<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
My company is using a Cyberoam Firewall/VPN and I can connect to the VPN via Windows Greenbox IPSEC VPN client or Linux (Ubuntu/Fedora) using Openswan IPSEC client.  I just installed Ubuntu 9.10 and was trying to connect using the Shrew Soft VPN Access Manager and I cannot get connected.  Here is my ipsec.conf settings for Openswan:<br><br># /etc/ipsec.conf - Openswan IPsec configuration file<br># RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $<br><br># This file:  /usr/share/doc/openswan/ipsec.conf-sample<br>#<br># Manual:     ipsec.conf.5<br><br><br>version    2.0    # conforms to second version of ipsec.conf specification<br><br># basic configuration<br>config setup<br>        interfaces=%defaultroute<br>    # Do not set debug options to debug configuration issues!<br>    # plutodebug / klipsdebug = "all", "none" or a combation from below:<br>    # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"<br>    # eg:<br>    # plutodebug="control parsing"<br>    #<br>    # enable to get logs per-peer<br>    # plutoopts="--perpeerlog"<br>    #<br>    # Again: only enable plutodebug or klipsdebug when asked by a developer<br>    #<br>    # NAT-TRAVERSAL support, see README.NAT-Traversal<br>    nat_traversal=yes<br>    # exclude networks used on server side by adding %v4:!a.b.c.0/24<br>    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<br>    # OE is now off by default. Uncomment and change to on, to enable.<br>    oe=off<br>    # which IPsec stack to use. netkey,klips,mast,auto or none<br>    protostack=netkey<br><br>conn MyCompany<br>    authby=secret<br>    type=tunnel<br>    keyingtries=1<br>    keyexchange=ike<br>    ike=3des-md5<br>    esp=3des-md5<br>    pfs=yes<br>    auto=start<br>    left=%defaultroute<br>    right=xxx.xxx.xxx.xxx<br>    rightsubnet=192.168.0.0/24<br><br>Here is the Shrew Soft VPN exported file:<br><br>n:version:2<br>n:network-ike-port:500<br>n:network-mtu-size:1380<br>n:client-addr-auto:0<br>n:network-natt-port:4500<br>n:network-natt-rate:15<br>n:network-frag-size:540<br>n:network-dpd-enable:0<br>n:network-notify-enable:0<br>n:client-banner-enable:1<br>n:client-dns-used:1<br>n:client-dns-auto:0<br>b:auth-mutual-psk:xxxxxxxxxx<br>n:phase1-dhgroup:2<br>n:phase1-keylen:0<br>n:phase1-life-secs:86400<br>n:phase1-life-kbytes:0<br>n:vendor-chkpt-enable:0<br>n:phase2-keylen:0<br>n:phase2-pfsgroup:-1<br>n:phase2-life-secs:3600<br>n:phase2-life-kbytes:0<br>n:policy-nailed:0<br>n:policy-list-auto:1<br>s:network-host:xxx.xxx.xxx.xxx<br>s:client-auto-mode:push<br>s:client-iface:virtual<br>s:client-ip-addr:192.168.0.0<br>s:client-ip-mask:255.255.255.255<br>s:network-natt-mode:enable<br>s:network-frag-mode:enable<br>s:client-dns-addr:192.168.0.xxx<br>s:client-dns-suffix:mycompany<br>s:auth-method:mutual-psk<br>s:ident-client-type:address<br>s:ident-server-type:address<br>s:phase1-exchange:main<br>s:phase1-cipher:3des<br>s:phase1-hash:md5<br>s:phase2-transform:3des<br>s:phase2-hmac:md5<br>s:ipcomp-transform:disabled<br><br>In the Windows Greenbox Client if have the following setup:<br><br>IKE:<br><br>  Encryption:       3DES<br>  Authentication: MD5<br>  Key Group:        DH2 (1024)<br><br>ESP:<br><br>  Encryption:        3DES<br>  Authentication:  MD5<br>  Mode:                 Tunnel<br><br>What settings do I need to get the Shrew Soft client working?<br><br>Thanks...<br>                                     <br /><hr />Windows LiveT   Hotmail is faster and more secure than ever. <a href='http://www.microsoft.com/windows/windowslive/hotmail_bl1/hotmail_bl1.aspx?ocid=PID23879::T:WLMTAGL:ON:WL:en-ww:WM_IMHM_1:092009' target='_new'>Learn more.</a></body>
</html>