[vpn-help] Kasperski AV 2010 causes connection issue

MATT PIERCE matt.pierce at adtran.com
Thu Feb 11 10:40:56 CST 2010 

	I had an issue on a client system where Kasperski AV 2010 causes
issues with a client connection.  The system I worked with was Win7 X64
Home Premium.  The tunnel would connect but would not create SA's.
Routes and interfaces were all good.  The Kasperski software adds NDIS6
driver bindings.  I removed those and rebooted but was unable to pass
traffic.  Removing Kasperski fixed the issue.  It's possible that the
network protection component could be removed but I wasn't able to test
that.

-----Original Message-----
From: vpn-help-bounces at lists.shrew.net
[mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of
vpn-help-request at lists.shrew.net
Sent: Thursday, February 11, 2010 10:33 AM
To: vpn-help at lists.shrew.net
Subject: vpn-help Digest, Vol 41, Issue 17

Send vpn-help mailing list submissions to
	vpn-help at lists.shrew.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.shrew.net/mailman/listinfo/vpn-help
or, via email, send a message with subject or body 'help' to
	vpn-help-request at lists.shrew.net

You can reach the person managing the list at
	vpn-help-owner at lists.shrew.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of vpn-help digest..."


Today's Topics:

   1. Re: failed to attach to key daemon (Andreas Hoppe)
   2. Re: Problem report - NetGear modeConfig without XAUTH
      (Alexis La Goutte)
   3. Using VPN Trace utility (Mike Parsons)
   4. Re: VPN Tunnel disconnected by gateway after successful
      authentication (Don)
   5. Re: Using VPN Trace utility (Mike Parsons)
   6. Re: Using Shrewsoft with IAS Radius + Cisco (Shawn Edwards)


----------------------------------------------------------------------

Message: 1
Date: Wed, 10 Feb 2010 19:08:44 +0100
From: Andreas Hoppe <andreas.hoppe at sv-buero-hoppe.de>
Subject: Re: [vpn-help] failed to attach to key daemon
To: vpn-help at lists.shrew.net
Message-ID: <4B72F62C.60704 at sv-buero-hoppe.de>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed

Hi,

I got a little bit more information now. I installed the software on my 
Windows XP machine and found some mistakes in the configuration. But now

I get the following messages:

bringing up tunnel ...
gateway authentification error
tunnel disabled
detached from key daemon

I think I have the wrong key in the tab Authentification -> Credentials

I tried the key that is given in the config-file from the avm-software 
(many digits ans letters...) but I get no access. Which key is to be
used?

Andreas



Am 09.02.2010 08:28, schrieb Andreas Hoppe:
> Hi,
>
> I tried to connect with shrew soft to a AVM Fritz!Box 7270. I use the
> SuSE 11.0 linux. The connection settings a proofed with the
> Fritz!-software on a Windows XP machine. I made the settings as
> discribed on the AVM-homepage:
>
http://www.avm.de/de/Service/Service-Portale/Service-Portal/VPN_Interope
rabilitaet/15729.php?portal=VPN
>
> When I try to connect, I get the following error message: failed to
> attach to key daemon.
>
> I tried it as "normal" user and as root.
>
> I searched in google for the error messages but I did not find any
> matching sites. What means the kex daemon?
>
> Greetings
>
> Andreas
>
>
>
>
>
>
>    


-- 
Kfz-Sachverst?ndigen- und Ing.-B?ro
Hoppe und Ganter
Martinstra?e 2
77855 Achern

Tel.: 07841 / 21097
Fax: 07841 / 24761

Email: andreas.hoppe at sv-buero-hoppe.de
URL: http://www.sv-buero-hoppe.de



------------------------------

Message: 2
Date: Thu, 11 Feb 2010 14:58:19 +0100
From: Alexis La Goutte <alexis.lagoutte at gmail.com>
Subject: Re: [vpn-help] Problem report - NetGear modeConfig without
	XAUTH
To: Micha? W?grzyn <Michal at comfortel.pl>
Cc: vpn-help at lists.shrew.net
Message-ID:
	<cd81cf761002110558m3914f30cg85b85f98e21d37ca at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-2"

Hi All

I made a test with a FVS336G with the latest firmware available

and I have the same problem.

