[vpn-help] Weird problems when connecting to pfSense, solved by reinstall
Jernej Simončič
jernej's-shrew at eternallybored.org
Tue Jan 14 13:08:19 CST 2014
Today I had 2 weird problems when connecting to 2 different pfSense
firewalls with ShrewSoft VPN Client 2.2.2 (from 2 different
computers). In both cases the connection appeared to have succeeded,
but no resources on the remote network could be accessed.
This is what pfSense IPsec logs showed on the first firewall:
Jan 14 14:27:35 racoon: [193.77.xx.xx] INFO: received INITIAL-CONTACT
Jan 14 14:27:35 racoon: INFO: Using port 0
Jan 14 14:27:35 racoon: user 'username' authenticated
Jan 14 14:27:35 racoon: INFO: login succeeded for user "username"
Jan 14 14:27:35 racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY
Jan 14 14:27:35 racoon: ERROR: Cannot open "/etc/motd"
Jan 14 14:27:35 racoon: ERROR: Hybrid auth negotiated but peer did not succeed Xauth exchange
Jan 14 14:27:35 racoon: ERROR: Attempt to start phase 2 whereas Xauth failed
Jan 14 14:27:39 racoon: ERROR: Hybrid auth negotiated but peer did not succeed Xauth exchange
Jan 14 14:27:39 racoon: ERROR: Attempt to start phase 2 whereas Xauth failed
Jan 14 14:27:40 racoon: ERROR: Hybrid auth negotiated but peer did not succeed Xauth exchange
Jan 14 14:27:40 racoon: ERROR: Attempt to start phase 2 whereas Xauth failed
And here's the second (this one happened to a client actually):
Jan 14 18:23:23 racoon: [92.37.xx.xx] INFO: received INITIAL-CONTACT
Jan 14 18:23:23 racoon: INFO: Using port 0
Jan 14 18:23:24 racoon: user 'username' authenticated
Jan 14 18:23:24 racoon: INFO: login succeeded for user "username"
Jan 14 18:23:24 racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY
Jan 14 18:23:24 racoon: ERROR: Cannot open "/etc/motd"
Jan 14 18:23:24 racoon: [92.37.xx.xx] ERROR: can't start the quick mode, there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07
Jan 14 18:23:29 racoon: [92.37.xx.xx] ERROR: can't start the quick mode, there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07
Jan 14 18:23:34 racoon: [92.37.xx.xx] ERROR: can't start the quick mode, there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07
Jan 14 18:23:39 racoon: [92.37.xx.xx] ERROR: can't start the quick mode, there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07
Running the ShrewSoft installer made the problem go away, but I'd like
to avoid doing this in the future.
In the first case I was investigating why a client wasn't able to
connect to our firewall, and when I tried to connect with their
username and password, ShrewSoft stopped working (until that point, I
could connect from my test machine without any problems; afterwards
neither their, nor my own username worked anymore). In the second
case, a (different) client called me that they installed the VPN
client on a new machine, and it worked for a few hours, then they lost
connection to the RDP server, and couldn't reestablish it.
I'm not sure which Windows version the first client is using, but the
second client, and my test computer both run 8.1.
--
< Jernej Simončič ><><><><><><><><><><><>< http://eternallybored.org/ >
Because 10 billion years' time is so fragile, so ephemeral...
it arouses such a bittersweet, almost heartbreaking fondness.
More information about the vpn-help
mailing list