[vpn-help] please help set up my vpn connection

Rob Woolfson rob at bsdsoftware.co.il
Tue Dec 21 06:57:58 CST 2010 

Hi list,
I am having problems with my set up:

Local destination network: 192.168.4.0/24
Local destination hosts: 192.168.4.100
Remote destination network: 192.167.40.0/24
Remote destination hosts: 192.168.40.27
VPN peering point: xxx.xxx.xxx.xx

Then they have given me the following details:

IPSEC/ISAKMP Phase 1 Parameters:
Authentication method: pre shared secret
Diffie Hellman group: group 2
Encryption Algorithm: 3DES
Lifetime in seconds:28800

Phase 2 parameters:
IPSEC security: ESP
Encryption algortims: 3DES
Authentication algorithms: MD5
lifetime in seconds: 28800

pfs: disabled

I have tried to set my Shrew settings to connect to this as best as
possible, but I am not sure I have got it correct.
here is the site file.
n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:0
n:network-frag-size:540
n:network-dpd-enable:1
n:network-notify-enable:1
n:client-banner-enable:1
n:client-dns-used:1
b:auth-mutual-psk:YjJzN2QzdDhyN2EyZDNpNG42ZzQ=
n:phase1-dhgroup:2
n:phase1-keylen:0
n:phase1-life-secs:28800
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-keylen:0
n:phase2-pfsgroup:-1
n:phase2-life-secs:28800
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:1
n:client-dns-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
s:client-dns-addr:0.0.0.0
s:client-dns-suffix:
s:network-host:xxx.xxx.xxx.xxx  i have redacted this address for security
s:client-auto-mode:pull
s:client-iface:virtual
s:client-ip-addr:192.168.1.0
s:client-ip-mask:255.255.255.0
s:network-natt-mode:enable
s:network-frag-mode:disable
s:auth-method:mutual-psk
s:ident-client-type:address
s:ident-client-data:192.168.4.0
s:ident-server-type:address
s:ident-server-data:192.168.40.0
s:phase1-exchange:aggressive
s:phase1-cipher:3des
s:phase1-hash:md5
s:phase2-transform:3des
s:phase2-hmac:md5
s:ipcomp-transform:disabled


Here is what i get when i turn on the debug in the log:
10/12/21 14:32:51 ii : ipc client process thread begin ...
10/12/21 14:32:51 <A : peer config add message
10/12/21 14:32:51 DB : peer added ( obj count = 1 )
10/12/21 14:32:51 ii : local address 217.150.241.151 selected for peer
10/12/21 14:32:51 DB : tunnel added ( obj count = 1 )
10/12/21 14:32:51 <A : proposal config message
10/12/21 14:32:51 <A : proposal config message
10/12/21 14:32:51 <A : client config message
10/12/21 14:32:51 <A : local id '192.168.4.0' message
10/12/21 14:32:51 <A : remote id '192.168.40.0' message
10/12/21 14:32:51 <A : preshared key message
10/12/21 14:32:51 <A : peer tunnel enable message
10/12/21 14:32:51 DB : new phase1 ( ISAKMP initiator )
10/12/21 14:32:51 DB : exchange type is aggressive
10/12/21 14:32:51 DB : 217.150.241.151:500 <-> 206.106.137.228:500
10/12/21 14:32:51 DB : a05ba820fa633a8c:0000000000000000
10/12/21 14:32:51 DB : phase1 added ( obj count = 1 )
10/12/21 14:32:51 >> : security association payload
10/12/21 14:32:51 >> : - proposal #1 payload
10/12/21 14:32:51 >> : -- transform #1 payload
10/12/21 14:32:51 >> : key exchange payload
10/12/21 14:32:51 >> : nonce payload
10/12/21 14:32:51 >> : identification payload
10/12/21 14:32:51 >> : vendor id payload
10/12/21 14:32:51 ii : local supports nat-t ( draft v00 )
10/12/21 14:32:51 >> : vendor id payload
10/12/21 14:32:51 ii : local supports nat-t ( draft v01 )
10/12/21 14:32:51 >> : vendor id payload
10/12/21 14:32:51 ii : local supports nat-t ( draft v02 )
10/12/21 14:32:51 >> : vendor id payload
10/12/21 14:32:51 ii : local supports nat-t ( draft v03 )
10/12/21 14:32:51 >> : vendor id payload
10/12/21 14:32:51 ii : local supports nat-t ( rfc )
10/12/21 14:32:51 >> : vendor id payload
10/12/21 14:32:51 ii : local supports DPDv1
10/12/21 14:32:51 >> : vendor id payload
10/12/21 14:32:51 ii : local is SHREW SOFT compatible
10/12/21 14:32:51 >> : vendor id payload
10/12/21 14:32:51 ii : local is NETSCREEN compatible
10/12/21 14:32:51 >> : vendor id payload
10/12/21 14:32:51 ii : local is SIDEWINDER compatible
10/12/21 14:32:51 >> : vendor id payload
10/12/21 14:32:51 ii : local is CISCO UNITY compatible
10/12/21 14:32:51 >= : cookies a05ba820fa633a8c:0000000000000000
10/12/21 14:32:51 >= : message 00000000
10/12/21 14:32:51 -> : send IKE packet 217.150.241.151:500 ->
206.106.137.228:500 ( 484 bytes )
10/12/21 14:32:51 DB : phase1 resend event scheduled ( ref count = 2 )
10/12/21 14:32:51 ii : opened tap device tap0
10/12/21 14:33:01 -> : resend 1 phase1 packet(s) 217.150.241.151:500
-> 206.106.137.228:500
10/12/21 14:33:11 -> : resend 1 phase1 packet(s) 217.150.241.151:500
-> 206.106.137.228:500
10/12/21 14:33:21 -> : resend 1 phase1 packet(s) 217.150.241.151:500
-> 206.106.137.228:500
10/12/21 14:33:31 ii : resend limit exceeded for phase1 exchange
10/12/21 14:33:31 ii : phase1 removal before expire time
10/12/21 14:33:31 DB : phase1 deleted ( obj count = 0 )
10/12/21 14:33:31 ii : closed tap device tap0
10/12/21 14:33:31 DB : tunnel stats event canceled ( ref count = 1 )
10/12/21 14:33:31 DB : removing tunnel config references
10/12/21 14:33:31 DB : removing tunnel phase2 references
10/12/21 14:33:31 DB : removing tunnel phase1 references
10/12/21 14:33:31 DB : tunnel deleted ( obj count = 0 )
10/12/21 14:33:31 DB : removing all peer tunnel refrences
10/12/21 14:33:31 DB : peer deleted ( obj count = 0 )
10/12/21 14:33:31 ii : ipc client process thread exit ...


please can you help me determine what is going wrong.

Many thanks
--
Rob Woolfson - CTO
mobile:+972-544904157
office:+972-3-5353751



-- 
Rob Woolfson - CTO
mobile:+972-544904157
office:+972-3-5353751

More information about the vpn-help mailing list