I analysed IKE trace and i see the router send a ISAKMP_CFG_SET(3) in
Config
Mode to reply a ISAKMP_CFG_REQUEST (frame 5 and 6 of Michal packet
capture).

I am not an expert IPsec but I think it's a bug of router

Matthew you confirm?

2010/1/6 Micha? W?grzyn <Michal at comfortel.pl>

>  Hi Matthew,
>
> Yes, I'm still using a modecfg record.
>
> Regards,
>  Michal
>
> ----- Original Message -----
> *From:* Matthew Grooms <mgrooms at shrew.net>
> *To:* Micha? W?grzyn <Michal at comfortel.pl>
> *Cc:* vpn-help at lists.shrew.net
> *Sent:* Wednesday, January 06, 2010 1:06 AM
> *Subject:* Re: [vpn-help] Problem report - NetGear modeConfig without
> XAUTH
>
> On 12/28/2009 8:44 AM, Micha? W?grzyn wrote:
> > Hello,
> > I have problem with connection Shrew with NetGear FVX538 v2 with
> > firmware 3.0.5-24 (latest).
> > If I configure NetGear to use XAUTH connection can be established,
but
> > If I disable XAUTH on NetGear and on Shrew (Mutual PSK) I can't
connect.
> > Anyone has similar problem?
> > I try Shrew 2.1.6 and latest 2.2.0
>
> Hi Michael,
>
> Are you still using a modecfg record?
>
> -Matthew
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.shrew.net/pipermail/vpn-help/attachments/20100211/31e0cd31/
attachment-0001.html 

------------------------------

Message: 3
Date: Thu, 11 Feb 2010 10:57:29 -0500
From: "Mike Parsons" <mike.parsons at mynetwiz.com>
Subject: [vpn-help] Using VPN Trace utility
To: <vpn-help at lists.shrew.net>
Message-ID: <007301caab32$ebdaa5d0$c38ff170$@parsons at mynetwiz.com>
Content-Type: text/plain; charset="us-ascii"

Hello-

 

I am trying to debug a vpn client connect issue using Shrew Soft 2.1.5
on
windows 7 and connecting to a Juniper SSG

 

I started the VPN trace application and then attempted top connect to
the
SSG.  No output showed up in any of the VPN trace application tabs nor
did
anything show up in the log files of the client.

 

Any thoughts?

 

Mike Parsons -- CISSP, IAM, IEM

Chief Technical Officer

 <mailto:mike.parsons at mynetwiz.com> mike.parsons at mynetwiz.com

cell:    336-403-9710 

office:  336-306-5573 

 

Information security architecture and consulting 

Risk assessment

Compliance readiness assessment

Design and implementation services 

JNCIA -- Firewalls, SSL/VPN, IDP 

JNSS -- UAC, Security, Routers, DX 

Ironport, Bluecoat and Tipping Point certified 

Graduate Certificate in Information Security and Privacy 

Security+

MCP 

 
<http://webmail.triad.rr.com/do/mail/message/mailto?to=gmparsons%40triad
.rr.
com> www.mynetwiz.com

******************************************************* 

Managing information risk through the application of sound technology 

If you know me, you can trust me.

 

Galatians 2:20 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.shrew.net/pipermail/vpn-help/attachments/20100211/bb188829/
attachment-0001.html 

------------------------------

Message: 4
Date: Thu, 11 Feb 2010 11:14:55 -0500
From: Don <mako at makotech.com>
Subject: Re: [vpn-help] VPN Tunnel disconnected by gateway after
	successful authentication
To: Matthew Grooms <mgrooms at shrew.net>
Cc: "vpn-help at lists.shrew.net" <vpn-help at lists.shrew.net>
Message-ID:
	
<27303227E96E6E4C891127103483861239F8CCA009 at VMBX101.ihostexchange.net>
Content-Type: text/plain; charset="us-ascii"

Thanks Matthew.

