[vpn-help] peer violates RFC
Matt Leventhal
matthew.leventhal at googlemail.com
Sat Nov 20 04:05:20 CST 2010
Dear Support,
I have been trying for some time to connect the ShrewVPN to a Juniper
gateway at my work place, from Linux Mint (64 bit) at home. And have
recently upgraded to the latest version of Mint (10 - Julia) and still
having no luck. (Previously was on version 9, and all attempts at
connection have been over wireless).
The GUI says the VPN has connected, and while connected I lose all
internet access, but equally I still do not have any access to my work
place.. nothing on my office LAN replies to pings, nor can I rdesktop to
our office terminal server etc.
The same .pcf file works fine from a Windows XP VM I have on this
machine, which I hope rules out a mismatch of .pcf vs gateway settings,
or anything to do with my home internet access. Meaning it must be
something to do with my Linux install, but I'm too much of a newbie on
Linux to have any idea what to do next !
Here is the result of sudo iked -F -d 6
ii : created ike socket 0.0.0.0:500
ii : created natt socket 0.0.0.0:4500
## : IKE Daemon, ver 2.1.5
## : Copyright 2009 Shrew Soft Inc.
## : This product linked OpenSSL 0.9.8o 01 Jun 2010
K! : recv X_SPDDUMP message failure ( errno = 2 )
!! : peer violates RFC, transform number mismatch ( 1 != 6 )
!! : peer violates RFC, transform number mismatch ( 1 != 5 )
And that's all I get, it just sits there after that with the client
saying it's connected but with no access to anything :(
Very many thanks for your help, .pcf settings below.
Kind regards,
Matt
.pcf settings (with sensitive information obscured):
n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:0
n:network-notify-enable:1
n:client-wins-used:0
n:client-wins-auto:0
n:client-dns-used:1
n:client-dns-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:phase1-dhgroup:2
n:phase1-life-secs:28800
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
s:network-host:xx.xx.xx.xx
s:client-auto-mode:push
s:client-iface:virtual
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk-xauth
s:ident-client-type:fqdn
s:ident-server-type:fqdn
s:ident-client-data:xxxxx.xxxxxxxx.co.uk
s:ident-server-data:xxxxxx.xxxxxxxx.co.uk
b:auth-mutual-psk:xxxxxxxxxxx
s:phase1-exchange:aggressive
s:phase1-cipher:auto
s:phase1-hash:auto
s:phase2-transform:auto
s:phase2-hmac:auto
s:ipcomp-transform:disabled
n:phase2-pfsgroup:-1
s:policy-list-include:192.168.230.0 / 255.255.255.0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20101120/a97da559/attachment.html>
More information about the vpn-help
mailing list