[vpn-help] Problem Connecting to Commercial Gateway ...
Matthew Grooms
mgrooms at shrew.net
Wed Mar 1 20:42:39 CST 2006
Kimmo Koivisto wrote:
>
> I tried now to make connection with commercial VPNGW, but no success.
>
This product was designed to work with ipsec-tools and has not been
tested with other vpn gateway products. However, I appreciate you taking
the time to run these tests. I just want you to understand why there are
so many bugs being found ;)
I believe phase1 and phase2 should hopefully complete without issue. The
vpn gateway was including an 8 byte spi in its sa payload which I assume
was its half of the isakmp cookie. This was not expected and is no
longer being treated as an error. You were also receiving a notification
payload ( type 11 ) that was not being handled in phase2. This was a
protocol violation on the clients part and has been corrected.
The bad news is that I think the notification payload may be to inform
us that the remote peer ( your commercial gw ) doesn't understand the
modecfg packet we sent. Lets find out;)
http://www.shrew.net/download/vpn-client-1.0-beta-3.exe
> Kimmo
>
NOTE : If anyone else has a commercial VPN gateway that they would like
the Shrew Soft Client to work with, please submit a bug report. I will
do what I can to get it working.
Thanks again,
-Matthew
More information about the vpn-help
mailing list