[Vpn-help] Request for assistance: Shrew Client and ZyWall
Zachary Hopkins
zachary.hopkins at gmail.com
Fri Jun 20 12:49:31 CDT 2008
Hello all,
Perhaps someone might be able to provide me some assistance in getting
the Shrew VPN client working with my ZyWall 2 Plus ISA?
I have already followed the directions online at
http://www.shrew.net/support/wiki/HowtoZywall, changing only the IP
addresses to match those of my network.
For my VPN test, my ZyWall is located at 10.12.1.1, my computer's wired
port has a DHCP address of 10.12.1.100 and is plugged into LAN-1 on the
ZyWall. For this test, there is no WAN connection. I am also operating
wirelessly through a separate network with a 10.12.0.x address for my
normal internet usage. The ZyWall is using mostly default settings, to
the best of my knowledge (I have not changed much). I also have the
latest firmware on the ZyWall (V4.04(XU.1) | 04/18/2008) and the latest
Shrew client for Windows (2.1.0).
When I try to connect, the client outputs the following messages:
== Shrew Client Messages Begin =====
config loaded for site '10.12.1.1'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
== End =====
The messages pause there. Wondering what was going on, I checked the
ZyWall's log and found the following:
== ZyWall Log Begin =====
Message Source Destination Note
Rule [vpnclient_gateway] Receiving IKE request 10.12.1.100
10.12.1.1 IKE
Recv Aggressive Mode request from [10.12.1.100] 10.12.1.100
10.12.1.1 IKE
Recv:[SA][KE][NONCE][ID][VID][VID][ 10.12.1.100 10.12.1.1 IKE
Send:[SA][KE][NONCE][ID][HASH][VID] 10.12.1.1 10.12.1.100 IKE
Recv:[HASH][NATD][NATD] 10.12.1.100 10.12.1.1 IKE
Phase 1 IKE SA process done 10.12.1.1 10.12.1.100 IKE
Send:[HASH][ATTRIBUTE] 10.12.1.1 10.12.1.100 IKE
Recv:[HASH][NOTFY:INIT_CONTACT] 10.12.1.100 10.12.1.1 IKE
Recv:[HASH][ATTRIBUTE] 10.12.1.100 10.12.1.1 IKE
XAUTH succeed! Remote user: {Username omitted} 10.12.1.100
10.12.1.1 IKE
Send:[HASH][ATTRIBUTE] 10.12.1.1 10.12.1.100 IKE
Recv:[HASH][ATTRIBUTE] 10.12.1.100 10.12.1.1 IKE
Recv:[HASH][NOTFY:R_U_THERE] 10.12.1.100 10.12.1.1 IKE
Send:[HASH][NOTFY:R_U_THERE_ACK] 10.12.1.1 10.12.1.100 IKE
== End =====
The last two lines repeat seeming infinitely until I tell the Shrew
Client to cancel the connection attempt.
Any assistance you all have to offer would be greatly appreciated.
Thank you!
--Zachary Hopkins
--
==================================================
"The best way to predict the future is to invent it."
zachary.hopkins at gmail.com
http://www.hopkinsprogramming.net
More information about the vpn-help
mailing list