[vpn-help] setup shrew -> netgear fvs318v3 VPN

Derek Reihe dreihe at gmail.com
Mon Apr 26 14:29:54 CDT 2010 

Alright, I've been banging my head against this for too long

I'm trying to setup a FVS318v3 to work with the shrew client.
Currently, when trying to connect, I get...

configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
invalid message from gateway
tunnel disabled
detached from key daemon

trace utility logs following, anything with <=== next to it, is not in the
log, it is me making a note:
It looks like it is dropping at phase 1, but I've tried a handful of options
and cannot figure out /why/

The IKE/VPN policy on the firewall is setup as per the netgear tutorial
http://kb.netgear.com/app/answers/detail/a_id/20

I've tried swapping the local/remote identities in shrew, the PSK matches in
the client and firewall.

10/04/26 15:24:46 ## : IKE Daemon, ver 2.2.0
10/04/26 15:24:46 ## : Copyright 2008 Shrew Soft Inc.
10/04/26 15:24:46 ## : This product linked OpenSSL 0.9.8h 28 May 2008
10/04/26 15:24:46 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
10/04/26 15:24:46 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-decrypt.cap'
10/04/26 15:24:46 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-encrypt.cap'
10/04/26 15:24:46 ii : rebuilding vnet device list ...
10/04/26 15:24:46 ii : device ROOT\VNET\0000 disabled
10/04/26 15:24:46 ii : network process thread begin ...
10/04/26 15:24:46 ii : pfkey process thread begin ...
10/04/26 15:24:46 ii : ipc server process thread begin ...
10/04/26 15:24:52 ii : ipc client process thread begin ...
10/04/26 15:24:52 <A : peer config add message
10/04/26 15:24:52 <A : proposal config message
10/04/26 15:24:52 <A : proposal config message
10/04/26 15:24:52 <A : client config message
10/04/26 15:24:52 <A : local id 'fvs_local' message
10/04/26 15:24:52 <A : remote id 'vpn_client1.fvs_remote_POLICY' message
<== MATCHES POLICY NAME AS PER NETGEAR TUTORIAL
10/04/26 15:24:52 <A : preshared key message
10/04/26 15:24:52 <A : peer tunnel enable message
10/04/26 15:24:52 ii : local supports nat-t ( draft v00 )
10/04/26 15:24:52 ii : local supports nat-t ( draft v01 )
10/04/26 15:24:52 ii : local supports nat-t ( draft v02 )
10/04/26 15:24:52 ii : local supports nat-t ( draft v03 )
10/04/26 15:24:52 ii : local supports nat-t ( rfc )
10/04/26 15:24:52 ii : local supports FRAGMENTATION
10/04/26 15:24:52 ii : local supports DPDv1
10/04/26 15:24:52 ii : local is SHREW SOFT compatible
10/04/26 15:24:52 ii : local is NETSCREEN compatible
10/04/26 15:24:52 ii : local is SIDEWINDER compatible
10/04/26 15:24:52 ii : local is CISCO UNITY compatible
10/04/26 15:24:52 ii : local is CHECKPOINT compatible
10/04/26 15:24:52 >= : cookies 857fa496646cec1e:0000000000000000
10/04/26 15:24:52 >= : message 00000000
10/04/26 15:24:55 ww : ike packet from ===>WANIPADDRESS<=== ignored, unknown
phase1 sa for peer
10/04/26 15:24:55 ww : 8d1b0ab5efb10be6:3ad32efd1a48a9cc
10/04/26 15:24:55 ii : processing phase1 packet ( 373 bytes )
10/04/26 15:24:55 =< : cookies 857fa496646cec1e:76f2fe0491f7db66
10/04/26 15:24:55 =< : message 00000000
10/04/26 15:24:55 ii : matched isakmp proposal #1 transform #14
10/04/26 15:24:55 ii : - transform    = ike
10/04/26 15:24:55 ii : - cipher type  = 3des
10/04/26 15:24:55 ii : - key length   = default
10/04/26 15:24:55 ii : - hash type    = sha1
10/04/26 15:24:55 ii : - dh group     = modp-1024
10/04/26 15:24:55 ii : - auth type    = psk
10/04/26 15:24:55 ii : - life seconds = 86400
10/04/26 15:24:55 ii : - life kbytes  = 0
10/04/26 15:24:55 !! : phase1 id mismatch
10/04/26 15:24:55 !! : received = fqdn fvs_remote_vpn_client
10/04/26 15:24:55 !! : expected = fqdn vpn_client1.fvs_remote_wnyent
10/04/26 15:24:55 ii : phase1 removal before expire time
10/04/26 15:24:55 DB : removing tunnel config references
10/04/26 15:24:55 DB : removing tunnel phase2 references
10/04/26 15:24:55 DB : removing tunnel phase1 references
10/04/26 15:24:55 DB : removing all peer tunnel refrences
10/04/26 15:24:55 ii : ipc client process thread exit ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100426/d542d307/attachment-0001.html>

More information about the vpn-help mailing list