[vpn-help] shrew on linux client

Matthew Grooms mgrooms at shrew.net
Tue Apr 20 01:47:16 CDT 2010 

On 4/15/2010 3:44 PM, caio wrote:
> Does anybody success with this kind of scenario? I mean, shrew on
> linux, remote cisco vpn server, and with pre-shared authentication
> (see belong for the cisco config and for my current issue).
>

Have you read the post linked to the second Q/A in the FAQ?

http://www.shrew.net/support/wiki/FrequentlyAskedQuestions

If that doesn't help, try looking at the debug level log output 
generated by the IKE daemon ...

http://www.shrew.net/support/wiki/BugReportVpnUnix

-Matthew

>
> On Wed, Apr 14, 2010 at 6:44 PM, caio<elcaio at gmail.com>  wrote:
>> Hello,
>>
>> I've installed shrew v2.1.6 (linked to OpenSSL 0.9.8n) on a slackware
>> linux laptop and try to connect to a cisco box vpn.
>> Tun module is loaded ok and /dev/net/tun exist.
>> I see on ikec client the following:
>>
>>    config loaded for site 'myconfig'
>>    attached to key daemon ...
>>    peer configured
>>    iskamp proposal configured
>>    esp proposal configured
>>    client configured
>>    local id configured
>>    remote id configured
>>    pre-shared key configured
>>    bringing up tunnel ...
>>    network device configured
>>    tunnel enabled
>>
>> Finally when i press "disconnect" button:
>>
>>     bringing down tunnel ...
>>     session terminated by user
>>     tunnel disabled
>>     detached from key daemon ...
>>
>> Everything seem to be ok, and what I see is that an ip is properly
>> assigned to my tap0 interface and a ping to itself responds ok. Also a
>> default route is added to the route table.
>>
>> But there is no connection to the outside (i also lost connection via
>> active wlan1 interface).
>>
>> Cisco side configuration is something like this:
>>
>>     crypto isakmp policy 3
>>     encr 3des
>>     authentication pre-share
>>     group 2
>>     !
>>     crypto isakmp client configuration group<private>
>>     key<private_too>
>>     pool vpnpool
>>
>> I can attach you a log if you need more debug. Or if need more info
>> you can ask me.
>> I have to mention I also tried with stable v2.1.5.
>>
>> Thanks,
>> Caio
>>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help

More information about the vpn-help mailing list