[Vpn-help] Shrew 2.1.0-alpha4 on Ubuntu Feisty against Sidewinder VPN

Don Seiler don at seiler.us
Sat Dec 22 13:45:20 CST 2007


Hullo.  Matthew suggested I try shrew-2.1.0-alpha after having come up
against some unfinished code in racoon.  I can connect via racoon, but
3600 second lifetime renegotiation fails, so I can only stay connected
for 1 hour.

I seem to be tantalizing close, but so far I'm getting "unable to
verify remote peer certificate" error in the shrew log when I try to
connect.

I'm not sure exactly where to start debugging this.  Here's the
nuggets of my config.  I've tried to configure this to match my
racoon.conf.

Authentication:
My auth mode is Mutual RSA + Xauth, both local and remote ID are
asn1dn.  Credentials are via 3 .pem files supplied by my company.

Phase 1: (taken from remote section of racoon.conf)
Exchange type is aggressive.  My racoon.conf has "aggressive, main".
* Note, when I use "main", I get "missing required xauth password
attribute", which makes less sense to me
DH exchange is "group 2", racoon.conf has modp1024, which the man page
says is group 2.
Cypher algorithm is 3des
Hash algorithm is sha1
Key life time Lim is 3600 secs (per our Sidewinder config)

Phase 2: (taken from sainfo section of racoon.conf)
Transformation algorithm is 3des
HMAC algorithm is sha1
PFS Exchange remains disabled (didn't see a corresponding value in racoon.conf)
Compression algorithm is deflate
Key life time lim is 700 secs (per our Sidewinder config)

If any kind soul can see me straight through this, it will truly be a
merry Christmas.

Thanks,
Don.

-- 
Don Seiler
http://seilerwerks.wordpress.com
ultimate: http://www.mufc.us



More information about the vpn-help mailing list