[vpn-help] vpn-help Digest, Vol 62, Issue 4

Felix Pablo Grande fpgrande at gmail.com
Tue Nov 8 13:03:24 CST 2011 

For   4. Re: Problem after upgrade to ubuntu 11.10 (Kevin VPN)

Downgrade to version 2.15.

Best regards,

Félix

2011/11/8 <vpn-help-request at lists.shrew.net>

> Send vpn-help mailing list submissions to
>        vpn-help at lists.shrew.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://lists.shrew.net/mailman/listinfo/vpn-help
> or, via email, send a message with subject or body 'help' to
>        vpn-help-request at lists.shrew.net
>
> You can reach the person managing the list at
>        vpn-help-owner at lists.shrew.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of vpn-help digest..."
>
>
> Today's Topics:
>
>   1. Re: VPN Connection Problems (Kevin VPN)
>   2. Re: SAs expire immediately, connecting to Juniper SSG via
>      Shrew (Kevin VPN)
>   3. Re: Shrew 2.2.0 OS X build does not work on OSX 10.6.8 (Kevin VPN)
>   4. Re: Problem after upgrade to ubuntu 11.10 (Kevin VPN)
>   5. Re: Shrew 2.2.0 OS X build working on OSX 10.7 Lion? (Kevin VPN)
>   6. Re: Shrew 2.2.0 OS X build does not work on OSX 10.6.8
>      (Jinyan Huang)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 7 Nov 2011 22:05:17 -0500
> From: Kevin VPN <kvpn at live.com>
> Subject: Re: [vpn-help] VPN Connection Problems
> To: vpn-help at lists.shrew.net
> Message-ID: <BLU0-SMTP273E293F6DA43A90C2E74B0A0DE0 at phx.gbl>
> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
>
> On 10/26/2011 11:05 PM, Joshua Joyce wrote:
> > Experts:
> >
> ...
> >
> > I have been having problems with the multiple stations kicking off
> > the the stations that connected prior.  I juggle the connection for a
> > while, and soon the VPN Gateway doesn't respond to anyone.  Several
> > hardware reboots later things start connecting again with the same
> > problem.  I really noticed this after I connected the server for the
> > first time.  Prior to that I was able to RDP on station from the
> > other station through the VPN Connection, so I know they can reach
> > each other.
> >
> > I set up the Shrew exactly the way shown on the Shrew set-up page for
> > netgear.
> >
> >
> > Maybe a question for further down the road, but can I set this up a
> > different way than shown on the Shrew set-up page?  It ha me using
> > 3DES, which I recall uses a ton of processor resourses.
> ...
>
> Hi Josh,
>
> For the first problem (users kicking others) it's possible that the
> Netgear only only allows one concurrent login.  Since you're all using
> the same remote identifier, I think that there's probably a conflict.
> (I'm not sure why it requires multiple reboots to restore service though.)
>
> I'm not sure if there's a way to allow multiple logins with the same
> remote identifier.  You could explore using a different Remote
> Identifier Type, perhaps there's one that allows a dynamic client IP. If
> you have a fixed (and manageable) number of clients, you could also
> create a separate VPN (IKE Policy) for each.
>
> For the second issue, you can always try using some encryption other
> than 3DES to save cycles, although you'd probably also sacrifice some
> level of crypto strength.  It might be worth it though, if your clients
> are in the field and battery life is an important issue.  Just make sure
> that both the gateway and client are set to the same values and it
> should work.
>
> If all you need the VPN for is access to the server, since you've got
> Server 2008 R2, if your clients are Win7, you could also look at putting
> them together as a domain and using DirectAccess to provide an encrypted
> channel between the server and clients.
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 7 Nov 2011 22:13:25 -0500
> From: Kevin VPN <kvpn at live.com>
> Subject: Re: [vpn-help] SAs expire immediately, connecting to Juniper
>        SSG via Shrew
> To: vpn-help at lists.shrew.net
> Message-ID: <BLU0-SMTP2761DFE1FDADED7DB3AB90CA0DE0 at phx.gbl>
> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
>
> On 10/27/2011 04:22 PM, Tim Keane wrote:
> >
> > When I attempt to connect using Shrew, Phase1 and Phase2 negotiations are
> > completed successfully.  However, the SAs immediately expire.  This is
> happening
