[Vpn-help] VPN help with pfsense (freeBSD).
Chris Rees
crees at bearrivernet.net
Wed Sep 27 18:03:16 CDT 2006
Hi,
I am tyring your VPN client with pfsense (m0n0wall remake). Its a freebsd based firewall setup. I think I am close to getting it to work but during or after the PSK negotionation and Phase 1 it fails with this in the message log.
Sep 27 13:27:33 racoon: INFO: respond new phase 1 negotiation: 65.73.xxx.xxx[500]<=>216.160.xxx.xxx[500]
Sep 27 13:27:33 racoon: INFO: begin Identity Protection mode.
Sep 27 13:27:33 racoon: INFO: received Vendor ID: CISCO-UNITY
Sep 27 13:27:33 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Sep 27 13:27:33 racoon: INFO: received Vendor ID: RFC 3947
Sep 27 13:27:33 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Sep 27 13:27:33 racoon: INFO: received Vendor ID: DPD
Sep 27 13:24:46 racoon: INFO: ISAKMP-SA established 65.73.xxx.xxx[500]-216.160.xxx.xxx[500] spi:b877261ce6a5e9f2:5d77ba7554144e9c
Sep 27 13:24:46 racoon: ERROR: Invalid exchange type 6 from 216.160.xxx.xxx[500].
Sep 27 13:24:57 racoon: ERROR: Invalid exchange type 6 from 216.160.xxx.xxx[500].
This is a log I managed to get on the Shrewsoft VPN logs.
## : IPSEC Daemon, ver 1.1.0
## : Copyright 2006 Shrew Soft Inc.
## : This product linked OpenSSL 0.9.8a 11 Oct 2005
ii : rebuilding vnet device list ...
ii : device ROOT\VNET\0000 disabled
ii : rebuilding vprot interface list ...
ii : skipping interface with null address
ii : interface IP=10.14.xxx.xxx, MTU=1500, MAC=00:01:6c:ea:71:97 active
ii : interface IP=223.1.xxx.xxx, MTU=1418, MAC=00:60:73:ea:71:03 active
ii : 2 adapter(s) active
ii : client ctrl thread begin ...
<C : client peer config message
<C : client user credentials message
<C : client preshared key message
<C : client tunnel enable message
ii : matched phase1 proposal
ii : - protocol = isakmp
ii : - transform = ike
ii : - key length = default
ii : - cipher type = 3des
ii : - hash type = sha1
ii : - dh group = modp-1024
ii : - auth type = psk
ii : - life seconds = 28000
ii : - life kbytes = 0
ii : peer supports DPDv1
ii : peerid matched ( 65.73.xxx.xxx )
ii : phase1 sa established
ii : 10.14.xxx.xxx:500 <-> 65.73.xxx.xxx:500
ii : 4d50ada08dae87a9:1cf3dac12be0fd6
ii : sent peer notification, INITIAL-CONTACT
ii : 10.14.xxx.xxx -> 65.73.xxx.xxx
ii : isakmp spi = 4d50ada08dae87a9:01cf3dac12be0fd6
ii : data size 0
ii : determining required modecfg attributes
ii : sending isakmp config request
ii : resending ip packet
ii : sent peer notification, DPDV1-R-U-THERE
ii : 10.14.34.150 -> 65.73.xxx.xxx
ii : isakmp spi = 4d50ada08dae87a9:01cf3dac12be0fd6
ii : data size 4
ii : received peer notification, DPDV1-R-U-THERE-ACK
ii : 65.73.xxx.xxx -> 10.14.xxx.xxx
ii : isakmp spi = 4d50ada08dae87a9:01cf3dac12be0fd6
ii : data size 4
ii : resending ip packet
ii : sent peer notification, DPDV1-R-U-THERE
ii : 10.14.xxx.xxx -> 65.73.xxx.xxx
ii : isakmp spi = 4d50ada08dae87a9:01cf3dac12be0fd6
ii : data size 4
Then it repeats DPDV1-R-U-THERE sequence serveral times untill I disconected manually
Hope this helps.
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20060927/0a7d120c/attachment-0001.html>
More information about the vpn-help
mailing list