT compatible
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local is NETSCREEN compatible
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local is SIDEWINDER compatible
13/05/17 13:03:38 >> : vendor id payload
13/05/17 13:03:38 ii : local is CISCO UNITY compatible
13/05/17 13:03:38 >= : cookies a89a19dff2be5329:0000000000000000
13/05/17 13:03:38 >= : message 00000000
13/05/17 13:03:38 -> : send IKE packet 192.168.0.23:500 -> XX.XXX.XX.XXX:500
( 562 bytes )
13/05/17 13:03:38 DB : phase1 resend event scheduled ( ref count = 2 )
13/05/17 13:03:43 -> : resend 1 phase1 packet(s) [0/2] 192.168.0.23:500 ->
XX.XXX.XX.XXX:500
13/05/17 13:03:48 -> : resend 1 phase1 packet(s) [1/2] 192.168.0.23:500 ->
XX.XXX.XX.XXX:500
13/05/17 13:03:53 -> : resend 1 phase1 packet(s) [2/2] 192.168.0.23:500 ->
XX.XXX.XX.XXX:500
13/05/17 13:03:58 ii : resend limit exceeded for phase1 exchange
13/05/17 13:03:58 ii : phase1 removal before expire time
13/05/17 13:03:58 DB : phase1 deleted ( obj count = 0 )
13/05/17 13:03:58 DB : policy not found
13/05/17 13:03:58 DB : policy not found
13/05/17 13:03:58 DB : policy not found
13/05/17 13:03:58 DB : policy not found
13/05/17 13:03:58 DB : policy not found
13/05/17 13:03:58 DB : policy not found
13/05/17 13:03:58 DB : removing tunnel config references
13/05/17 13:03:58 DB : removing tunnel phase2 references
13/05/17 13:03:58 DB : removing tunnel phase1 references
13/05/17 13:03:58 DB : tunnel deleted ( obj count = 0 )
13/05/17 13:03:58 DB : removing all peer tunnel references
13/05/17 13:03:58 DB : peer deleted ( obj count = 0 )
13/05/17 13:03:58 ii : ipc client process thread exit ...
13/05/17 13:04:07 ii : hard halt signal received, shutting down
13/05/17 13:04:07 ii : network process thread exit ...
13/05/17 13:04:07 ii : pfkey process thread exit ...
13/05/17 13:04:07 ii : ipc server process thread exit ...
Kevin VPN
2013-07-03 02:09:18 UTC
Permalink
Post by Fabian Schroeter
Hi,
when trying to connect to my AVM Fritz!Box 7390 (firmware up-to-date) with
<snip>
Post by Fabian Schroeter
So maybe anyone out there might help me or at least tell me at which point
the problem occurs as I am novice at VPN. For that I attached my debug
report as well as my system information.
<snip>
Post by Fabian Schroeter
13/05/17 13:03:38 <A : client config message
13/05/17 13:03:38 <A : local id 'XXX at XXX.XX' message
13/05/17 13:03:38 <A : preshared key message
<snip>
Post by Fabian Schroeter
13/05/17 13:03:38 -> : send IKE packet 192.168.0.23:500 -> XX.XXX.XX.XXX:500
( 562 bytes )
13/05/17 13:03:38 DB : phase1 resend event scheduled ( ref count = 2 )
13/05/17 13:03:43 -> : resend 1 phase1 packet(s) [0/2] 192.168.0.23:500 ->
XX.XXX.XX.XXX:500
13/05/17 13:03:48 -> : resend 1 phase1 packet(s) [1/2] 192.168.0.23:500 ->
XX.XXX.XX.XXX:500
13/05/17 13:03:53 -> : resend 1 phase1 packet(s) [2/2] 192.168.0.23:500 ->
XX.XXX.XX.XXX:500
13/05/17 13:03:58 ii : resend limit exceeded for phase1 exchange
Hi Fabian,

I know this message is a bit old, but in case you're still having the
problem...

The issue is that the gateway is not responding to Shrew's request to
connect. My guess is that you've got the settings wrong on the
Authentication/Local Identity tab in the Shrew config.

The gateway is seeing a request come in from an identity it does not
know and is dropping the request.

Continue reading on narkive:
Loading...