[vpn-help] cant connect to racoon
Stefan Bauer
stefan.bauer at cubewerk.de
Wed Mar 17 08:17:08 CDT 2010
Am 17.03.2010 09:37, Shai Ayal schrieb:
> Hello,
>
> I'm trying to setup shrewvpn to connect to racoon.
> shrewvpn ver 2.1.5 on win XP
> racoon 1:0.7.1-1.3+lenny2 on debian lenny 2.6.26-2-486
>
> I'm getting the following error at the end of the racoon log:
> 2010-03-17 10:33:33: INFO: respond new phase 1 negotiation:
> 192.168.0.125[500]<=>192.168.0.83[500]
> 2010-03-17 10:33:33: INFO: begin Identity Protection mode.
> 2010-03-17 10:33:33: INFO: received Vendor ID:
> draft-ietf-ipsra-isakmp-xauth-06.txt
> 2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
> 2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
> 2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
>
> 2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
> 2010-03-17 10:33:33: INFO: received Vendor ID: RFC 3947
> 2010-03-17 10:33:33: INFO: received broken Microsoft ID: FRAGMENTATION
> 2010-03-17 10:33:33: INFO: received Vendor ID: DPD
> 2010-03-17 10:33:33: INFO: received Vendor ID: CISCO-UNITY
> 2010-03-17 10:33:33: INFO: Selected NAT-T version: RFC 3947
> 2010-03-17 10:33:33: ERROR: rejected authmethod:
> DB(prop#1:trns#1):Peer(prop#1:trns#1) = XAuth RSASIG server:Hybrid RSA
> client
> 2010-03-17 10:33:33: ERROR: no suitable proposal found.
> 2010-03-17 10:33:33: ERROR: failed to get valid proposal.
> 2010-03-17 10:33:33: ERROR: failed to pre-process packet.
> 2010-03-17 10:33:33: ERROR: phase1 negotiation failed.
>
> I have shrewvpn authentication set to "Hybrid RSA + XAuth".
> the way I read this error is thet shrewvpn is asking for "Hybrid RSA
> client" method, and racoon doesn't have anything matching, although the
> "XAuth RSASIG server" should be equivalent according to the manuals.
Shai,
could you please provide your racoon.conf ?
Stefan
(Debian ipsec-tools/racoon Maintainer)
--
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------
More information about the vpn-help
mailing list