[vpn-help] shrew on linux client
caio
elcaio at gmail.com
Tue Apr 20 05:22:24 CDT 2010
On Tue, Apr 20, 2010 at 3:47 AM, Matthew Grooms <mgrooms at shrew.net> wrote:
> On 4/15/2010 3:44 PM, caio wrote:
>>
>> Does anybody success with this kind of scenario? I mean, shrew on
>> linux, remote cisco vpn server, and with pre-shared authentication
>> (see belong for the cisco config and for my current issue).
>>
>
> Have you read the post linked to the second Q/A in the FAQ?
>
> http://www.shrew.net/support/wiki/FrequentlyAskedQuestions
>
Yes I did, i verified all rp_filter settings were with value 0. But
capturing with tshark or tcpdump I only see ping echo requests though
(none response).
> If that doesn't help, try looking at the debug level log output generated by
> the IKE daemon ...
>
> http://www.shrew.net/support/wiki/BugReportVpnUnix
I'll consider this..
Thanks
>
> -Matthew
>
>>
>> On Wed, Apr 14, 2010 at 6:44 PM, caio<elcaio at gmail.com> wrote:
>>>
>>> Hello,
>>>
>>> I've installed shrew v2.1.6 (linked to OpenSSL 0.9.8n) on a slackware
>>> linux laptop and try to connect to a cisco box vpn.
>>> Tun module is loaded ok and /dev/net/tun exist.
>>> I see on ikec client the following:
>>>
>>> config loaded for site 'myconfig'
>>> attached to key daemon ...
>>> peer configured
>>> iskamp proposal configured
>>> esp proposal configured
>>> client configured
>>> local id configured
>>> remote id configured
>>> pre-shared key configured
>>> bringing up tunnel ...
>>> network device configured
>>> tunnel enabled
>>>
>>> Finally when i press "disconnect" button:
>>>
>>> bringing down tunnel ...
>>> session terminated by user
>>> tunnel disabled
>>> detached from key daemon ...
>>>
>>> Everything seem to be ok, and what I see is that an ip is properly
>>> assigned to my tap0 interface and a ping to itself responds ok. Also a
>>> default route is added to the route table.
>>>
>>> But there is no connection to the outside (i also lost connection via
>>> active wlan1 interface).
>>>
>>> Cisco side configuration is something like this:
>>>
>>> crypto isakmp policy 3
>>> encr 3des
>>> authentication pre-share
>>> group 2
>>> !
>>> crypto isakmp client configuration group<private>
>>> key<private_too>
>>> pool vpnpool
>>>
>>> I can attach you a log if you need more debug. Or if need more info
>>> you can ask me.
>>> I have to mention I also tried with stable v2.1.5.
>>>
>>> Thanks,
>>> Caio
>>>
>> _______________________________________________
>> vpn-help mailing list
>> vpn-help at lists.shrew.net
>> http://lists.shrew.net/mailman/listinfo/vpn-help
>
>
More information about the vpn-help
mailing list