> > using Shrew v. 2.1.7 and 2.2.0, on both XP and Win7 client computers.
> >
> ...
> > 11/10/27 15:01:47 ii : processing phase2 packet ( 76 bytes )
> > 11/10/27 15:01:47 ii : processing phase2 packet ( 76 bytes )
> > 11/10/27 15:01:47 DB : phase2 found
> > 11/10/27 15:01:47 DB : phase2 found
> > 11/10/27 15:01:47 !! : phase2 packet ignored, resending last packet (
> phase2
> > already mature )
> > 11/10/27 15:01:47 !! : phase2 packet ignored, resending last packet (
> phase2
> > already mature )
> >
>
> Hi Tim,
>
> I would suggest that your problem is that Phase 2 is not completing
> successfully.  Shrew might think that it's complete (mature), but the
> gateway is still sending configure packets, suggesting that it does not
> agree.  I've seen this before, but can't remember exactly the cause.
> Maybe the proxy ids or policies didn't match?
>
> Double-check your Phase 2, proxy and/or policy settings to be sure they
> are the same on both the client and gateway.
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 7 Nov 2011 22:18:16 -0500
> From: Kevin VPN <kvpn at live.com>
> Subject: Re: [vpn-help] Shrew 2.2.0 OS X build does not work on OSX
>        10.6.8
> To: vpn-help at lists.shrew.net
> Message-ID: <BLU0-SMTP161522EAD61BC2F66387EECA0DE0 at phx.gbl>
> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
>
> On 11/02/2011 11:05 PM, Jinyan Huang wrote:
> > Dear list,
> >
> > I have Shrew VPN on my windows and Mac OS. In the same network
> > environment, the windows version is working, but on Mac is not. The
> > log file is follow. Any suggestions? Thank you very much in advance.
> >
> > config loaded for site 'server'
> > attached to key daemon ...
> > peer configured
> > iskamp proposal configured
> > esp proposal configured
> > client configured
> > local id configured
> > remote id configured
> > file password required for user at serverb
> > file password required for user at serverb
> > file password required for user at serverb
> > file password required for user at serverb
> > server cert configured
> > client cert configured
> > client key configured
> > bringing up tunnel ...
> > negotiation timout occurred
> > tunnel disabled
> > detached from key daemon
> > user
> >
> > sudo iked restart
> > ii : created ike socket 0.0.0.0:500
> > ii : created natt socket 0.0.0.0:4500
> > ## : IKE Daemon, ver 2.2.0
> > ## : Copyright 2009 Shrew Soft Inc.
> > ## : This product linked OpenSSL 0.9.8r 8 Feb 2011
> >
> >
> > ps aux | grep iked
> > user    1498   0.0  0.0  2435116    528 s003  S+   10:52AM   0:00.00
> grep iked
> > root      1485   0.0  0.0   611516    836   ??  Ss   10:49AM   0:00.07
> > iked restart
>
> Hi Jinyan,
>
> I don't have a Mac, so I can't really help much, but are you perhaps
> running a firewall or other VPN software that is intercepting/blocking
> the packets coming back from the VPN gateway?  The iked.log does not
> show any packets received from the gateway.
>
> Are you able to look at the gateway to see if it receives the connect
> request from Shrew?
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 7 Nov 2011 22:27:05 -0500
> From: Kevin VPN <kvpn at live.com>
> Subject: Re: [vpn-help] Problem after upgrade to ubuntu 11.10
> To: vpn-help at lists.shrew.net
> Message-ID: <BLU0-SMTP1380B314620542D06C3E6C2A0DE0 at phx.gbl>
> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
>
> On 10/28/2011 09:10 AM, Joao Mendes wrote:
> > Hi Tio,
> > I tryed 2.2.0 beta 2 and worked.
> >
> > I send you a deb I made with checkinstall (install at your
> responsability)
> >
> > I needed to start iked manually (after renaming /etc/iked.conf.sample to
> > /etc/iked.conf)
> >
> > Then start the UI qikea..
> >
> > The vpn configuration file is the same.
> >
> >
> > Cumprimentos,
> > Jo?o Mendes
> >
>
> Hi Jo?o,
>
> This deb file is really welcome, thank you!  This will help a lot of
> people!  Especially since the bug hasn't even been assigned to someone
> to fix yet (https://bugs.launchpad.net/ubuntu/+source/ike/+bug/860208).
>
> I notice that the build is for amd64.  I'm not very aware of Linux
> builds, but I think that means it is for 64bit versions of Ubuntu.  Is
> it possible for you to also make one for 32bit?  Pretty please?  :)
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 7 Nov 2011 22:30:13 -0500
