[Vpn-help] Problem Racoon ShrewSoft

AnoniM anonim at jetline.pl
Tue Jul 14 15:07:08 CDT 2009 

What is wrong?

path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
path certificate "/usr/local/etc/racoon/cert";

login debug2;

listen {
        isakmp 192.168.0.1 [500];
        isakmp_natt 192.168.0.1 [4500];
}

timer
{
    natt_keepalive 15 seconds;
}
#
# Remote Section
#
#
# RSA XAuth Remote Section
#
remote anonymous
{
    exchange_mode main;
    verify_identifier on;
    my_identifier asn1dn;
    peers_identifier asn1dn;
    certificate_type x509 "vpngw.crt" "vpngw.key";
    ca_type x509 "ca.crt";
    passive on;
    generate_policy unique;
    ike_frag on;
    nat_traversal on;
    dpd_delay 30;
    proposal_check claim;
    lifetime time 24 hours;
    proposal
    {
        encryption_algorithm aes 256;
        hash_algorithm sha1;
        authentication_method hybrid_rsa_server;
        dh_group 5;
    }

}
#
# Mode Config Section
#
mode_cfg
{
    network4 192.168.4.1;
    pool_size 253;
    netmask4 255.255.255.0;
    split_network include 192.168.4.0/24;
    conf_source local;
    wins4 192.168.4.200;
    dns4 192.168.4.1;
    banner "/usr/local/etc/racoon/motd";
}
#
# SA Info Section
#
sainfo anonymous
{
    lifetime time 3600 seconds;
    encryption_algorithm aes 256;
    authentication_algorithm hmac_md5,hmac_sha1;
    compression_algorithm deflate;
}

tail -f /var/log/racoon.log

Jul 14 21:59:13 VPN racoon: INFO: respond new phase 1 negotiation: 
192.168.0.1[500]<=>192.168.0.2[500]
Jul 14 21:59:13 VPN racoon: INFO: begin Identity Protection mode.
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: 
draft-ietf-ipsra-isakmp-xauth-06.txt
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: 
draft-ietf-ipsec-nat-t-ike-00
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: 
draft-ietf-ipsec-nat-t-ike-01
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: 
draft-ietf-ipsec-nat-t-ike-02
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: 
draft-ietf-ipsec-nat-t-ike-03
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: RFC 3947
Jul 14 21:59:13 VPN racoon: INFO: received broken Microsoft ID: 
FRAGMENTATION
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: DPD
Jul 14 21:59:13 VPN racoon: INFO: received Vendor ID: CISCO-UNITY
Jul 14 21:59:13 VPN racoon: INFO: Selected NAT-T version: RFC 3947
Jul 14 21:59:13 VPN racoon: INFO: Adding xauth VID payload.
Jul 14 21:59:13 VPN racoon: WARNING: CR received, ignore it. It should 
be in other exchange.
Jul 14 21:59:13 VPN racoon: INFO: Hashing 192.168.0.1[500] with algo #2
Jul 14 21:59:13 VPN racoon: INFO: NAT-D payload #0 verified
Jul 14 21:59:13 VPN racoon: INFO: Hashing 192.168.0.2[500] with algo #2
Jul 14 21:59:13 VPN racoon: INFO: NAT-D payload #1 doesn't match
Jul 14 21:59:13 VPN racoon: INFO: NAT detected: PEER
Jul 14 21:59:13 VPN racoon: INFO: Hashing 192.168.0.2[500] with algo #2
Jul 14 21:59:13 VPN racoon: INFO: Hashing 192.168.0.1[500] with algo #2
Jul 14 21:59:13 VPN racoon: INFO: Adding remote and local NAT-D payloads.
Jul 14 21:59:13 VPN racoon: INFO: NAT-T: ports changed to: 
192.168.0.2[4500]<->192.168.0.1[4500]
Jul 14 21:59:13 VPN racoon: INFO: KA list add: 
192.168.0.1[4500]->192.168.0.2[4500]
Jul 14 21:59:13 VPN racoon: WARNING: No ID match.
Jul 14 21:59:13 VPN racoon: ERROR: invalid ID payload.
Jul 14 22:00:03 VPN racoon: ERROR: phase1 negotiation failed due to time 
up. 5c11cc19a28c2d99:d68593d19a1a750d
Jul 14 22:00:03 VPN racoon: INFO: KA remove: 
192.168.0.1[4500]->192.168.0.2[4500]


??????? and what is importent i cant connect from shrew soft :(
Please help


__________ Informacja programu ESET Smart Security, wersja bazy sygnatur wirusow 4243 (20090714) __________

Wiadomosc zostala sprawdzona przez program ESET Smart Security.

http://www.eset.pl lub http://www.eset.com

More information about the vpn-help mailing list