The tunnel does stay up with the 2.1.6 beta 4 version I just installed.
It seems to stop passing traffic after a little while, but I will
continue to try it to see how often that occurs and find any
correlations.

-Don

________________________________________
From: Matthew Grooms [mgrooms at shrew.net]
Sent: Tuesday, February 09, 2010 1:14 AM
To: Don
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] VPN Tunnel disconnected by gateway after
successful authentication

On 1/28/2010 12:12 PM, Don wrote:
> I am hoping the community can help me with this.
> I am using a Windows 7 64bit OS on my laptop and have used the NCP
> applcation (trial) in the successfully in the past. However, with
> Shrew's client, I can authenticate, but right after the splashscreen
> that tells me to behave myself on he corporate network, I get a
> disconnect by gateway. I have no idea what is happening that the
gateway
> disconnects me after an appearent successful negotiation and
> authentication. Anyone seen this before and have any ideas?
>

Some of these problems have been corrected with the 2.1.6 betas. What
version are you running?

-Matthew

------------------------------

Message: 5
Date: Thu, 11 Feb 2010 11:29:22 -0500
From: "Mike Parsons" <mike.parsons at mynetwiz.com>
Subject: Re: [vpn-help] Using VPN Trace utility
To: "'Lukasz Sokol'" <el.es.cr at googlemail.com>,
	<vpn-help at lists.shrew.net>
Message-ID: <009701caab37$61d3ec70$257bc550$@parsons at mynetwiz.com>
Content-Type: text/plain;	charset="iso-8859-1"

Thanks, Lukasz--

You're referring to the open log button I assume and not the trace log?
What is the trace log ubutton used for?

Why aren't log files showing up in the shrew soft directory under the
debug
folder?

Thanks in advance.

Mike Parsons -- CISSP, IAM, IEM
Chief Technical Officer
mike.parsons at mynetwiz.com
cell:??? 336-403-9710 
office:? 336-306-5573 

Information security architecture and consulting 
Risk assessment
Compliance readiness assessment
Design and implementation services 
JNCIA -- Firewalls, SSL/VPN, IDP 
JNSS -- UAC, Security, Routers, DX 
Ironport, Bluecoat and Tipping Point certified 
Graduate Certificate in Information Security and Privacy 
Security+
MCP 
www.mynetwiz.com
******************************************************* 
Managing information risk through the application of sound technology 
If you know me, you can trust me.

Galatians 2:20 

-----Original Message-----
From: Lukasz Sokol [mailto:el.es.cr at googlemail.com] 
Sent: Thursday, February 11, 2010 11:22 AM
To: Mike Parsons
Subject: Re: [vpn-help] Using VPN Trace utility

Hello Mike,

On 11/02/2010 15:57, Mike Parsons wrote:
> Hello-
> 
>  
> 
> I am trying to debug a vpn client connect issue using Shrew Soft 2.1.5
on
> windows 7 and connecting to a Juniper SSG
> 
>  
> 
> I started the VPN trace application and then attempted top connect to
the
> SSG.  No output showed up in any of the VPN trace application tabs nor
did
> anything show up in the log files of the client.
> 
>  
> 
> Any thoughts?
> 

When you start Shrew Trace Utility, you need to go to File -> Options,
 there select Log Output Level (I select Informational), click OK,
then in the main window click on Open Log button in each tab.
(ver 2.1.5 had it so)