> From: Kevin VPN <kvpn at live.com>
> Subject: Re: [vpn-help] Shrew 2.2.0 OS X build working on OSX 10.7
>        Lion?
> To: vpn-help at lists.shrew.net
> Message-ID: <BLU0-SMTP11327CE7543F4ECDEF2CF56A0DE0 at phx.gbl>
> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
>
> On 11/01/2011 05:45 PM, Jaren Angerbauer wrote:
> > On Tue, Nov 1, 2011 at 3:35 PM, Paul Theodoropoulos<paul at anastrophe.com>
>  wrote:
> >> apologies for the delay replying - to the best of my recollection, i
> did not
> >> reinstall shrew after upgrading to lion, however, i could not testify to
> >> that in a court of law. :)
> >
> > FWIW, I installed Shrew for the first time after upgrading to Lion,
> > and it's working great.  For those having issues, perhaps try
> > uninstalling / reinstalling.  Is there any guide that shows how to
> > completely remove the software from the system?
> >
>
> I second that, a set of instructions for removal from OS X would be most
> useful - I'm assuming it's not so simple as deleting the Shrew objects
> from the Applications menu in Finder, since iked runs at startup.
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 8 Nov 2011 11:54:00 +0800
> From: Jinyan Huang <jhuang.tongji at gmail.com>
> Subject: Re: [vpn-help] Shrew 2.2.0 OS X build does not work on OSX
>        10.6.8
> To: Kevin VPN <kvpn at live.com>
> Cc: vpn-help at lists.shrew.net
> Message-ID:
>        <CAN31xkcdn262ODXo8qGfnFJC7T-iB_8nygm2K_aQC++5Dewm6Q at mail.gmail.com
> >
> Content-Type: text/plain; charset=ISO-8859-1
>
> I just use the client of shrew. I cannot look at the gateway to see if
> it receives the connect request from Shrew.
>
> But I used the same internet the windows Shrew can connect but Mac
> not. In my Mac, I do not install firewall or other VPN software.
>
> It is strange.
>
> On Tue, Nov 8, 2011 at 11:18 AM, Kevin VPN <kvpn at live.com> wrote:
> > On 11/02/2011 11:05 PM, Jinyan Huang wrote:
> >>
> >> Dear list,
> >>
> >> I have Shrew VPN on my windows and Mac OS. In the same network
> >> environment, the windows version is working, but on Mac is not. The
> >> log file is follow. Any suggestions? Thank you very much in advance.
> >>
> >> config loaded for site 'server'
> >> attached to key daemon ...
> >> peer configured
> >> iskamp proposal configured
> >> esp proposal configured
> >> client configured
> >> local id configured
> >> remote id configured
> >> file password required for user at serverb
> >> file password required for user at serverb
> >> file password required for user at serverb
> >> file password required for user at serverb
> >> server cert configured
> >> client cert configured
> >> client key configured
> >> bringing up tunnel ...
> >> negotiation timout occurred
> >> tunnel disabled
> >> detached from key daemon
> >> user
> >>
> >> sudo iked restart
> >> ii : created ike socket 0.0.0.0:500
> >> ii : created natt socket 0.0.0.0:4500
> >> ## : IKE Daemon, ver 2.2.0
> >> ## : Copyright 2009 Shrew Soft Inc.
> >> ## : This product linked OpenSSL 0.9.8r 8 Feb 2011
> >>
> >>
> >> ps aux | grep iked
> >> user ? ?1498 ? 0.0 ?0.0 ?2435116 ? ?528 s003 ?S+ ? 10:52AM ? 0:00.00
> grep
> >> iked
> >> root ? ? ?1485 ? 0.0 ?0.0 ? 611516 ? ?836 ? ?? ?Ss ? 10:49AM ? 0:00.07
> >> iked restart
> >
> > Hi Jinyan,
> >
> > I don't have a Mac, so I can't really help much, but are you perhaps
> running
> > a firewall or other VPN software that is intercepting/blocking the
> packets
> > coming back from the VPN gateway? ?The iked.log does not show any packets
> > received from the gateway.
> >
> > Are you able to look at the gateway to see if it receives the connect
> > request from Shrew?
> > _______________________________________________
> > vpn-help mailing list
> > vpn-help at lists.shrew.net
> > http://lists.shrew.net/mailman/listinfo/vpn-help
> >
>
>
> ------------------------------
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>
>
> End of vpn-help Digest, Vol 62, Issue 4
> ***************************************
>



-- 
*Félix Pablo Grande Ramos*

*Carpe diem quam minimum credula postero
*Aprovecha el día, no confíes en mañana

*Horacio (Odas,I,11)
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20111108/4c087f65/attachment-0001.html>

More information about the vpn-help mailing list