[Vpn-help] 1.1 RC1 Bug?

[Matthew Grooms]

Peter Eisch wrote:
> Perhaps I've been fooling myself since the server auth fixes went in.  I
> kept using old profiles and those were my friend.  All worked nice and
> pretty.
> 

I'm sorry, this is completely my fault. I should not have allowed build 
to go out that did not work as planned. The client was always intended 
to verify the peers ID.

> Tonight I whipped out a new computer and started from scratch.  I cannot get
> my "standard" configs to connect at all.  It's consistently "peer auth
> error" or "peer authentication error" and I'm dead.  My racoon config is the
> same as it has been over the ages. 
>

Please, let me take a look at it. It may be a bug. It sounds like the 
client is rejecting the value being offered by the gateway. Its also 
quite possible the Cisco VPN client just ignores any peer ID values.

This should not be an impossible problem to solve as there are two 
likely causes ...

1) There is a bug in the client that is causing the check to fail.
2) There is an id type/value mismatch between the server and the client.

> I like the Hybrid config before in that it was reasonably simple and
> straight-forward as a replacement for pptp where I can auth the user and
> have reasonable crypto on the session.  Adding more checks, er security,
> seems to increase the complexity higher than what it is with other clients.
> With the cisco client I just need to load the p12, put in the hostname, user
> and password and <poof> I'm in like flint.
> 

If you would like an option to disable the security check, I am more 
than happy to include one in the 1.1 release. But I would ask that you 
please send me the debug level log output from the client and the 
gateway so I can see if there is a bug that causing all this grief.

As always, thanks for you time, patience and your help,

-Matthew