[vpn-help] Regression in Linux shrew 2.1.7 -> OpenBSD 4.8+ roadwarrior VPN
Zak Elep
zak.elep at orangeandbronze.com
Sat Sep 10 02:17:39 CDT 2011
Problem:
Linux shrew 2.1.7 (as available in Ubuntu 11.10 Oneiric) could not complete
phase1 negotiation to an OpenBSD 4.8/4.9 VPN gateway; it times out.
Previous version of shrew in Linux dist (version 2.1.5 in Ubuntu 11.04
Natty) completes this negotiation and connects fine, and as a workaround I
have kept packages of 2.1.5 installed on Oneiric (preventing upgrade to
2.1.7).
To Reproduce:
Connect using shrew 2.1.7 to OpenBSD 4.8/4.9 gateway.
OpenBSD Gateway configuratio uses a simple PSK setup in /etc/ipsec.conf:
ike passive esp from any to $gateway_ip peer any psk $vpn_password
ike passive esp from $gateway_ip to any psk $vpn_password
Client Phase 1 & 2 setup:
Authentication:
- Method: Mutual PSK
- Local Identity type: IP Address, using discovered host address
- Credentials: Pre Shared Key (supplied)
Phase 1:
- Exchange type: main
- DH Exchange: group 2
- Cipher algorithm: aes
- Cipher key length: 256 Bits
- Hash algorithm: sha1
Phase 2:
- Transform length: aes
- Transform key length: 256 Bits
- HMAC algorithm: sha1
- PFS Exchange: group 2
- Compression algorithm: deflate
See also attached iked.log.
--
Zak B. Elep || orangeandbronze.com
1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20110910/93b0fa8d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iked.log
Type: text/x-log
Size: 4355 bytes
Desc: not available
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20110910/93b0fa8d/attachment.bin>
More information about the vpn-help
mailing list