[vpn-help] Problem with Smoothwall (Openswan)

VPN Client Product Support vpn-help at lists.shrew.net
Wed Dec 16 11:50:11 CST 2009


Hi,
I'm trying to create a tunnel from roadwarrior using shrew vpn client in Ubuntu and a gateway using smoothwall (openswan).
The vpn is working well from a Mac roadwarrior using VPN Tracker.

Using Shrew, I see that the tunnel is established but immediately dropped down.
The gateway receives a Delete SA payload message.
I can't understand what to modify to avoid this.

This is what I see in the gateway's log:

16:44:21	IPSec MALEX RW	87.171.119.117 responding to Main Mode from unknown peer 87.171.119.117
16:44:21	IPSec MALEX RW	87.171.119.117 transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
16:44:21	IPSec MALEX RW	87.171.119.117 STATE_MAIN_R1: sent MR1, expecting MI2
16:44:21	IPSec MALEX RW	87.171.119.117 NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
16:44:21	IPSec MALEX RW	87.171.119.117 transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
16:44:21	IPSec MALEX RW	87.171.119.117 STATE_MAIN_R2: sent MR2, expecting MI3
16:44:21	IPSec MALEX RW	87.171.119.117 Main mode peer ID is ID_IPV4_ADDR: '192.168.10.46'
16:44:21	IPSec MALEX RW	87.171.119.117 crl update for "CN=CA USNT, O=USNT srl, ST=US, OU=R&D, E=mrcs at usablenet.com, C=IT, L=Tavagnacco" is overdue since Feb 09 15:35:21 UTC 2009
16:44:21	IPSec MALEX RW	87.171.119.117 I am sending my cert
16:44:21	IPSec MALEX RW	87.171.119.117 transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
16:44:21	IPSec MALEX RW	87.171.119.117 STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
16:44:21	IPSec MALEX RW	87.171.119.117 Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
16:44:21	IPSec MALEX RW	87.171.119.117 received Delete SA payload: deleting ISAKMP State #1143
16:44:21	IPSec MALEX RW	87.171.119.117: deleting connection "conn176" instance with peer 87.171.119.117 {isakmp=#0/ipsec=#0}

----------
Marco Brondani
IT Consultant and Mobile Dev Leader
mrcs at usablenet.com

Usablenet Inc (NYC)
Your Customers are mobile, is your content?
www.usablenet.com

This message and all attachments are confidential and may be protected by the attorney-client or other 
privileges. Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this
message has been sent to you in error, please notify the sender by replying to this transmission and
delete the message without first disclosing it. Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091216/9f6e30ae/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091216/9f6e30ae/attachment-0001.bin>


More information about the vpn-help mailing list