[vpn-help] cant connect to racoon

Shai Ayal shaia at biocontrol.co.il
Wed Mar 17 03:37:01 CDT 2010


Hello,

I'm trying to setup shrewvpn to connect to racoon.
shrewvpn ver 2.1.5 on win XP
racoon 1:0.7.1-1.3+lenny2 on debian lenny 2.6.26-2-486

I'm getting the following error at the end of the racoon log:
2010-03-17 10:33:33: INFO: respond new phase 1 negotiation: 
192.168.0.125[500]<=>192.168.0.83[500]
2010-03-17 10:33:33: INFO: begin Identity Protection mode.
2010-03-17 10:33:33: INFO: received Vendor ID: 
draft-ietf-ipsra-isakmp-xauth-06.txt
2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
2010-03-17 10:33:33: INFO: received Vendor ID: RFC 3947
2010-03-17 10:33:33: INFO: received broken Microsoft ID: FRAGMENTATION
2010-03-17 10:33:33: INFO: received Vendor ID: DPD
2010-03-17 10:33:33: INFO: received Vendor ID: CISCO-UNITY
2010-03-17 10:33:33: INFO: Selected NAT-T version: RFC 3947
2010-03-17 10:33:33: ERROR: rejected authmethod: 
DB(prop#1:trns#1):Peer(prop#1:trns#1) = XAuth RSASIG server:Hybrid RSA 
client
2010-03-17 10:33:33: ERROR: no suitable proposal found.
2010-03-17 10:33:33: ERROR: failed to get valid proposal.
2010-03-17 10:33:33: ERROR: failed to pre-process packet.
2010-03-17 10:33:33: ERROR: phase1 negotiation failed.

I have shrewvpn authentication set to "Hybrid RSA + XAuth".
the way I read this error is thet shrewvpn is asking for  "Hybrid RSA 
client" method, and racoon doesn't have anything matching, although the 
"XAuth RSASIG server" should be equivalent according to the manuals.

Please Help

Shai
-- 
Shai Ayal, Ph.D.
Director of Development
BioControl Medical BCM
Tel:  + 972 3 6322 126 ext 223
Fax:  + 972 3 6322 125
email: shaia at biocontrol.co.il




More information about the vpn-help mailing list