[vpn-help] Cisco User Authentication error

[Kevin VPN]

On 12/25/2011 03:01 PM, Kenny Schiff wrote:
> I have imported a .pcf file for a Cisco-based customer of mine into 2.1.5
> running under Ubuntu 11.10. I am successfully able to use several other
> .pcf files I've imported and connect properly. When contacting one of these
> customers, I get the following:
>
> user authentication error
> tunnel disabled
> detached from key daemon ...
>
> I'm still able login with the same credentials (ad .pcf) from a Windows
> machine
>
> The following is from /var/log/iked.log
>
> 11/12/25 14:52:19 ## : IKE Daemon, ver 2.1.5
> 11/12/25 14:52:19 ## : Copyright 2009 Shrew Soft Inc.
> 11/12/25 14:52:19 ## : This product linked OpenSSL 0.9.8o 01 Jun 2010
> 11/12/25 14:52:20 K! : recv X_SPDDUMP message failure ( errno = 2 )
> 11/12/25 14:54:31 !! : unable to locate inbound policy for init phase2
> 11/12/25 14:54:32 !! : peer violates RFC, transform number mismatch ( 1 !=
> 13 )
> 11/12/25 14:55:01 !! : duplicate xauth request, authentication failed
>
> 2.1.7 didn't work for me under Ubuntu 11.10. Was having issues compiling
> 2.2.0.
>

Hi Kenny,

First, Shrew 2.1.7 from the repositories is broken in 11.10.  I think 
someone posted a link to a self-compiled package on the list a little 
while back.

You mention you can connect from a Windows machine - are you using Shrew 
on that machine and what version?

Regarding the snippet from iked.log, you've either cut too much out or 
the log output level is too low...  I'm not able to make any suggestions 
based on what I see.  Any chance you can provide a more detailed log file?