Lukasz



------------------------------

Message: 6
Date: Thu, 11 Feb 2010 13:02:49 -0330
From: Shawn Edwards <sedwards at pathix.com>
Subject: Re: [vpn-help] Using Shrewsoft with IAS Radius + Cisco
To: vpn-help at lists.shrew.net,	vpn-help-bounces at lists.shrew.net
Message-ID:
	
<OF1D5362E5.5D079877-ONA32576C7.005AC4A1-A32576C7.005AE54D at pathix.com>
Content-Type: text/plain; charset="us-ascii"

We are using a Cisco ISR with Easy VPN Server to connect remote users to

our network. We've been using it for quite some time with Cisco VPN
Client 
but obviously need a 64 bit VPN Client. I came across shrewsoft VPN
Client 
not too long ago, and would love if I could get this software working as

it seems too good to be true.. In any case Here's what we have:

Cisco ISR 2821 Running IPSEC VPN , doing radius authentication to a 
Windows Server 2003 Radius Server. Everything's configured properly as
we 
use it successfully with the Cisco VPN Client.

I installed shrewsoft 2.1.5, and it successfully imported the existing 
cisco PCF File we had. When I attempt to connect it asks me for username

and password (No Domain field like Cisco VPN Though) I enter in 
credentials of a user that has permission's to connect.. Here is the 
output of shrewsoft:

config loaded for site 'MyCompany.pcf'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
user authentication error
tunnel disabled
detached from key daemon 

I did a Debug RADIUS on the cisco ISR and get the following:

*Feb 10 15:08:16 NST: ISAKMP:(0):Support for IKE Fragmentation not
enabled
*Feb 10 15:08:16 NST: RADIUS/ENCODE(000064C7):Orig. component type = 
VPN_IPSEC
*Feb 10 15:08:16 NST: RADIUS:  AAA Unsupported Attr: interface [175] 13

*Feb 10 15:08:16 NST: RADIUS:   31 39 32 2E 31 36 38 2E 32 35 32
 [192.168.252]
*Feb 10 15:08:16 NST: RADIUS/ENCODE(000064C7): dropping service type, 
"radius-se
rver attribute 6 on-for-login-auth" is off
*Feb 10 15:08:16 NST: RADIUS(000064C7): Config NAS IP:
removed-ip-address
*Feb 10 15:08:16 NST: RADIUS/ENCODE(000064C7): acct_session_id: 25799
*Feb 10 15:08:16 NST: RADIUS(000064C7): sending
*Feb 10 15:08:16 NST: RADIUS(000064C7): Send Access-Request to 
192.168.32.2:1645
 id 1645/5, len 161
*Feb 10 15:08:16 NST: RADIUS:  authenticator 97 70 52 F6 D5 AD D2 3F -
57 
93 56
2F 79 6D C5 3F
*Feb 10 15:08:16 NST: RADIUS:  User-Name           [1]   9
"testinguser"
*Feb 10 15:08:16 NST: RADIUS:  Calling-Station-Id  [31]  17 
"removed-ip-address"
*Feb 10 15:08:16 NST: RADIUS:  Vendor, Microsoft   [26]  24
*Feb 10 15:08:16 NST: RADIUS:   MS-CHAP-Challenge  [11]  18
*Feb 10 15:08:16 NST: RADIUS:   97 70 52 F6 D5 AD D2 3F 57 93 56 2F 79
6D 
C5 3F
 [?pR?????W?V/ym??]
*Feb 10 15:08:16 NST: RADIUS:  Vendor, Microsoft   [26]  58
*Feb 10 15:08:16 NST: RADIUS:   MS-CHAP-V2-Response[25]  52  *
*Feb 10 15:08:16 NST: RADIUS:  NAS-Port-Type       [61]  6   Virtual
       [5]
*Feb 10 15:08:16 NST: RADIUS:  NAS-Port            [5]   6   9

*Feb 10 15:08:16 NST: RADIUS:  NAS-Port-Id         [87]  15 
"removed-ip-address"
*Feb 10 15:08:16 NST: RADIUS:  NAS-IP-Address      [4]   6 
removed-ip-address

