TauVPN and IP Cop 1.4.9

  • Charles Roy

    Charles Roy - 2005-11-02

    I have been going nuts trying to get TauVPN to work with IP Cop 1.4.9

    I have setup the parameters to connect to the IP Cop box.  And the connection is setup on IP Cop.

    On the Windows XP sp2 machine I get the following log message when I try to connect. 

    11-02: 17:16:36:185:c00 Initialization OK
    11-02: 17:17:16:784:c00 isadb_schedule_kill_oldPolicy_sas: 9ff6570a-5b8a-4832-afda1dd195bc7916 4
    11-02: 17:17:16:784:c00 isadb_schedule_kill_oldPolicy_sas: f9b41c1a-abdd-498b-99e73c3b88e7a9fa 4
    11-02: 17:17:16:784:c00 isadb_schedule_kill_oldPolicy_sas: 6b08d61b-fcec-4770-a965922ced1f927a 3
    11-02: 17:17:16:784:c00 isadb_schedule_kill_oldPolicy_sas: 1df7b6af-45b5-473d-8a44750511f3fc12 3
    11-02: 17:17:16:784:c00 isadb_schedule_kill_oldPolicy_sas: b358109a-a9ec-4d69-9924102a5dec4b89 1
    11-02: 17:17:16:784:c00 isadb_schedule_kill_oldPolicy_sas: d94df37a-9ef7-4da5-b44b81ec67349035 2
    11-02: 17:17:16:784:c00 isadb_schedule_kill_oldPolicy_sas: c96319db-c1db-494f-bbb1fe4251025895 2
    11-02: 17:17:16:794:818 entered kill_old_policy_sas 4
    11-02: 17:17:16:794:818 entered kill_old_policy_sas 4
    11-02: 17:17:16:794:818 entered kill_old_policy_sas 3
    11-02: 17:17:16:794:818 entered kill_old_policy_sas 3
    11-02: 17:17:16:794:818 entered kill_old_policy_sas 1
    11-02: 17:17:16:794:818 entered kill_old_policy_sas 2
    11-02: 17:17:16:794:818 entered kill_old_policy_sas 2

    Which seems to be wrong.  Very wrong.  I would expect to see IP addresses and such here.

    On the IP Cop box, there are no messages of any attempt to start the VPN connection from TauVPN.  As in blank.

    I ran a packet analysis on the XP box and the only thing going on is the Windows XP machine pings the IP of the IP Cop box.  The IP Cop boxes acknowledges the ping back.  This repeats for what looks like 12 times.  Then nothing else happens.

    I am quite experienced with setting up Net-Net VPN connections with IP Cop so I am pretty comfortable my settings are correct. 

    Quick TauVPN setting summary:
    Server subnet:
    Service IP address:  External-IPCop-address
    Server local IP addres: <-- I assume that I need to supply the internal IP address of the IP Cop box here.
    CA Subject:  I have tried leaving this blank with PSK VPN.  I have also tried importing (successfully) cerificates and using what was imported here.
    Any suggestions or ideas on what to try now?


    • Stefan Markowitz

      Do you have the correct version of the support tools installed? These from the XP CD do not work with SP2.
      Your settings seem to be correct.

    • Stefan Markowitz

      There have been reported many problems with 1.4.9 and VPN.
      I've notice that the following line is not present in the ipsec.conf: (in the Roadwarrior section)
      You could try this (I've got it running after inserting that line),
      or use IPCop 1.4.8.
      I have not yet testet 1.4.10.

    • Mike T.

      Mike T. - 2005-11-10

      I'm getting similar results too.  I'm testing out TauVPN with OpenSWAN.  The client computer/s are all Win XP SP2.  I downloaded and installed the XP2 Support Tools (from MS) on all test clients.

      I think the problem is with the client.  I installed an packet sniffer on the client PCs and:

      (1) If I check the Ping option in the Global Settings, I see the pings in the packet sniffer, but the clients are pinging the Server Local IP Address instead of the Server IP Address.

      (2) I don't see the client transmitting any packet to the Server IP Address, including any traffic on port 500.

    • Stefan Markowitz

      Did you by any chance type in the server subnet field
      xxx.xxx.xxx.xxx/24 instead of xxx.xxx.xxx.xxx/ (or whatever the subnet is)? If so, it would explain why nothing happens. It must be in the long notation.
      The ping to the Server Local Address is needed to initiate the tunnel.

      I just tested IPCop 1.4.10. The roadwarrior VPN worked without problems. :-)

    • Mike T.

      Mike T. - 2005-11-11

      Here's my setup.

      Server subnet:
      Server IP address: xxx.xxx.xxx.xxx (vpn server's public ip)
      Server local IP address:

      All client (various desktops and a laptop) are tested using a direct connection to the internet using a public ip address, not NATed behind a firewall.  Win XP's native firewall is active in all clients.  If TauVPN uses ping to trigger XP to create the tunnel, it is not being done as I don't see any isakmp packets coming from the client.  Is there anything else in XP that I need to check/install?


    • Stefan Markowitz

      I guess there's s.th. wrong with the certificates. Try it first with preshared key, and if that works then make new certificates.
      Don't use special characters, try with leaving the E, L and S fields empty. Ipseccmd seems to behave strange under some circumstances -  if it does not like s.th. then it won't even send any isakmp packet.

