[vpn-help] 2.1.7 client and Cisco Small Business RV082 (linksys)
Alejandro Valverde
janycr at gmail.com
Wed Jun 8 10:51:22 CDT 2011
Hi I did setup the RV082 following your guide (
http://www.shrew.net/support/wiki/HowtoLinksys) and it works perfect,
however I need to setup the router and the shrew client to use user
Authentication and I'm not able to make it work, this is my current config:
RV082 config:
Type: Group VPN
Tunel name: vpnusers
Interface: WAN1
Enable: Checked
Local Group Setup:
Local Security Type: Subnet
IP Address: 192.168.2.0
Subnet Mask: 255.255.255.0
Remote Client Setup:
Remote Client: Domain Name (FQDN)
Domain Name: shrew.net
IPSec Setup:
Keying Mode: IKE with Preshared key
Phase 1 DH Group: Group 2 - 1024 bit
Phase 1 Encryption: AES-256
Phase 1 Authentication: SHA1
Phase 1 SA Life Time: 28800 seconds
Perfect Forward Secrecy: Checked
Phase 2 DH Group: Group 2 - 1024 bit
Phase 2 Encryption: AES-256
Phase 2 Authentication: SHA1
Phase 2 SA Life Time: 3600
Preshared key: hr5xb84l6aa9r6
Minimum Preshared Key Complexity: Checked
Advanced:
Agressive Mode: Checked (there's no way to uncheck this one)
Compress: Unchecked
Keep-Alive: Checked
AH Hash Algorithm: Unchecked
NetBIOS Broadcast: Checked
NAT Traversal: Checked
Then in the RV082 Router, under VPN Menu, VPN Client Access, I have the
user: alejandro / xjq123, also I did export the client certificate.
Shrew Vpn Client config:
General:
Host Name or IP Address: myserverIP:500
Auto Configuration: disabled
Address Method: Use and existing adapter and current address
Client:
Nat Traversal: enable
Nat Traversal Port: 4500
Keep-alive packet rate: 15 Secs
IKE Fragmentation: disable
Enable Dead Peer Detection: Checked
Enable ISAKMP Failure Notifications: Checked
Name Resolution:
WINS / DNS: Unchecked
Enable DNS: Unchecked
Authentication:
Authentication Method: Mutual PSK + XAuth
Local Identity:
Identification Type: User Fully Qualified Domain Name
UFQDN String: alejandro at shrew.net
Remote Identity:
Indetification Type: IP Address
Use a discovered remote host address: Checked
Credentials:
Pre Shared Key: hr5xb84l6aa9r6
Phase 1:
Exchange Type: agressive
DH Exchange: group 2
Cipher Algorithm: aes
Cipher Key Length: 256
Hash Algorithm: sha1
Key Life Time limit: 28800 Secs
Key Life Data limit: 0 Kbytes
Enable Check Point Compatible Vendor ID: Unchecked
Phase 2:
Transform Algorithm: esp-aes
Transform Key Length: 256
HMAC Algorithm: sha1
PFS Exchange: group 2
Compress Algorithm: disabled
Key Life Time limit: 3600 Secs
Key Life Data limit: 0 Kbytes
Policy:
Policy Generation Level: auto
Maintain Persistent Security Associations: Unchecked
Obtain Topology Automatically or Tunnel All: Unchecked
Remote Network Resource:
Type: Include
Address: 192.168.2.0
Netmask: 255.255.255.0
Notes: In the RV082 Group VPN I still have the vpngrop that works following
the guide in your website (in case this setup affect the new one with
Authentication)
This is the router log:
Jun 8 07:48:45 2011 VPN Log packet from 186.32.208.21:292: ignoring
Vendor ID payload [XAUTH] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload [XAUTH] Jun 8 07:48:45 2011 VPN
Log packet from 186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[16f6ca16e4a4066d83821a0f0aeaa862] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[16f6ca16e4a4066d83821a0f0aeaa862] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload [RFC 3947] Jun 8 07:48:45
2011 VPN Log packet from 186.32.208.21:292: received Vendor ID payload [RFC
3947] Jun 8 07:48:45 2011 VPN Log packet from 186.32.208.21:292: received
Vendor ID payload [Dead Peer Detection] Jun 8 07:48:45 2011 VPN Log packet
from 186.32.208.21:292: received Vendor ID payload [Dead Peer Detection] Jun
8 07:48:45 2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID
