[Vpn-help] Shrew's VPN Client and Linksys RV042 - pls help

Jose Romeu Robazzi jrobazzi at globo.com
Thu Oct 23 22:23:30 CDT 2008 

Hello all,
I am trying to connect to a RV042 router in a VPN Group, but the connection
does not seem to work.

I am using Shrew Soft VPN Access Manager v. 2.1.2. Configuration is as
follows:
Auto Configuration: "disable"
Local Host Address Method is: "Use an existing adapter..."
NAT Traversal: "disable"
IKE Fragmentation: "disable"
Enable Dead Peer Detection: checked
Name resolution: everything unchecked
Authentication Method: "Mutual PSK"
Local Identity: "User FQDN"
Phase 1: "aggressive, group2, aes,256, md5, 28800, 0"
Phase 2: "esp-aes,256, md5, group2, disabled, 3600, 0"
Included lan behind the router paramenter in the "Remote Network Resource"
list in the policy tab.

In the router I have:
Local Group Setup matching lan behind the router parameters
Remote Client Setup matching User FQDN
IPSec setup matching Phase 1 and Phase 2 parameters above, with Perfect
Forward Secrecy checked

I get the following log from the router:
  Oct 24 01:07:05 2008     VPN Log    Received Vendor ID payload Type =
[Dead Peer Detection]  Oct 24 01:07:05 2008     VPN Log    Ignoring Vendor
ID payload [f14b94b7bff1fef0...]  Oct 24 01:07:05 2008     VPN Log
 Ignoring Vendor ID payload Type = [Cisco-Unity]  Oct 24 01:07:05 2008
VPN Log    Ignoring Vendor ID payload [166f932d55eb64d8...]  Oct 24 01:07:05
2008     VPN Log    Ignoring Vendor ID payload [8404adf9cda05760...]  Oct 24
01:07:05 2008     VPN Log    Ignoring Vendor ID payload
[f4ed19e0c114eb51...]  Oct 24 01:07:05 2008     VPN Log    [Tunnel
Negotiation Info] <<< Responder Received Aggressive Mode 1st packet  Oct 24
01:07:05 2008     VPN Log    Aggressive mode peer ID is ID_USER_FQDN:
'name at name.com.br'  Oct 24 01:07:05 2008     VPN Log    Responding to
Aggressive Mode from xxx.xxx.xxx.236  Oct 24 01:07:05 2008     VPN Log
 [Tunnel Negotiation Info] >>> Responder Send Aggressive Mode 2nd packet  Oct
24 01:07:16 2008     VPN Log    Received informational payload, type
INVALID_COOKIE

Logs from Shrew Soft Trace are

08/10/24 01:17:09 ii : ipc client process thread begin ...

08/10/24 01:17:09 <A : peer config add message

08/10/24 01:17:09 DB : peer ref increment ( ref count = 1, obj count = 0 )

08/10/24 01:17:09 DB : peer added ( obj count = 1 )

08/10/24 01:17:09 ii : local address xxx.xxx.xxx.236:500 selected for peer

08/10/24 01:17:09 DB : peer ref increment ( ref count = 2, obj count = 1 )

08/10/24 01:17:09 DB : tunnel ref increment ( ref count = 1, obj count = 0 )

08/10/24 01:17:09 DB : tunnel added ( obj count = 1 )

08/10/24 01:17:09 <A : proposal config message

08/10/24 01:17:09 <A : proposal config message

08/10/24 01:17:09 <A : client config message

08/10/24 01:17:09 <A : local id 'namel at name.com.br' message

08/10/24 01:17:09 <A : preshared key message

08/10/24 01:17:09 <A : remote resource message

08/10/24 01:17:09 <A : peer tunnel enable message

08/10/24 01:17:09 DB : tunnel ref increment ( ref count = 2, obj count = 1 )

08/10/24 01:17:09 DB : new phase1 ( ISAKMP initiator )

08/10/24 01:17:09 DB : exchange type is aggressive

08/10/24 01:17:09 DB : xxx.xxx.xxx.xxx:500 <-> nnn.nnn.nnn.46:500

08/10/24 01:17:09 DB : 7db1e2fd956da89d:0000000000000000

08/10/24 01:17:09 DB : phase1 ref increment ( ref count = 1, obj count = 0 )

08/10/24 01:17:09 DB : phase1 added ( obj count = 1 )