    • Mike T.

      Mike T. - 2005-11-12

      My test clients are all using a preshared key.  I will try more tests next week.  FYI, on one of the test clients, I tried the ebootis package to connect to the same server and it worked ok.

    • Stefan Markowitz

      Which IP shows TauVPN (local IP)? Is it the public IP, or is it the IP of the LAN (assuming there is one)? In your case it should show the public IP. If not, check if you have two default gateways. (On for the LAN and one for the dialup adapter. This should not be).
      Another thing: Make sure that there are no special characters (and no space) in the psk.

    • Jonathan Deitch

      Jonathan Deitch - 2005-11-28


      I have to toss in with a Me Too here.

      Same exact setup (XP SP2, 1.4.10 ipcop) same exact results.

      ZERO output from TauVPN.  It's not even attempting to connect.  Just pings about 10 times, and errors.

      Settings ARE correct, XP SP2 support tools installed.  No special characters.  PSK tried, cert tried.  Nothing works.

      Any ideas?  At this point, near as I can tell, the client just plain doesn't work ... :-(

      - JD

    • Stefan Markowitz

      Sorry, I can't help you without more information (config files, logs)


    • Marcus Andersson

      I have the same issue as descibed above.

      I have also noticed, when checking the parameters manually in MMC, that a setting is incorrect for LAN connected users.

      Under the tab "Connection Type" for the security rule, Tau adds it as a "remote access" connection.  I guess that would work if you are already connected over PPP, PPTP, L2TP and others.  When changing the rule manually while TauVPN is trying to connect, to LAN instead of remote access the tunnel is indeed brought up.

      There should be an option whether to setup the tunnel as remote access or as LAN.

      Furthermore, in 0.40 it seems that the interface for naming a certificate is not working very well.  I had to specify the certificate manually in the .ini file, since no matter how I tried to input the certificate, it never saved anything in the .ini-file.

      Best wishes,

    • Stefan Markowitz

      >I have also noticed, when checking the parameters >manually in MMC, that a setting is incorrect for LAN >connected users.

      Do you have a private IP-address? Maybe an uncommon range, which does not get detected as private IP by TauVPN? You can disable the autodetection in the global settings.
      I don't understand what you say about remote access. Do you mean dialup instead?

      >no matter how I tried to input the certificate, it >never saved anything in the .ini-file.

      After clicking on "Import", did it show the certificate subject in a message box, and automatically filled it into the CA subject field?


    • Andres Mujica

      Andres Mujica - 2006-06-15

      Hi, i´m having this same issue with 1.4.10, and i´ve tried 0.42 beta with no success.

      i´m only getting this kind of messages.

      i´ve tried some time ago with another pc and had succes, this is a complete different pc (in fact 2 xp) but didn´t connected.

      324 entered kill_old_policy_sas 2
      6-15: 18:25:21:921:324 entered kill_old_policy_sas 2
      6-15: 18:28:10:906:988 isadb_schedule_kill_oldPolicy_sas: 7bc67d97-f899-4cee-9c757ae288250f27 4
      6-15: 18:28:10:906:988 isadb_schedule_kill_oldPolicy_sas: 5a5b63dd-22ce-487c-9b94e4e1a6accf67 4
      6-15: 18:28:10:906:988 isadb_schedule_kill_oldPolicy_sas: 1161519b-c6e4-4eb8-a1ba7a28385a28a5 3
      6-15: 18:28:10:906:988 isadb_schedule_kill_oldPolicy_sas: f7753508-6765-45a0-9d20d51e5aba6b70 3
      6-15: 18:28:10:906:988 isadb_schedule_kill_oldPolicy_sas: 4b460a62-a24a-49e2-a64d67f6b45788eb 1
      6-15: 18:28:10:906:988 isadb_schedule_kill_oldPolicy_sas: bc635de6-dc41-432a-818bcf19d6870253 2
      6-15: 18:28:10:906:988 isadb_schedule_kill_oldPolicy_sas: 0f732da3-ee4b-4b6f-9e36c4dc0f516d1d 2
      6-15: 18:28:10:937:324 entered kill_old_policy_sas 4
      6-15: 18:28:10:937:324 entered kill_old_policy_sas 4
      6-15: 18:28:10:937:324 entered kill_old_policy_sas 3
      6-15: 18:28:10:937:324 entered kill_old_policy_sas 3
      6-15: 18:28:10:937:324 entered kill_old_policy_sas 1
      6-15: 18:28:10:937:324 entered kill_old_policy_sas 2

      • Stefan Markowitz

        In TauVPN 0.42-beta4 you can enable a debug log (Settings -> Advanced -> Enable Debug Logfile).
        Enable it and try to connect. The Debug Log will be written to %SystemRoot%\debug. Maybe this shows what's wrong.
        The Debug setting will not be saved, if you want to debug after restarting TauVPN, you have to enable it again.

    • rujobi

      rujobi - 2006-07-14

      I had the same problem when trying to connect over dialup network. Deactivating the LAN-Adapter solved it.

    • Stefan Markowitz

      Probably your LAN-Adapter had set a default-gateway. If you change it to dhcp, it should work without need to disable it.


Log in to post a comment.