[Vpn-help] VPN help with pfsense (freeBSD).

Chris Rees crees at bearrivernet.net
Wed Sep 27 18:03:16 CDT 2006 

Hi,  

I am tyring your VPN client with pfsense (m0n0wall remake).  Its a freebsd based firewall setup.  I think I am close to getting it to work but during or after the PSK negotionation and Phase 1 it fails with this in the message log.

Sep 27 13:27:33 racoon: INFO: respond new phase 1 negotiation: 65.73.xxx.xxx[500]<=>216.160.xxx.xxx[500] 
Sep 27 13:27:33 racoon: INFO: begin Identity Protection mode. 
Sep 27 13:27:33 racoon: INFO: received Vendor ID: CISCO-UNITY 
Sep 27 13:27:33 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 
Sep 27 13:27:33 racoon: INFO: received Vendor ID: RFC 3947 
Sep 27 13:27:33 racoon: INFO: received broken Microsoft ID: FRAGMENTATION 
Sep 27 13:27:33 racoon: INFO: received Vendor ID: DPD 
Sep 27 13:24:46 racoon: INFO: ISAKMP-SA established 65.73.xxx.xxx[500]-216.160.xxx.xxx[500] spi:b877261ce6a5e9f2:5d77ba7554144e9c 
Sep 27 13:24:46 racoon: ERROR: Invalid exchange type 6 from 216.160.xxx.xxx[500]. 
Sep 27 13:24:57 racoon: ERROR: Invalid exchange type 6 from 216.160.xxx.xxx[500].

This is a log I managed to get on the Shrewsoft VPN logs.

## : IPSEC Daemon, ver 1.1.0

## : Copyright 2006 Shrew Soft Inc.

## : This product linked OpenSSL 0.9.8a 11 Oct 2005

ii : rebuilding vnet device list ...

ii : device ROOT\VNET\0000 disabled

ii : rebuilding vprot interface list ...

ii : skipping interface with null address

ii : interface IP=10.14.xxx.xxx, MTU=1500, MAC=00:01:6c:ea:71:97 active

ii : interface IP=223.1.xxx.xxx, MTU=1418, MAC=00:60:73:ea:71:03 active

ii : 2 adapter(s) active

ii : client ctrl thread begin ...

<C : client peer config message

<C : client user credentials message

<C : client preshared key message

<C : client tunnel enable message

ii : matched phase1 proposal

ii : - protocol = isakmp

ii : - transform = ike

ii : - key length = default

ii : - cipher type = 3des

ii : - hash type = sha1

ii : - dh group = modp-1024

ii : - auth type = psk

ii : - life seconds = 28000

ii : - life kbytes = 0

ii : peer supports DPDv1

ii : peerid matched ( 65.73.xxx.xxx )

ii : phase1 sa established

ii : 10.14.xxx.xxx:500 <-> 65.73.xxx.xxx:500

ii : 4d50ada08dae87a9:1cf3dac12be0fd6

ii : sent peer notification, INITIAL-CONTACT

ii : 10.14.xxx.xxx -> 65.73.xxx.xxx

ii : isakmp spi = 4d50ada08dae87a9:01cf3dac12be0fd6

ii : data size 0

ii : determining required modecfg attributes

ii : sending isakmp config request

ii : resending ip packet

ii : sent peer notification, DPDV1-R-U-THERE

ii : 10.14.34.150 -> 65.73.xxx.xxx

ii : isakmp spi = 4d50ada08dae87a9:01cf3dac12be0fd6

ii : data size 4

ii : received peer notification, DPDV1-R-U-THERE-ACK

ii : 65.73.xxx.xxx -> 10.14.xxx.xxx

ii : isakmp spi = 4d50ada08dae87a9:01cf3dac12be0fd6

ii : data size 4

ii : resending ip packet

ii : sent peer notification, DPDV1-R-U-THERE

ii : 10.14.xxx.xxx -> 65.73.xxx.xxx

ii : isakmp spi = 4d50ada08dae87a9:01cf3dac12be0fd6

ii : data size 4

Then it repeats DPDV1-R-U-THERE sequence serveral times untill I disconected manually

Hope this helps.   

Chris 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20060927/0a7d120c/attachment-0001.html>

More information about the vpn-help mailing list