[vpn-help] peer violates RFC

Alexis La Goutte alexis.lagoutte at gmail.com
Sat Nov 20 09:40:16 CST 2010


Hi Matt

Have a look at this

http://lists.shrew.net/pipermail/vpn-help/2008-November/000950.html

Alexis

On Sat, Nov 20, 2010 at 11:05 AM, Matt Leventhal <
matthew.leventhal at googlemail.com> wrote:

>
> Dear Support,
>
> I have been trying for some time to connect the ShrewVPN to a Juniper
> gateway at my work place, from Linux Mint (64 bit) at home.  And have
> recently upgraded to the latest version of Mint (10 - Julia) and still
> having no luck.  (Previously was on version 9, and all attempts at
> connection have been over wireless).
>
> The GUI says the VPN has connected, and while connected I lose all internet
> access, but equally I still do not have any access to my work place..
> nothing on my office LAN replies to pings, nor can I rdesktop to our office
> terminal server etc.
>
> The same .pcf file works fine from a Windows XP VM I have on this machine,
> which I hope rules out a mismatch of .pcf vs gateway settings, or anything
> to do with my home internet access.  Meaning it must be something to do with
> my Linux install, but I'm too much of a newbie on Linux to have any idea
> what to do next !
>
> Here is the result of sudo iked -F -d 6
> ii : created ike socket 0.0.0.0:500
> ii : created natt socket 0.0.0.0:4500
> ## : IKE Daemon, ver 2.1.5
> ## : Copyright 2009 Shrew Soft Inc.
> ## : This product linked OpenSSL 0.9.8o 01 Jun 2010
> K! : recv X_SPDDUMP message failure ( errno = 2 )
> !! : peer violates RFC, transform number mismatch ( 1 != 6 )
> !! : peer violates RFC, transform number mismatch ( 1 != 5 )
>
>
> And that's all I get, it just sits there after that with the client saying
> it's connected but with no access to anything :(
>
> Very many thanks for your help, .pcf settings below.
>
> Kind regards,
> Matt
>
>
> .pcf settings (with sensitive information obscured):
> n:version:2
> n:network-ike-port:500
> n:network-mtu-size:1380
> n:client-addr-auto:1
> n:network-natt-port:4500
> n:network-natt-rate:15
> n:network-frag-size:540
> n:network-dpd-enable:1
> n:client-banner-enable:0
> n:network-notify-enable:1
> n:client-wins-used:0
> n:client-wins-auto:0
> n:client-dns-used:1
> n:client-dns-auto:1
> n:client-splitdns-used:1
> n:client-splitdns-auto:1
> n:phase1-dhgroup:2
> n:phase1-life-secs:28800
> n:phase1-life-kbytes:0
> n:vendor-chkpt-enable:0
> n:phase2-life-secs:3600
> n:phase2-life-kbytes:0
> n:policy-nailed:0
> n:policy-list-auto:0
> s:network-host:xx.xx.xx.xx
> s:client-auto-mode:push
> s:client-iface:virtual
> s:network-natt-mode:enable
> s:network-frag-mode:enable
> s:auth-method:mutual-psk-xauth
> s:ident-client-type:fqdn
> s:ident-server-type:fqdn
> s:ident-client-data:xxxxx.xxxxxxxx.co.uk
> s:ident-server-data:xxxxxx.xxxxxxxx.co.uk
> b:auth-mutual-psk:xxxxxxxxxxx
> s:phase1-exchange:aggressive
> s:phase1-cipher:auto
> s:phase1-hash:auto
> s:phase2-transform:auto
> s:phase2-hmac:auto
> s:ipcomp-transform:disabled
> n:phase2-pfsgroup:-1
> s:policy-list-include:192.168.230.0 / 255.255.255.0
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20101120/8a147f6a/attachment-0002.html>


More information about the vpn-help mailing list