David Woodhouse <dwmw2 <at> infradead.org> writes: > With -v -v do you see traffic in either direction? Is vpnc-script-win > actually doing the right thing? > > > Is there a way how to get debug output or I need to touch esp.c? > > I ripped out all that debugging when I declared the sequence number > checking to be working. You'll have to add it back. > with -v -v I see a bit more but it doesn't shows any traffic over the tunnel: .... Got HTTP response: HTTP/1.1 200 OK Content-type: application/octet-stream Pragma: no-cache NCP-Version: 3 Set-Cookie: DSLastAccess=1428064535; path=/; Secure Connection: close 0000: 16 00 00 04 00 00 00 09 00 6c 6f 63 61 6c 68 6f 0010: 73 74 bb 01 00 00 00 00 Read 3 bytes of SSL record Read 657 bytes of SSL record Got KMP message 301 of size 635 Unknown TLV group 3 attr 1 len 1: 00 Unknown TLV group 3 attr 2 len 1: 00 Received split include route 172.16.0.0/255.255.0.0 Received split include route 172.17.0.0/255.255.0.0 Received MTU 1400 from server Received DNS server 172.16.10.14 Unknown TLV group 2 attr 3 len 4: 01 00 00 00 ESP compression: 0 ESP encryption: 0x02 (AES-128) ESP HMAC: 0x02 (SHA1) ESP key lifetime: 1200 seconds ESP key lifetime: 0 bytes ESP replay protection: 1 Unknown TLV group 8 attr 11 len 4: 00 00 00 00 ESP port: 4500 ESP to SSL fallback: 15 seconds Unknown TLV group 8 attr 8 len 4: 00 00 00 3c Received internal IP address 192.168.169.11 Received netmask 255.255.255.255 Received internal gateway address 10.200.200.200 ESP SPI (outbound): ff2028bb 64 bytes of ESP secrets 0000: 8e 00 00 00 00 00 00 00 01 2f 01 00 00 00 01 00 0010: 00 00 00 00 00 10 00 06 00 00 00 0a 00 02 00 00 0020: 00 04 00 00 05 78 00 00 00 00 00 00 01 2e 01 00 0030: 00 00 01 00 00 00 00 00 00 56 00 07 00 00 00 50 0040: 00 01 00 00 00 04 81 a6 34 df 00 02 00 00 00 40 0050: ae 16 29 9f 54 bd 94 76 15 59 fd 97 bb 93 7f e5 0060: be 63 b2 4a 46 4b ff d4 75 48 22 87 a8 2d 1d ee 0070: e0 cc 49 2d 86 f6 80 5c 85 91 0c c7 13 af d1 1d 0080: 42 84 55 0c f9 79 45 13 e2 ec 89 b1 26 a3 25 9f Microsoft (R) Windows Script Host Version 5.7 Copyright (C) Microsoft Corporation. All rights reserved. Opened tun device Local Area Connection 3 TAP-Windows driver v9.9 (0) Microsoft (R) Windows Script Host Version 5.7 Copyright (C) Microsoft Corporation. All rights reserved. VPN Gateway: <IPremoved> Internal Address: 192.168.169.11 Internal Netmask: 255.255.255.255 Internal Gateway: 192.168.169.12 Interface: "Local Area Connection 3" MTU: 1400 Configuring "Local Area Connection 3" interface for Legacy IP... done. Configuring Legacy IP networks: Waiting for interface to come up... Failed to spawn script 'F:\a\a\vpnc-script-win.js' for connect: The operation completed successfully. Parameters for incoming ESP: SPI 0x225ed42f ESP encryption type AES-128-CBC (RFC3602) key 0x83aba720957bd2a10b4577cf91a0f533 ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0x075622223fb68b083f521ab8c 56af1660ad7cf1d Parameters for outgoing ESP: SPI 0x06eec4f4 ESP encryption type AES-128-CBC (RFC3602) key 0xda0b49074ddc03d81b1ab9a13f727137 ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0x682db8d3221c3a49413f0a0a3218060f28906df9 Send ESP probes Connected Local Area Connection 3 as 192.168.169.11, using SSL No work to do; sleeping for 60000 ms... Received ESP packet of 52 bytes Accepting later-than-expected ESP packet with seq 1 (expected 0) ESP session established with server Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 1 Received ESP packet of 52 bytes Accepting expected ESP packet with seq 2 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 2 Packet outgoing: 0000: 21 00 00 00 00 00 00 00 01 2f 01 00 00 00 01 00 0010: 00 00 00 00 00 0d 00 06 00 00 00 07 00 01 00 00 0020: 00 01 01 Sent ESP enable control packet No work to do; sleeping for 15000 ms... No work to do; sleeping for 15000 ms... Route configuration done. Send ESP probes for DPD No work to do; sleeping for 7000 ms... Received ESP packet of 52 bytes Accepting expected ESP packet with seq 3 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 3 Received ESP packet of 52 bytes Accepting expected ESP packet with seq 4 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 4 No work to do; sleeping for 15000 ms... No work to do; sleeping for 15000 ms... Send ESP probes for DPD No work to do; sleeping for 7000 ms... Received ESP packet of 52 bytes Accepting expected ESP packet with seq 5 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 5 Received ESP packet of 52 bytes Accepting expected ESP packet with seq 6 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 6 No work to do; sleeping for 15000 ms... No work to do; sleeping for 15000 ms... Send ESP probes for DPD No work to do; sleeping for 7000 ms... Received ESP packet of 52 bytes Accepting expected ESP packet with seq 7 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 7 Received ESP packet of 52 bytes Accepting expected ESP packet with seq 8 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 8 No work to do; sleeping for 15000 ms... No work to do; sleeping for 15000 ms... Send ESP probes for DPD No work to do; sleeping for 7000 ms... Received ESP packet of 52 bytes Accepting expected ESP packet with seq 9 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 9 Received ESP packet of 52 bytes Accepting expected ESP packet with seq 10 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 10 No work to do; sleeping for 15000 ms... No work to do; sleeping for 15000 ms... Send ESP probes for DPD No work to do; sleeping for 7000 ms... Received ESP packet of 52 bytes Accepting expected ESP packet with seq 11 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 11 No work to do; sleeping for 15000 ms... Received ESP packet of 52 bytes Accepting expected ESP packet with seq 12 Received ESP packet of 52 bytes Discarding replayed ESP packet with seq 12 No work to do; sleeping for 15000 ms... No work to do; sleeping for 15000 ms... ^C ..... (while I run ping) vpnc-script-win.js script seems to works ok. I got right IP, got routes/DNS, only difference is netmask while on linux has /32 while on windows /24 but I guess is because of windows... O.