[vpn-help] Shrewsoft Windows Client 2.2.0-rc1 Phase 2 Transform Algorithm

[Matthew Grooms]

Quite likely it's because we added support for SHA2 hash algorithms in 
the 2.2 branch and it's causing either ...

1) the packet to become fragmented since the size is larger due to more 
proposal combinations being submitted during phase2 negotiation.

2) the gateway to choke on the proposal because it doesn't like the new 
hash algorithms being included ( although they should just be skipped in 
the case that they aren't recognized ).

Do you have a debug log file, or better yet, an ike packet trace from 
the 2.1.7 and the 2.2.0 negotiation? It would help to see both of them 
to determine if something is amiss. It would also be helpful to see the 
log output from your VPN gateway as it should hold some clue as to why 
the proposal is being rejected when the client is set to auto.

-Matthew

On 12/11/2012 11:38 PM, Dominic Raferd wrote:
> I am testing Shrewsoft Windows Client 2.2.0-rc1 for Windows (connecting
> to Draytek 2930).
>
> I have found that despite what the manual says (for 2.1.0) it is
> necessary explicitly to set the Phase 2 Transform Algorithm to
> 'esp-3des' and not to leave it at 'auto' in order to get a connection.
>
> Is this a deliberate change in 2.2.0 or a bug?
>
> Regards
>
> Dominic
> --
> *Timedicer <http://www.timedicer.co.uk> - File Recovery from Whenever
> *
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>