[vpn-help] Mac OS Shrew client error

Allen Klein allen at apksolutions.com
Mon Nov 19 19:00:40 CST 2012


Hi,

I installed:

The latest tun tap package
vpn-client-install.dmg
qt-mac-opensource-4.7.1.dmg

I imported a known working profile into my Macbook Pro's Shrewsoft Client. (running Mountain Lion) from my Windows 7 Shrewsoft client, that connects fine with my client's Netscreen 5GT firewall.

Here is the initial connection sequence information I get after I enter the Xauth login data and click connect:

config loaded for site 'jb'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
internal error occurred
tunnel disabled
detached from key daemon

Firewall log (the names and addresses have been changed to protect the innocent…):

2012-11-19 16:51:08 IKE<76.21.33.15>: XAuth login expired and was terminated for username <johndoe> at <0.0.0.0/0.0.0.0>.
2012-11-19 16:51: 03infoRejected an IKE packet on untrust from 1.1.1.1:54591 to 72.2.2.2:4500 with cookies 33b14e8233d6607d and acc3f69b4f2a034b because a Phase 2 packet arrived while XAuth was still pending.
2012-11-19 16:51:03infoIKE<76.21.33.15> Phase 1: Completed Aggressive mode negotiations with a <28800>-second lifetime.
2012-11-19 16:51:03infoIKE<76.21.33.15> Phase 1: Completed for user <ikeadmin at shmohawk.com>.
2012-11-19 16:51:03infoIKE<76.21.33.15> Phase 1: IKE responder has detected NAT in front of the remote device.
2012-11-19 16:51:03infoIKE<76.21.33.15> Phase 1: IKE responder has detected NAT in front of the local device.
2012-11-19 16:51:03infoIKE<76.21.33.15> Phase 1: Responder starts AGGRESSIVE mode negotiations.

Again --the Shrewsoft profile works fine on my Dell under Windows 7. The proposals, UFQDN string, PSK, etc. are correct (or the profile wouldn't be working the way it does on my PC's Shrewsoft client.  Any suggestions as to what may be causing the problem? Does this version that's been ported over to the Mac OS actually work under Mountain Lion? I suppose I can try it on one of my Lion machines, but I'll wait to hear if there is some valuable data from you on this.

Thanks,

Allen



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20121119/d6aa6a3e/attachment-0001.html>


More information about the vpn-help mailing list