[vpn-help] Shrew 2.1.4 + Ubuntu 9.10 x64 + Juniper SSG =xAuth failure

[Matthew Grooms]

On 4/8/2010 3:20 PM, Oskar Ruckle wrote:
> Hi!
>
> I'm having a bit of problem with a setup with Juniper SSG box, (ScreenOS 6.x) configured with a Remote-User VPN.
> The setup is very similar to the Shrew example config with the exception of it being a route-based setup, (i.e. not policy based). I'm convinced this shouldn't be an issue.
>
> Several clients are running different flavors of windows with Shrew with no issues at all. Everything works on all these PC's.
>
> The one Linux box is also running Shrew, (2.1.4) and the same imported config as the PCs. But no go...
>
> I get:
> local id configured
> remote id configured
> pre-shared key configured
> bringing up tunnel ...
> user authentication error
> tunnel disabled
> detached from key daemon ...
>
> The iked.log says:
> 10/04/08 21:39:21 !! : duplicate xauth request, authentication failed
> 10/04/08 21:51:27 !! : duplicate xauth request, authentication failed
>
> In the firewall I can see that Phase1 succseeds. I don't have access to the firewall logs right now, but can post details later if needed.
>
> As I said. The setup is pretty much by the book: Mutual PSK + xAuth.
>
> Btw, the user and password is OK. If i use the same config and user/password on a windows PC the tunnel works.
>
> Any thoughts or ideas?
>

Yes. Are the windows users also using 2.1.4? The 2.1.5 release had lots 
of bug fixes and introduced support for CHAP and an alternate attribute 
called PASSCODE instead of password ( requested by a juniper user ). I 
would try compiling the 2.1.5 ( or the 2.1.6 beta ) from source and try 
again.

-Matthew