[Vpn-help] vpn-help Digest, Vol 32, Issue 8 exclusive)

shrew.nelipot at spamgourmet.com shrew.nelipot at spamgourmet.com
Fri May 15 04:32:40 CDT 2009 

Hi,

I've now compiled and installed 2.1.4.  All seemed to go smoothly.  I can
create a new profile and enter a Fully Qualified Domain Name.  When I save
it and then attempt to connect to it wont do so and the message in the
responder's log is:

16:22:03 - [MiniEee] responding to Main Mode from unknown peer 58.8.189.183
Fri, 2009-05-15 16:22:03 - [MiniEee] no suitable connection for peer
'192.168.1.5'
Fri, 2009-05-15 16:22:03 - [MiniEee] sending encrypted notification
INVALID_ID_INFORMATION to <invalid>:0

When I go back to edit the profile the Fully Qualified Domain name field has
disappeared and only the IP address field remains.

This time I am confident that I have 2.1.4 properly installed.  Could this
still be a bug with the Shrew VPN client?

I fail to understand how it can accept the input when I create the profile
and yet not actually store it, which is what appears to be happening.

Any thoughts?

Thanks,
Steve



2009/5/14 vpn-help-request at lists.shrew.net

> Send vpn-help mailing list submissions to
>        vpn-help at lists.shrew.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://lists.shrew.net/mailman/listinfo/vpn-help
> or, via email, send a message with subject or body 'help' to
>        vpn-help-request at lists.shrew.net
>
> You can reach the person managing the list at
>        vpn-help-owner at lists.shrew.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of vpn-help digest..."
>
>
> Today's Topics:
>
>   1. Building on Fedora 10? (Don Seiler)
>   2. Supporting RSA SecurID tokens? (Don Seiler)
>   3. Re: Compiled Shrew 2.1.5 beta for Ubuntu 8.10 and Netgear
>      DG834G (Matthew Grooms)
>   4. Re: VPN CLI (Matthew Grooms)
>   5. Re: Supporting RSA SecurID tokens? (Matthew Grooms)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 12 May 2009 14:25:55 -0500
> From: Don Seiler <don at seiler.us>
> Subject: [Vpn-help] Building on Fedora 10?
> To: vpn-help at lists.shrew.net
> Message-ID:
>        <94e86aed0905121225j1837f8b0m6db141e3d5ee85f1 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Is there a quick HOWTO for buliding on Fedora 10?  I have qt3-devel
> (and qt3) installed.  I don't see a -mt package like libqt3-mt-dev on
> Ubuntu.
>
> When I try to run the cmake command (cmake -DCMAKE_INSTALL_PREFIX=/usr
> -DQTGUI=YES -ETCDIR=/etc -DNATT=YES -Wno-dev), I get the error "Unable
> to locate required package : QT"
>
> Also: is cpp not suitable for g++?  If not, which package provides it?
>  yum seach wasn' t too helpful.
>
> --
> Don Seiler
> http://seilerwerks.wordpress.com
> ultimate: http://www.mufc.us
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 12 May 2009 14:35:48 -0500
> From: Don Seiler <don at seiler.us>
> Subject: [Vpn-help] Supporting RSA SecurID tokens?
> To: vpn-help at lists.shrew.net
> Message-ID:
>        <94e86aed0905121235g1629f185va404820a74b553ba at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> My employer is changing the VPN setup to use RSA SecurID tokens with a
> changing passcode.  This has motivated me to finally look into using
> Shrew again instead of VPNC.  However I need to know a few answers:
>
> 1. Does Shrew/IKE support the SecurID changing tokens?
> 2. Does Shrew/IKE support the "new PIN" setup process?  Apparently
> VPNC doesn't, but the official Cisco client does.  However the
> official Cisco client is a pain in the ass to set up.
> 3. Like #2, does Shrew/IKE support "next tokencode" process when too
> many failures have occurred.  Again, VPNC doesn't, official client
> does.
>
> --
> Don Seiler
> http://seilerwerks.wordpress.com
> ultimate: http://www.mufc.us
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 13 May 2009 00:51:54 -0500
> From: Matthew Grooms <mgrooms at shrew.net>
> Subject: Re: [Vpn-help] Compiled Shrew 2.1.5 beta for Ubuntu 8.10 and
>        Netgear DG834G
> To: shrew.nelipot at spamgourmet.com
> Cc: vpn-help at lists.shrew.net
> Message-ID: <4A0A5FFA.60506 at shrew.net>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> shrew.nelipot at spamgourmet.com wrote:
> > Hi Matthew,
> >
> > I thought I'd give installation another shot after first uninstalling
