[vpn-help] Weird problems when connecting to pfSense, solved by reinstall
Alexis La Goutte
alexis.lagoutte at gmail.com
Tue Jan 14 13:26:57 CST 2014
On Tue, Jan 14, 2014 at 8:08 PM, Jernej Simončič <
jernej's-shrew at eternallybored.org> wrote:
> Today I had 2 weird problems when connecting to 2 different pfSense
> firewalls with ShrewSoft VPN Client 2.2.2 (from 2 different
> computers). In both cases the connection appeared to have succeeded,
> but no resources on the remote network could be accessed.
>
> This is what pfSense IPsec logs showed on the first firewall:
>
> Jan 14 14:27:35 racoon: [193.77.xx.xx] INFO: received INITIAL-CONTACT
> Jan 14 14:27:35 racoon: INFO: Using port 0
> Jan 14 14:27:35 racoon: user 'username' authenticated
> Jan 14 14:27:35 racoon: INFO: login succeeded for user "username"
> Jan 14 14:27:35 racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY
> Jan 14 14:27:35 racoon: ERROR: Cannot open "/etc/motd"
> Jan 14 14:27:35 racoon: ERROR: Hybrid auth negotiated but peer did not
> succeed Xauth exchange
> Jan 14 14:27:35 racoon: ERROR: Attempt to start phase 2 whereas Xauth
> failed
> Jan 14 14:27:39 racoon: ERROR: Hybrid auth negotiated but peer did not
> succeed Xauth exchange
> Jan 14 14:27:39 racoon: ERROR: Attempt to start phase 2 whereas Xauth
> failed
> Jan 14 14:27:40 racoon: ERROR: Hybrid auth negotiated but peer did not
> succeed Xauth exchange
> Jan 14 14:27:40 racoon: ERROR: Attempt to start phase 2 whereas Xauth
> failed
>
> And here's the second (this one happened to a client actually):
>
> Jan 14 18:23:23 racoon: [92.37.xx.xx] INFO: received INITIAL-CONTACT
> Jan 14 18:23:23 racoon: INFO: Using port 0
> Jan 14 18:23:24 racoon: user 'username' authenticated
> Jan 14 18:23:24 racoon: INFO: login succeeded for user "username"
> Jan 14 18:23:24 racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY
> Jan 14 18:23:24 racoon: ERROR: Cannot open "/etc/motd"
> Jan 14 18:23:24 racoon: [92.37.xx.xx] ERROR: can't start the quick mode,
> there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07
> Jan 14 18:23:29 racoon: [92.37.xx.xx] ERROR: can't start the quick mode,
> there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07
> Jan 14 18:23:34 racoon: [92.37.xx.xx] ERROR: can't start the quick mode,
> there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07
> Jan 14 18:23:39 racoon: [92.37.xx.xx] ERROR: can't start the quick mode,
> there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07
>
> Running the ShrewSoft installer made the problem go away, but I'd like
> to avoid doing this in the future.
>
> In the first case I was investigating why a client wasn't able to
> connect to our firewall, and when I tried to connect with their
> username and password, ShrewSoft stopped working (until that point, I
> could connect from my test machine without any problems; afterwards
> neither their, nor my own username worked anymore). In the second
> case, a (different) client called me that they installed the VPN
> client on a new machine, and it worked for a few hours, then they lost
> connection to the RDP server, and couldn't reestablish it.
>
> I'm not sure which Windows version the first client is using, but the
> second client, and my test computer both run 8.1.
>
> Hi Jernej
There is some (known) issue with new Windows 8.1 and ShrewSoft VPN.
Regards,
> --
> < Jernej Simončič ><><><><><><><><><><><>< http://eternallybored.org/ >
>
> Because 10 billion years' time is so fragile, so ephemeral...
> it arouses such a bittersweet, almost heartbreaking fondness.
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20140114/61d1df5a/attachment.html>
More information about the vpn-help
mailing list