[Vpn-help] Shrew's VPN Client and Linksys RV042 - pls help
Jose Romeu Robazzi
jrobazzi at globo.com
Thu Oct 23 22:23:30 CDT 2008
Hello all,
I am trying to connect to a RV042 router in a VPN Group, but the connection
does not seem to work.
I am using Shrew Soft VPN Access Manager v. 2.1.2. Configuration is as
follows:
Auto Configuration: "disable"
Local Host Address Method is: "Use an existing adapter..."
NAT Traversal: "disable"
IKE Fragmentation: "disable"
Enable Dead Peer Detection: checked
Name resolution: everything unchecked
Authentication Method: "Mutual PSK"
Local Identity: "User FQDN"
Phase 1: "aggressive, group2, aes,256, md5, 28800, 0"
Phase 2: "esp-aes,256, md5, group2, disabled, 3600, 0"
Included lan behind the router paramenter in the "Remote Network Resource"
list in the policy tab.
In the router I have:
Local Group Setup matching lan behind the router parameters
Remote Client Setup matching User FQDN
IPSec setup matching Phase 1 and Phase 2 parameters above, with Perfect
Forward Secrecy checked
I get the following log from the router:
Oct 24 01:07:05 2008 VPN Log Received Vendor ID payload Type =
[Dead Peer Detection] Oct 24 01:07:05 2008 VPN Log Ignoring Vendor
ID payload [f14b94b7bff1fef0...] Oct 24 01:07:05 2008 VPN Log
Ignoring Vendor ID payload Type = [Cisco-Unity] Oct 24 01:07:05 2008
VPN Log Ignoring Vendor ID payload [166f932d55eb64d8...] Oct 24 01:07:05
2008 VPN Log Ignoring Vendor ID payload [8404adf9cda05760...] Oct 24
01:07:05 2008 VPN Log Ignoring Vendor ID payload
[f4ed19e0c114eb51...] Oct 24 01:07:05 2008 VPN Log [Tunnel
Negotiation Info] <<< Responder Received Aggressive Mode 1st packet Oct 24
01:07:05 2008 VPN Log Aggressive mode peer ID is ID_USER_FQDN:
'name at name.com.br' Oct 24 01:07:05 2008 VPN Log Responding to
Aggressive Mode from xxx.xxx.xxx.236 Oct 24 01:07:05 2008 VPN Log
[Tunnel Negotiation Info] >>> Responder Send Aggressive Mode 2nd packet Oct
24 01:07:16 2008 VPN Log Received informational payload, type
INVALID_COOKIE
Logs from Shrew Soft Trace are
08/10/24 01:17:09 ii : ipc client process thread begin ...
08/10/24 01:17:09 <A : peer config add message
08/10/24 01:17:09 DB : peer ref increment ( ref count = 1, obj count = 0 )
08/10/24 01:17:09 DB : peer added ( obj count = 1 )
08/10/24 01:17:09 ii : local address xxx.xxx.xxx.236:500 selected for peer
08/10/24 01:17:09 DB : peer ref increment ( ref count = 2, obj count = 1 )
08/10/24 01:17:09 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
08/10/24 01:17:09 DB : tunnel added ( obj count = 1 )
08/10/24 01:17:09 <A : proposal config message
08/10/24 01:17:09 <A : proposal config message
08/10/24 01:17:09 <A : client config message
08/10/24 01:17:09 <A : local id 'namel at name.com.br' message
08/10/24 01:17:09 <A : preshared key message
08/10/24 01:17:09 <A : remote resource message
08/10/24 01:17:09 <A : peer tunnel enable message
08/10/24 01:17:09 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
08/10/24 01:17:09 DB : new phase1 ( ISAKMP initiator )
08/10/24 01:17:09 DB : exchange type is aggressive
08/10/24 01:17:09 DB : xxx.xxx.xxx.xxx:500 <-> nnn.nnn.nnn.46:500
08/10/24 01:17:09 DB : 7db1e2fd956da89d:0000000000000000
08/10/24 01:17:09 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
08/10/24 01:17:09 DB : phase1 added ( obj count = 1 )
08/10/24 01:17:09 >> : security association payload
08/10/24 01:17:09 >> : - proposal #1 payload
08/10/24 01:17:09 >> : -- transform #1 payload
08/10/24 01:17:09 >> : key exchange payload
08/10/24 01:17:09 >> : nonce payload