*Feb 10 15:08:16 NST: RADIUS: Received from id 1645/5 
removed-ip-address:1645, Access-
Reject, len 42
*Feb 10 15:08:16 NST: RADIUS:  authenticator 4D 85 12 70 89 79 43 60 -
5B 
76 6B
BA 80 20 92 D3
*Feb 10 15:08:16 NST: RADIUS:  Vendor, Microsoft   [26]  22
*Feb 10 15:08:16 NST: RADIUS:   MS-CHAP-ERROR      [2]   16
*Feb 10 15:08:16 NST: RADIUS:   00 45 3D 36 39 31 20 52 3D 30 20 56 3D
33
 [?E=691 R=0 V=3]
*Feb 10 15:08:16 NST: RADIUS(000064C7): Received from id 1645/5
*Feb 10 15:08:16 NST: RADIUS/DECODE: Failure message in the
MS-Chap-Error 
attrib
ute is E=691 R=0 V=3
*Feb 10 15:08:16 NST: RADIUS/DECODE: Authentication failure


Any ideas/help would be greatly appreciated..


Thanks,
Shawn Edwards
Sr. Network Analyst
Pathix ASP
A Division of Vector Aerospace Corporation 
Ph: 709-724-8564
Fax: 709-724-8545
sedwards at pathix.com



From:
"Mike Parsons" <mike.parsons at mynetwiz.com>
To:
"'Lukasz Sokol'" <el.es.cr at googlemail.com>, <vpn-help at lists.shrew.net>
Date:
02/11/2010 12:59 PM
Subject:
Re: [vpn-help] Using VPN Trace utility



Thanks, Lukasz--

You're referring to the open log button I assume and not the trace log?
What is the trace log ubutton used for?

Why aren't log files showing up in the shrew soft directory under the 
debug
folder?

Thanks in advance.

Mike Parsons -- CISSP, IAM, IEM
Chief Technical Officer
mike.parsons at mynetwiz.com
cell:    336-403-9710 
office:  336-306-5573 

Information security architecture and consulting 
Risk assessment
Compliance readiness assessment
Design and implementation services 
JNCIA -- Firewalls, SSL/VPN, IDP 
JNSS -- UAC, Security, Routers, DX 
Ironport, Bluecoat and Tipping Point certified 
Graduate Certificate in Information Security and Privacy 
Security+
MCP 
www.mynetwiz.com
******************************************************* 
Managing information risk through the application of sound technology 
If you know me, you can trust me.

Galatians 2:20 

-----Original Message-----
From: Lukasz Sokol [mailto:el.es.cr at googlemail.com] 
Sent: Thursday, February 11, 2010 11:22 AM
To: Mike Parsons
Subject: Re: [vpn-help] Using VPN Trace utility

Hello Mike,

On 11/02/2010 15:57, Mike Parsons wrote:
> Hello-
> 
> 
> 
> I am trying to debug a vpn client connect issue using Shrew Soft 2.1.5

on
> windows 7 and connecting to a Juniper SSG
> 
> 
> 
> I started the VPN trace application and then attempted top connect to 
the
> SSG.  No output showed up in any of the VPN trace application tabs nor

did
> anything show up in the log files of the client.
> 
> 
> 
> Any thoughts?
> 

When you start Shrew Trace Utility, you need to go to File -> Options,
 there select Log Output Level (I select Informational), click OK,
then in the main window click on Open Log button in each tab.
(ver 2.1.5 had it so)

Lukasz

_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help






This e-mail may contain confidential information and the sender does not

waive any related rights and obligations. If you are not the intended 
recipient please notify the sender and discard it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.shrew.net/pipermail/vpn-help/attachments/20100211/2baf4e80/
attachment.html 

------------------------------

_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help


End of vpn-help Digest, Vol 41, Issue 17
****************************************

More information about the vpn-help mailing list