payload [f14b94b7bff1fef02773b8c49feded26] Jun 8 07:48:45 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[f14b94b7bff1fef02773b8c49feded26] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd8451] Jun 8 07:48:45 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd8451] Jun 8 07:48:45 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[8404adf9cda05760b2ca292e4bff537b] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[8404adf9cda05760b2ca292e4bff537b] Jun 8 07:48:45 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload [Cisco-Unity] Jun 8 07:48:45
2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID payload
[Cisco-Unity] Jun 8 07:48:45 2011 VPN Log packet from 186.32.208.21:292:
[Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st
packet Jun
8 07:48:45 2011 VPN Log packet from 186.32.208.21:292: [Tunnel Negotiation
Info] <<< Responder Received Aggressive Mode 1st packet Jun 8
07:48:45 2011 VPN
Log packet from 186.32.208.21:292: initial Aggressive Mode message from
186.32.208.21 but no (wildcard) connection has been configured Jun 8
07:48:45 2011 VPN Log packet from 186.32.208.21:292: initial Aggressive Mode
message from 186.32.208.21 but no (wildcard) connection has been
configured Jun
8 07:48:50 2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID
payload [XAUTH] Jun 8 07:48:50 2011 VPN Log packet from 186.32.208.21:292:
ignoring Vendor ID payload [XAUTH] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[16f6ca16e4a4066d83821a0f0aeaa862] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[16f6ca16e4a4066d83821a0f0aeaa862] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload [RFC 3947] Jun 8 07:48:50
2011 VPN Log packet from 186.32.208.21:292: received Vendor ID payload [RFC
3947] Jun 8 07:48:50 2011 VPN Log packet from 186.32.208.21:292: received
Vendor ID payload [Dead Peer Detection] Jun 8 07:48:50 2011 VPN Log packet
from 186.32.208.21:292: received Vendor ID payload [Dead Peer Detection] Jun
8 07:48:50 2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID
payload [f14b94b7bff1fef02773b8c49feded26] Jun 8 07:48:50 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[f14b94b7bff1fef02773b8c49feded26] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd8451] Jun 8 07:48:50 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd8451] Jun 8 07:48:50 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[8404adf9cda05760b2ca292e4bff537b] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[8404adf9cda05760b2ca292e4bff537b] Jun 8 07:48:50 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload [Cisco-Unity] Jun 8 07:48:50
2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID payload
[Cisco-Unity] Jun 8 07:48:50 2011 VPN Log packet from 186.32.208.21:292:
[Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st
packet Jun
8 07:48:50 2011 VPN Log packet from 186.32.208.21:292: [Tunnel Negotiation
Info] <<< Responder Received Aggressive Mode 1st packet Jun 8
07:48:50 2011 VPN
Log packet from 186.32.208.21:292: initial Aggressive Mode message from
186.32.208.21 but no (wildcard) connection has been configured Jun 8
07:48:50 2011 VPN Log packet from 186.32.208.21:292: initial Aggressive Mode
message from 186.32.208.21 but no (wildcard) connection has been
configured Jun
8 07:48:55 2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID
payload [XAUTH] Jun 8 07:48:55 2011 VPN Log packet from 186.32.208.21:292:
ignoring Vendor ID payload [XAUTH] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[16f6ca16e4a4066d83821a0f0aeaa862] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[16f6ca16e4a4066d83821a0f0aeaa862] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload [RFC 3947] Jun 8 07:48:55
2011 VPN Log packet from 186.32.208.21:292: received Vendor ID payload [RFC
3947] Jun 8 07:48:55 2011 VPN Log packet from 186.32.208.21:292: received
