[vpn-help] Connecting to Watchguard from Linux v2.1.7

tom+shrew at falkensweb.com tom+shrew at falkensweb.com
Thu Mar 22 13:52:05 CDT 2012 

On Wednesday 21 March 2012 23:18:02 Kevin VPN wrote:
> The 2.1.5 version of Shrew from the Ubuntu 11.04 repositories works on
> 11.10 if you can figure out how to downgrade to it instead.

It is indeed 11.10 !
Bug report commented.

To downgrade I did
#sudo dpkg -P ike ike-qtgui
then to install I did
#sudo dpkg -i ike_2.1.5+dfsg-2_i386.deb ike-qtgui_2.1.5+dfsg-2_i386.deb  

I now get a little further. The main GUI says (look for my added **********):
config loaded for site 'ipsec-users.vpn'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled
gateway is not responding
tunnel disabled
detached from key daemon ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled
gateway is not responding
tunnel disabled
detached from key daemon ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled
gateway is not responding		*********************
tunnel disabled
detached from key daemon ...

iked.log says:

12/03/22 18:40:23 ## : IKE Daemon, ver 2.1.5
12/03/22 18:40:23 ## : Copyright 2009 Shrew Soft Inc.
12/03/22 18:40:23 ## : This product linked OpenSSL 0.9.8o 01 Jun 2010
12/03/22 18:40:23 K! : recv X_SPDDUMP message failure ( errno = 2 )
12/03/22 18:41:27 !! : invalid private netmask, defaulting to class c
12/03/22 18:42:07 !! : tunnel DPD timeout for peer 193.133.125.60:4500
12/03/22 18:42:12 K! : unhandled pfkey message type EXPIRE ( 8 )
12/03/22 18:42:37 !! : invalid private netmask, defaulting to class c
12/03/22 18:43:17 !! : tunnel DPD timeout for peer A.B.C.D:4500
12/03/22 18:43:22 K! : unhandled pfkey message type EXPIRE ( 8 )
12/03/22 18:44:10 !! : invalid private netmask, defaulting to class c
12/03/22 18:44:50 !! : tunnel DPD timeout for peer A.B.C.D:4500
12/03/22 18:44:55 K! : unhandled pfkey message type EXPIRE ( 8 )
12/03/22 18:45:13 K! : unhandled pfkey message type EXPIRE ( 8 )

Any more bright ideas ? I have port 4500 (and 500, what is actually listed in 
the GUI and config file) forwarded on my ADSL reuter.

I'll check our Watchguard's O/S version tomorrow, do you know which one has 
the bug and/or has it fixed ? 

-- 
Tom
Junior Encyclopedia of Space #19:
 CHRISTMAS: DATE:- December 25th (Earth Stnd. Time). Annual festival
celebrating Christs birth. Features include gift giving, family reunion...
and so on- now buzz off and leave me in peace!

More information about the vpn-help mailing list