[vpn-help] shrew on linux client

caio elcaio at gmail.com
Tue Apr 20 05:22:24 CDT 2010 

On Tue, Apr 20, 2010 at 3:47 AM, Matthew Grooms <mgrooms at shrew.net> wrote:
> On 4/15/2010 3:44 PM, caio wrote:
>>
>> Does anybody success with this kind of scenario? I mean, shrew on
>> linux, remote cisco vpn server, and with pre-shared authentication
>> (see belong for the cisco config and for my current issue).
>>
>
> Have you read the post linked to the second Q/A in the FAQ?
>
> http://www.shrew.net/support/wiki/FrequentlyAskedQuestions
>

Yes I did, i verified all rp_filter settings were with value 0. But
capturing with tshark or tcpdump I only see ping echo requests though
(none response).

> If that doesn't help, try looking at the debug level log output generated by
> the IKE daemon ...
>
> http://www.shrew.net/support/wiki/BugReportVpnUnix

I'll consider this..
Thanks

>
> -Matthew
>
>>
>> On Wed, Apr 14, 2010 at 6:44 PM, caio<elcaio at gmail.com>  wrote:
>>>
>>> Hello,
>>>
>>> I've installed shrew v2.1.6 (linked to OpenSSL 0.9.8n) on a slackware
>>> linux laptop and try to connect to a cisco box vpn.
>>> Tun module is loaded ok and /dev/net/tun exist.
>>> I see on ikec client the following:
>>>
>>>   config loaded for site 'myconfig'
>>>   attached to key daemon ...
>>>   peer configured
>>>   iskamp proposal configured
>>>   esp proposal configured
>>>   client configured
>>>   local id configured
>>>   remote id configured
>>>   pre-shared key configured
>>>   bringing up tunnel ...
>>>   network device configured
>>>   tunnel enabled
>>>
>>> Finally when i press "disconnect" button:
>>>
>>>    bringing down tunnel ...
>>>    session terminated by user
>>>    tunnel disabled
>>>    detached from key daemon ...
>>>
>>> Everything seem to be ok, and what I see is that an ip is properly
>>> assigned to my tap0 interface and a ping to itself responds ok. Also a
>>> default route is added to the route table.
>>>
>>> But there is no connection to the outside (i also lost connection via
>>> active wlan1 interface).
>>>
>>> Cisco side configuration is something like this:
>>>
>>>    crypto isakmp policy 3
>>>    encr 3des
>>>    authentication pre-share
>>>    group 2
>>>    !
>>>    crypto isakmp client configuration group<private>
>>>    key<private_too>
>>>    pool vpnpool
>>>
>>> I can attach you a log if you need more debug. Or if need more info
>>> you can ask me.
>>> I have to mention I also tried with stable v2.1.5.
>>>
>>> Thanks,
>>> Caio
>>>
>> _______________________________________________
>> vpn-help mailing list
>> vpn-help at lists.shrew.net
>> http://lists.shrew.net/mailman/listinfo/vpn-help
>
>

More information about the vpn-help mailing list