08/10/24 01:17:09 >> : security association payload

08/10/24 01:17:09 >> : - proposal #1 payload

08/10/24 01:17:09 >> : -- transform #1 payload

08/10/24 01:17:09 >> : key exchange payload

08/10/24 01:17:09 >> : nonce payload

08/10/24 01:17:09 >> : identification payload

08/10/24 01:17:09 >> : vendor id payload

08/10/24 01:17:09 ii : local supports DPDv1

08/10/24 01:17:09 >> : vendor id payload

08/10/24 01:17:09 ii : local is SHREW SOFT compatible

08/10/24 01:17:09 >> : vendor id payload

08/10/24 01:17:09 ii : local is CISCO UNITY compatible

08/10/24 01:17:09 >> : vendor id payload

08/10/24 01:17:09 ii : local is NETSCREEN compatible

08/10/24 01:17:09 >> : vendor id payload

08/10/24 01:17:09 ii : local is SIDEWINDER compatible

08/10/24 01:17:09 >> : vendor id payload

08/10/24 01:17:09 ii : local is CHECKPOINT compatible

08/10/24 01:17:09 =< : using ISAKMP SA 7db1e2fd956da89d:0000000000000000

08/10/24 01:17:09 -> : send IKE packet xxx.xxx.xxx.236:500 ->
nnn.nnn.nnn.46:500 ( 460 bytes )

08/10/24 01:17:09 DB : phase1 resend event scheduled ( ref count = 2 )

08/10/24 01:17:09 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )

08/10/24 01:17:09 DB : tunnel ref increment ( ref count = 3, obj count = 1 )

08/10/24 01:17:09 <- : recv IKE packet xxx.xxx.xxx.236:500 ->
nnn.nnn.nnn.46:500 ( 272 bytes )

08/10/24 01:17:09 ii : parsing ike packet header

08/10/24 01:17:09 ii : attempting to locate phase1 sa for packet

08/10/24 01:17:09 DB : phase1 found

08/10/24 01:17:09 DB : phase1 ref increment ( ref count = 2, obj count = 1 )

08/10/24 01:17:09 ii : processing phase1 packet ( 272 bytes )

08/10/24 01:17:09 =< : using ISAKMP SA 7db1e2fd956da89d:937cfb2bafbbeefe

08/10/24 01:17:09 << : security association payload

08/10/24 01:17:09 << : - propsal #1 payload

08/10/24 01:17:09 << : -- transform #1 payload

08/10/24 01:17:09 ii : matched isakmp proposal #1 transform #1

08/10/24 01:17:09 ii : - transform = ike

08/10/24 01:17:09 ii : - cipher type = aes

08/10/24 01:17:09 ii : - key length = 256 bits

08/10/24 01:17:09 ii : - hash type = md5

08/10/24 01:17:09 ii : - dh group = modp-1024

08/10/24 01:17:09 ii : - auth type = psk

08/10/24 01:17:09 ii : - life seconds = 28800

08/10/24 01:17:09 ii : - life kbytes = 0

08/10/24 01:17:09 << : key exchange payload

08/10/24 01:17:09 << : nonce payload

08/10/24 01:17:09 << : identification payload

08/10/24 01:17:09 !! : phase1 id type mismatch ( received ipv4-host but
expected fqdn )

08/10/24 01:17:09 DB : phase1 resend event canceled ( ref count = 1 )

08/10/24 01:17:09 ii : phase1 removal before expire time

08/10/24 01:17:09 DB : phase1 deleted ( obj count = 0 )

08/10/24 01:17:09 DB : tunnel ref decrement ( ref count = 2, obj count = 1 )

08/10/24 01:17:09 DB : policy not found

08/10/24 01:17:09 DB : policy not found

08/10/24 01:17:09 DB : tunnel stats event canceled ( ref count = 1 )

08/10/24 01:17:09 DB : removing tunnel config references

08/10/24 01:17:09 DB : removing tunnel phase2 references

08/10/24 01:17:09 DB : removing tunnel phase1 references

08/10/24 01:17:09 DB : tunnel deleted ( obj count = 0 )

08/10/24 01:17:10 DB : peer ref decrement ( ref count = 1, obj count = 1 )

08/10/24 01:17:10 DB : removing all peer tunnel refrences

08/10/24 01:17:10 DB : peer deleted ( obj count = 0 )

08/10/24 01:17:10 ii : ipc client process thread exit ...
and


08/10/24 01:17:17 ii : inspecting ARP request ...

08/10/24 01:17:17 DB : policy not found

08/10/24 01:17:17 ii : ignoring ARP request for xxx.xxx.xxx.236, no policy
found

Please help, I must be forgetting something silly for this to work.

Thank you very much and regards,

Jose Romeu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20081024/f60969c5/attachment-0001.html>

More information about the vpn-help mailing list