[vpn-help] Shrewsoft Windows Client 2.2.0-rc1 Phase 2 Transform Algorithm

Matthew Grooms mgrooms at shrew.net
Thu Dec 13 10:37:18 CST 2012 

Gathering debug output on Windows ...

http://www.shrew.net/support/wiki/BugReportVpnWindows

Gathering debug output on Linux/BSD ...

http://www.shrew.net/support/wiki/BugReportVpnUnix

-Matthew

On 12/13/2012 7:53 AM, Dominic Raferd wrote:
> I will be able to send you some log output from the Draytek but it
> doesn't say much. How do I get the debug log file from the client? I
> only have 2.2.0 under Windows but I have 2.1.7 on Ubuntu, I could
> connect from both (same machine, dual boot) and send you (but not the
> list) the logs?
>
> Dominic
>
> On 12/12/2012 23:46, Matthew Grooms wrote:
>> Quite likely it's because we added support for SHA2 hash algorithms in
>> the 2.2 branch and it's causing either ...
>>
>> 1) the packet to become fragmented since the size is larger due to more
>> proposal combinations being submitted during phase2 negotiation.
>>
>> 2) the gateway to choke on the proposal because it doesn't like the new
>> hash algorithms being included ( although they should just be skipped in
>> the case that they aren't recognized ).
>>
>> Do you have a debug log file, or better yet, an ike packet trace from
>> the 2.1.7 and the 2.2.0 negotiation? It would help to see both of them
>> to determine if something is amiss. It would also be helpful to see the
>> log output from your VPN gateway as it should hold some clue as to why
>> the proposal is being rejected when the client is set to auto.
>>
>> -Matthew
>>
>> On 12/11/2012 11:38 PM, Dominic Raferd wrote:
>>> I am testing Shrewsoft Windows Client 2.2.0-rc1 for Windows (connecting
>>> to Draytek 2930).
>>>
>>> I have found that despite what the manual says (for 2.1.0) it is
>>> necessary explicitly to set the Phase 2 Transform Algorithm to
>>> 'esp-3des' and not to leave it at 'auto' in order to get a connection.
>>>
>>> Is this a deliberate change in 2.2.0 or a bug?
>>>
>>> Regards
>>>
>>> Dominic
>>> --
>>> *Timedicer<http://www.timedicer.co.uk>  - File Recovery from Whenever
>>> *
>>>
>>>
>>> _______________________________________________
>>> vpn-help mailing list
>>> vpn-help at lists.shrew.net
>>> http://lists.shrew.net/mailman/listinfo/vpn-help
>>>
>>
>
> --
> *TimeDicer* <http://www.timedicer.co.uk>: Free File Recovery from Whenever

More information about the vpn-help mailing list