[vpn-help] Connecting Shrew 2.2.0 to ZyWALL USG 20 - invalid message from gateway
Lukasz Sokol
el.es.cr at gmail.com
Wed May 8 09:39:03 CDT 2013
Hi,
i used the tutorial about USG300 as a starting point;
the use case :
Laptop (<-wifi->) iPhone [personal hot spot w/NAT] <- [3G internet] -> ZyWALL USG20
Laptop runs Shrew 2.2.0 on WinXP Home 32bit
ZyWall runs f/w 3.00(BDQ.4)
Shrew VPN fails with message 'invalid message from gateway'
Phase1 on both is set to exactly the same as per the linked tutorial;
Looking at 'decode' grade log with packet dump options enabled [all but DNS]
it seems that all is going well until it gets
(lines that look good
<- recv IKE packet [gw public ip address]:500 -> [laptop priv ip address]:500 ( 228 bytes )
0x [a few lines of packet dump]
DB phase1 found
DB phase1 ref increment ( ref count = 1, obj count = 1 )
ww initiator port vales should only float once per session
ii processing phase1 packet ( 228 bytes )
=< cookies [some hash]
...(until about here)
=< message 00000000
<< ignoring duplicate key exchange payload
!! unprocessed payload data
<< ignoring duplicate nonce payload
!! unhandled phase1 payload 'unknown' ( 250 ) [this figure changes with every run]
!! unprocessed payload data
ii sending peer DELETE message
If this is not enough, I'll try to post more log.
Hope the above makes sense
Lukasz
More information about the vpn-help
mailing list