<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
My company is using a Cyberoam Firewall/VPN and I can connect to the VPN via Windows Greenbox IPSEC VPN client or Linux (Ubuntu/Fedora) using Openswan IPSEC client. I just installed Ubuntu 9.10 and was trying to connect using the Shrew Soft VPN Access Manager and I cannot get connected. Here is my ipsec.conf settings for Openswan:<br><br># /etc/ipsec.conf - Openswan IPsec configuration file<br># RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $<br><br># This file: /usr/share/doc/openswan/ipsec.conf-sample<br>#<br># Manual: ipsec.conf.5<br><br><br>version 2.0 # conforms to second version of ipsec.conf specification<br><br># basic configuration<br>config setup<br> interfaces=%defaultroute<br> # Do not set debug options to debug configuration issues!<br> # plutodebug / klipsdebug = "all", "none" or a combation from below:<br> # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"<br> # eg:<br> # plutodebug="control parsing"<br> #<br> # enable to get logs per-peer<br> # plutoopts="--perpeerlog"<br> #<br> # Again: only enable plutodebug or klipsdebug when asked by a developer<br> #<br> # NAT-TRAVERSAL support, see README.NAT-Traversal<br> nat_traversal=yes<br> # exclude networks used on server side by adding %v4:!a.b.c.0/24<br> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<br> # OE is now off by default. Uncomment and change to on, to enable.<br> oe=off<br> # which IPsec stack to use. netkey,klips,mast,auto or none<br> protostack=netkey<br><br>conn MyCompany<br> authby=secret<br> type=tunnel<br> keyingtries=1<br> keyexchange=ike<br> ike=3des-md5<br> esp=3des-md5<br> pfs=yes<br> auto=start<br> left=%defaultroute<br> right=xxx.xxx.xxx.xxx<br> rightsubnet=192.168.0.0/24<br><br>Here is the Shrew Soft VPN exported file:<br><br>n:version:2<br>n:network-ike-port:500<br>n:network-mtu-size:1380<br>n:client-addr-auto:0<br>n:network-natt-port:4500<br>n:network-natt-rate:15<br>n:network-frag-size:540<br>n:network-dpd-enable:0<br>n:network-notify-enable:0<br>n:client-banner-enable:1<br>n:client-dns-used:1<br>n:client-dns-auto:0<br>b:auth-mutual-psk:xxxxxxxxxx<br>n:phase1-dhgroup:2<br>n:phase1-keylen:0<br>n:phase1-life-secs:86400<br>n:phase1-life-kbytes:0<br>n:vendor-chkpt-enable:0<br>n:phase2-keylen:0<br>n:phase2-pfsgroup:-1<br>n:phase2-life-secs:3600<br>n:phase2-life-kbytes:0<br>n:policy-nailed:0<br>n:policy-list-auto:1<br>s:network-host:xxx.xxx.xxx.xxx<br>s:client-auto-mode:push<br>s:client-iface:virtual<br>s:client-ip-addr:192.168.0.0<br>s:client-ip-mask:255.255.255.255<br>s:network-natt-mode:enable<br>s:network-frag-mode:enable<br>s:client-dns-addr:192.168.0.xxx<br>s:client-dns-suffix:mycompany<br>s:auth-method:mutual-psk<br>s:ident-client-type:address<br>s:ident-server-type:address<br>s:phase1-exchange:main<br>s:phase1-cipher:3des<br>s:phase1-hash:md5<br>s:phase2-transform:3des<br>s:phase2-hmac:md5<br>s:ipcomp-transform:disabled<br><br>In the Windows Greenbox Client if have the following setup:<br><br>IKE:<br><br> Encryption: 3DES<br> Authentication: MD5<br> Key Group: DH2 (1024)<br><br>ESP:<br><br> Encryption: 3DES<br> Authentication: MD5<br> Mode: Tunnel<br><br>What settings do I need to get the Shrew Soft client working?<br><br>Thanks...<br> <br /><hr />Windows LiveT Hotmail is faster and more secure than ever. <a href='http://www.microsoft.com/windows/windowslive/hotmail_bl1/hotmail_bl1.aspx?ocid=PID23879::T:WLMTAGL:ON:WL:en-ww:WM_IMHM_1:092009' target='_new'>Learn more.</a></body>
</html>