> > Shrew 2.10 in Synaptic.  Installation seemed to go just fine.  After
> > installation of my custom built DEB file I got some odd behaviour.
> > Firstly, there is no menu item for the Shrew VPN client, but that's
> > minor.  So I started iked, after reading the README file, although I
> > wasn't really sure that I needed to do that, in a terminal window and
> > that seemed to go okay.  Then I started ikea in the same window, which
> > opened the familiar Shrew Soft VPN Client.  I created a new profile,
> > which seemed to work well as there were many more configurable items.
> > Under the Authentication tab for local host I found many different
> > Identification types that weren't there on the older version, such as
> > Fully Qualified Domain Name, Key Identifier and User Fully Qualified
> > Domain Name.  The same was true for Remote Identity which has ASN. 1
> > Distinguished Name in addition.
> >
> > I entered all the necessary data and saved it.  Then I double clicked
> > the profile I wanted to use (the new one I just created) to connect and
> > it opened up ikec, I believe it is called.  When I hit the Connect
> > button I got the message 'failed to attach to key daemon....' and
> > nothing more happens.  There is no log entried recorded in the VPN
> > server log either.  If I try to go back in and change settings of the
> > new profile the new Identification types previously available all seem
> > to have disappeared and I am left with just the old IP address field
> > under the previous version of Shrew that I had installed.  It's almost
> > as if I have a mixture of the two versions running.  Sort of like when
> > the human and the fly get mixed up in the time machine!
> >
> > Seems to me that something went wrong with the install process.  Any
> > suggestions?
> >
>
> The iked process needs to be running in the background. The client gui
> apps connect to iked.
>
> -Matthew
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 13 May 2009 00:53:14 -0500
> From: Matthew Grooms <mgrooms at shrew.net>
> Subject: Re: [Vpn-help] VPN CLI
> To: "Barker Ben (ST)" <Ben.Barker at tfl.gov.uk>
> Cc: "'vpn-help at lists.shrew.net'" <vpn-help at lists.shrew.net>
> Message-ID: <4A0A604A.4060608 at shrew.net>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Barker Ben (ST) wrote:
> > Afternoon.
> >
> > Is there any way to initiate a VPN using the Shrewsoft client for
> > windows using the command line rather than going through the graphical
> > access manager? I found a mention of CLI in the release notes, but
> > wasn?t clear if this was just for the Linux version.
> >
> > Apologies if this is already documented somewhere...
> >
>
> The 2.2.x versions have a cli interface but its *nix only. The windows
> version does not have such a front end.
>
> -Matthew
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 13 May 2009 01:04:24 -0500
> From: Matthew Grooms <mgrooms at shrew.net>
> Subject: Re: [Vpn-help] Supporting RSA SecurID tokens?
> To: Don Seiler <don at seiler.us>
> Cc: vpn-help at lists.shrew.net
> Message-ID: <4A0A62E8.5040204 at shrew.net>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Don Seiler wrote:
> > My employer is changing the VPN setup to use RSA SecurID tokens with a
> > changing passcode.  This has motivated me to finally look into using
> > Shrew again instead of VPNC.  However I need to know a few answers:
> >
> > 1. Does Shrew/IKE support the SecurID changing tokens?
> > 2. Does Shrew/IKE support the "new PIN" setup process?  Apparently
> > VPNC doesn't, but the official Cisco client does.  However the
> > official Cisco client is a pain in the ass to set up.
> > 3. Like #2, does Shrew/IKE support "next tokencode" process when too
> > many failures have occurred.  Again, VPNC doesn't, official client
> > does.
> >
>
> Hi Don,
>
> The client does not support this at present. There is a ticket for it
> which I hope to knock out before the 2.2.0 release.
>
> http://www.shrew.net/support/ticket/12
>
> -Matthew
>
>
> ------------------------------
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>
>
> End of vpn-help Digest, Vol 32, Issue 8
> ***************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20090515/60551dce/attachment-0001.html>

More information about the vpn-help mailing list