[vpn-help] peer violates RFC

Matt Leventhal matthew.leventhal at googlemail.com
Sat Nov 20 04:05:20 CST 2010 

Dear Support,

I have been trying for some time to connect the ShrewVPN to a Juniper 
gateway at my work place, from Linux Mint (64 bit) at home.  And have 
recently upgraded to the latest version of Mint (10 - Julia) and still 
having no luck.  (Previously was on version 9, and all attempts at 
connection have been over wireless).

The GUI says the VPN has connected, and while connected I lose all 
internet access, but equally I still do not have any access to my work 
place.. nothing on my office LAN replies to pings, nor can I rdesktop to 
our office terminal server etc.

The same .pcf file works fine from a Windows XP VM I have on this 
machine, which I hope rules out a mismatch of .pcf vs gateway settings, 
or anything to do with my home internet access.  Meaning it must be 
something to do with my Linux install, but I'm too much of a newbie on 
Linux to have any idea what to do next !

Here is the result of sudo iked -F -d 6
ii : created ike socket 0.0.0.0:500
ii : created natt socket 0.0.0.0:4500
## : IKE Daemon, ver 2.1.5
## : Copyright 2009 Shrew Soft Inc.
## : This product linked OpenSSL 0.9.8o 01 Jun 2010
K! : recv X_SPDDUMP message failure ( errno = 2 )
!! : peer violates RFC, transform number mismatch ( 1 != 6 )
!! : peer violates RFC, transform number mismatch ( 1 != 5 )


And that's all I get, it just sits there after that with the client 
saying it's connected but with no access to anything :(

Very many thanks for your help, .pcf settings below.

Kind regards,
Matt


.pcf settings (with sensitive information obscured):
n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:0
n:network-notify-enable:1
n:client-wins-used:0
n:client-wins-auto:0
n:client-dns-used:1
n:client-dns-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:phase1-dhgroup:2
n:phase1-life-secs:28800
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
s:network-host:xx.xx.xx.xx
s:client-auto-mode:push
s:client-iface:virtual
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk-xauth
s:ident-client-type:fqdn
s:ident-server-type:fqdn
s:ident-client-data:xxxxx.xxxxxxxx.co.uk
s:ident-server-data:xxxxxx.xxxxxxxx.co.uk
b:auth-mutual-psk:xxxxxxxxxxx
s:phase1-exchange:aggressive
s:phase1-cipher:auto
s:phase1-hash:auto
s:phase2-transform:auto
s:phase2-hmac:auto
s:ipcomp-transform:disabled
n:phase2-pfsgroup:-1
s:policy-list-include:192.168.230.0 / 255.255.255.0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20101120/a97da559/attachment-0001.html>

More information about the vpn-help mailing list