[Vpn-help] Linux Client connection to Cyberoam Firewall/VPN

[Scott Selvia]

My company is using a Cyberoam Firewall/VPN and I can connect to the VPN via Windows Greenbox IPSEC VPN client or Linux (Ubuntu/Fedora) using Openswan IPSEC client.  I just installed Ubuntu 9.10 and was trying to connect using the Shrew Soft VPN Access Manager and I cannot get connected.  Here is my ipsec.conf settings for Openswan:

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version    2.0    # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        interfaces=%defaultroute
    # Do not set debug options to debug configuration issues!
    # plutodebug / klipsdebug = "all", "none" or a combation from below:
    # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
    # eg:
    # plutodebug="control parsing"
    #
    # enable to get logs per-peer
    # plutoopts="--perpeerlog"
    #
    # Again: only enable plutodebug or klipsdebug when asked by a developer
    #
    # NAT-TRAVERSAL support, see README.NAT-Traversal
    nat_traversal=yes
    # exclude networks used on server side by adding %v4:!a.b.c.0/24
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    # OE is now off by default. Uncomment and change to on, to enable.
    oe=off
    # which IPsec stack to use. netkey,klips,mast,auto or none
    protostack=netkey

conn MyCompany
    authby=secret
    type=tunnel
    keyingtries=1
    keyexchange=ike
    ike=3des-md5
    esp=3des-md5
    pfs=yes
    auto=start
    left=%defaultroute
    right=xxx.xxx.xxx.xxx
    rightsubnet=192.168.0.0/24

Here is the Shrew Soft VPN exported file:

n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:0
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:0
n:network-notify-enable:0
n:client-banner-enable:1
n:client-dns-used:1
n:client-dns-auto:0
b:auth-mutual-psk:xxxxxxxxxx
n:phase1-dhgroup:2
n:phase1-keylen:0
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-keylen:0
n:phase2-pfsgroup:-1
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:1
s:network-host:xxx.xxx.xxx.xxx
s:client-auto-mode:push
s:client-iface:virtual
s:client-ip-addr:192.168.0.0
s:client-ip-mask:255.255.255.255
s:network-natt-mode:enable
s:network-frag-mode:enable
s:client-dns-addr:192.168.0.xxx
s:client-dns-suffix:mycompany
s:auth-method:mutual-psk
s:ident-client-type:address
s:ident-server-type:address
s:phase1-exchange:main
s:phase1-cipher:3des
s:phase1-hash:md5
s:phase2-transform:3des
s:phase2-hmac:md5
s:ipcomp-transform:disabled

In the Windows Greenbox Client if have the following setup:

IKE:

  Encryption:       3DES
  Authentication: MD5
  Key Group:        DH2 (1024)

ESP:

  Encryption:        3DES
  Authentication:  MD5
  Mode:                 Tunnel

What settings do I need to get the Shrew Soft client working?

Thanks...
 		 	   		  
_________________________________________________________________
Windows Live Hotmail is faster and more secure than ever.
http://www.microsoft.com/windows/windowslive/hotmail_bl1/hotmail_bl1.aspx?ocid=PID23879::T:WLMTAGL:ON:WL:en-ww:WM_IMHM_1:092009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091203/318de6a9/attachment-0001.html>