08/10/24 01:17:09 >> : identification payload
08/10/24 01:17:09 >> : vendor id payload
08/10/24 01:17:09 ii : local supports DPDv1
08/10/24 01:17:09 >> : vendor id payload
08/10/24 01:17:09 ii : local is SHREW SOFT compatible
08/10/24 01:17:09 >> : vendor id payload
08/10/24 01:17:09 ii : local is CISCO UNITY compatible
08/10/24 01:17:09 >> : vendor id payload
08/10/24 01:17:09 ii : local is NETSCREEN compatible
08/10/24 01:17:09 >> : vendor id payload
08/10/24 01:17:09 ii : local is SIDEWINDER compatible
08/10/24 01:17:09 >> : vendor id payload
08/10/24 01:17:09 ii : local is CHECKPOINT compatible
08/10/24 01:17:09 =< : using ISAKMP SA 7db1e2fd956da89d:0000000000000000
08/10/24 01:17:09 -> : send IKE packet xxx.xxx.xxx.236:500 ->
nnn.nnn.nnn.46:500 ( 460 bytes )
08/10/24 01:17:09 DB : phase1 resend event scheduled ( ref count = 2 )
08/10/24 01:17:09 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
08/10/24 01:17:09 DB : tunnel ref increment ( ref count = 3, obj count = 1 )
08/10/24 01:17:09 <- : recv IKE packet xxx.xxx.xxx.236:500 ->
nnn.nnn.nnn.46:500 ( 272 bytes )
08/10/24 01:17:09 ii : parsing ike packet header
08/10/24 01:17:09 ii : attempting to locate phase1 sa for packet
08/10/24 01:17:09 DB : phase1 found
08/10/24 01:17:09 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
08/10/24 01:17:09 ii : processing phase1 packet ( 272 bytes )
08/10/24 01:17:09 =< : using ISAKMP SA 7db1e2fd956da89d:937cfb2bafbbeefe
08/10/24 01:17:09 << : security association payload
08/10/24 01:17:09 << : - propsal #1 payload
08/10/24 01:17:09 << : -- transform #1 payload
08/10/24 01:17:09 ii : matched isakmp proposal #1 transform #1
08/10/24 01:17:09 ii : - transform = ike
08/10/24 01:17:09 ii : - cipher type = aes
08/10/24 01:17:09 ii : - key length = 256 bits
08/10/24 01:17:09 ii : - hash type = md5
08/10/24 01:17:09 ii : - dh group = modp-1024
08/10/24 01:17:09 ii : - auth type = psk
08/10/24 01:17:09 ii : - life seconds = 28800
08/10/24 01:17:09 ii : - life kbytes = 0
08/10/24 01:17:09 << : key exchange payload
08/10/24 01:17:09 << : nonce payload
08/10/24 01:17:09 << : identification payload
08/10/24 01:17:09 !! : phase1 id type mismatch ( received ipv4-host but
expected fqdn )
08/10/24 01:17:09 DB : phase1 resend event canceled ( ref count = 1 )
08/10/24 01:17:09 ii : phase1 removal before expire time
08/10/24 01:17:09 DB : phase1 deleted ( obj count = 0 )
08/10/24 01:17:09 DB : tunnel ref decrement ( ref count = 2, obj count = 1 )
08/10/24 01:17:09 DB : policy not found
08/10/24 01:17:09 DB : policy not found
08/10/24 01:17:09 DB : tunnel stats event canceled ( ref count = 1 )
08/10/24 01:17:09 DB : removing tunnel config references
08/10/24 01:17:09 DB : removing tunnel phase2 references
08/10/24 01:17:09 DB : removing tunnel phase1 references
08/10/24 01:17:09 DB : tunnel deleted ( obj count = 0 )
08/10/24 01:17:10 DB : peer ref decrement ( ref count = 1, obj count = 1 )
08/10/24 01:17:10 DB : removing all peer tunnel refrences
08/10/24 01:17:10 DB : peer deleted ( obj count = 0 )
08/10/24 01:17:10 ii : ipc client process thread exit ...
and
08/10/24 01:17:17 ii : inspecting ARP request ...
08/10/24 01:17:17 DB : policy not found
08/10/24 01:17:17 ii : ignoring ARP request for xxx.xxx.xxx.236, no policy
found
Please help, I must be forgetting something silly for this to work.
Thank you very much and regards,
Jose Romeu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20081024/f60969c5/attachment-0001.html>
More information about the vpn-help
mailing list