Vendor ID payload [Dead Peer Detection] Jun 8 07:48:55 2011 VPN Log packet
from 186.32.208.21:292: received Vendor ID payload [Dead Peer Detection] Jun
8 07:48:55 2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID
payload [f14b94b7bff1fef02773b8c49feded26] Jun 8 07:48:55 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[f14b94b7bff1fef02773b8c49feded26] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd8451] Jun 8 07:48:55 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd8451] Jun 8 07:48:55 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[8404adf9cda05760b2ca292e4bff537b] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[8404adf9cda05760b2ca292e4bff537b] Jun 8 07:48:55 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload [Cisco-Unity] Jun 8 07:48:55
2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID payload
[Cisco-Unity] Jun 8 07:48:55 2011 VPN Log packet from 186.32.208.21:292:
[Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st
packet Jun
8 07:48:55 2011 VPN Log packet from 186.32.208.21:292: [Tunnel Negotiation
Info] <<< Responder Received Aggressive Mode 1st packet Jun 8
07:48:55 2011 VPN
Log packet from 186.32.208.21:292: initial Aggressive Mode message from
186.32.208.21 but no (wildcard) connection has been configured Jun 8
07:48:55 2011 VPN Log packet from 186.32.208.21:292: initial Aggressive Mode
message from 186.32.208.21 but no (wildcard) connection has been
configured Jun
8 07:49:00 2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID
payload [XAUTH] Jun 8 07:49:00 2011 VPN Log packet from 186.32.208.21:292:
ignoring Vendor ID payload [XAUTH] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[16f6ca16e4a4066d83821a0f0aeaa862] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[16f6ca16e4a4066d83821a0f0aeaa862] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: received Vendor ID payload [RFC 3947] Jun 8 07:49:00
2011 VPN Log packet from 186.32.208.21:292: received Vendor ID payload [RFC
3947] Jun 8 07:49:00 2011 VPN Log packet from 186.32.208.21:292: received
Vendor ID payload [Dead Peer Detection] Jun 8 07:49:00 2011 VPN Log packet
from 186.32.208.21:292: received Vendor ID payload [Dead Peer Detection] Jun
8 07:49:00 2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID
payload [f14b94b7bff1fef02773b8c49feded26] Jun 8 07:49:00 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[f14b94b7bff1fef02773b8c49feded26] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd8451] Jun 8 07:49:00 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd8451] Jun 8 07:49:00 2011 VPN Log packet
from 186.32.208.21:292: ignoring Vendor ID payload
[8404adf9cda05760b2ca292e4bff537b] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload
[8404adf9cda05760b2ca292e4bff537b] Jun 8 07:49:00 2011 VPN Log packet from
186.32.208.21:292: ignoring Vendor ID payload [Cisco-Unity] Jun 8 07:49:00
2011 VPN Log packet from 186.32.208.21:292: ignoring Vendor ID payload
[Cisco-Unity] Jun 8 07:49:00 2011 VPN Log packet from 186.32.208.21:292:
[Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st
packet Jun
8 07:49:00 2011 VPN Log packet from 186.32.208.21:292: [Tunnel Negotiation
Info] <<< Responder Received Aggressive Mode 1st packet Jun 8
07:49:00 2011 VPN
Log packet from 186.32.208.21:292: initial Aggressive Mode message from
186.32.208.21 but no (wildcard) connection has been configured
And this the shrew window log:
config loaded for site 'ggldevusers'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
negotiation timout occurred
tunnel disabled
detached from key daemon ...
I really appreciate your help, by the way this is the only software that
works perfect on Windows 7 64bits.. THANKS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110608/1530390f/attachment-0001.html>
More information about the vpn-help
mailing list