[vpn-devel] Use of Shrew-soft client software with Vyatta OS 6.5

[John Frink]

I am attempting to get a working configuration that will allow the 'road
scholars' (as opposed to 'road warriors') at my company use the current
Shrew Soft VPN client software to create an IPSec VPN with our Vyatta
router.  We are using the Vyatta VSE6.5R3 x64 OS. I will be happy to share
the final, working configuration settings with your users, assuming I can
get this working.  We have paid-for support with Vyatta, so if I can get a
few questions answered, I believe I have a good chance of making this work.

(1) Much like the Vyatta to Cisco ASA connections, I need to configure
"no-xauth" and "no-config-mode" at both ends of the Vyatta-to-Shrewsoft
tunnel.  (Vyatta does not currently support either "xauth" or "config-mode"
when setting up the tunnel.)  The documentation for your latest VPN client
(ver. 2.1.7) connection to Cisco ASA shows the " re-xauth disable "
setting.  I wish to be certain this will completely disable "xauth".

(2) Similar to question (1), how do I completely disable the "config-mode"
on this client?  (Again, Vyatta does not currently support "config-mode".)

(3) I need to use a pre-shared-key, at least at first. Is there a setting
that requires Main Mode to be used rather than Aggressive Mode?  The Vyatta
OS will not use Aggressive Mode for the RA sessions.

(4) If I have multiple users authenticate with separate usernames and
passwords, do I need to use a single PSK for all RA users, or can I set up
unique PSKs for each user?

Thank you for your time and assistance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-devel/attachments/20130418/efabe002/attachment.html>