<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Hi, Matthew!<br>
<br>
OK... I've installed 2.1.6b9 ... and when I try to connect, I get a
slightly different behavior : "incorrect message from gateway". :)<br>
<br>
It's (some sort of) a progress... :)<br>
<br>
But you are right... it's a Cisco gateway.<br>
<br>
Should I try your "0.0.0.0/0 include network" thing... with the
2.1.6b9? Or should I try it with the 2.1.5? Or wait for 2.1.6b10?<br>
<br>
Thanks,<br>
Gilles.<br>
<br>
On 28/06/2010 20:47, Matthew Grooms wrote:
<blockquote cite="mid:4C28EE4E.3080905@shrew.net" type="cite">On
6/28/2010 1:33 AM, Gilles Gravier wrote:
<br>
<blockquote type="cite"> Hi!
<br>
<br>
I'm trying to connect to my corporate VPN... I imported a PCF
file.
<br>
Shrew VPN then tells me that I need a certificate for it. Fine.
I get
<br>
the certificate from a Linux VPN installation file. I specify it
in my
<br>
Shrew configuration file.
<br>
<br>
I connect. If I type wrong username/password, I get an error. If
I type
<br>
correct username/password, but with the wrong certificate, I get
an error.
<br>
<br>
If I type correct username/password, with the correct
certificate
<br>
installed, it connects, then after a few seconds it disconnects.
<br>
<br>
</blockquote>
<br>
Hi Gilles,
<br>
<br>
Try installing the 2.1.6 beta which contains a few
interoperability improvements. If you are using 2.1.6, my guess is
that your connecting to a 3000 series concentrator or an IOS based
appliance. These require more modifications to the client for
interoperability. The explanation for this is rather technical,
but I'll try to summarize ...
<br>
<br>
The Shrew Soft implementation generates policies and unique
security associations for those policies. The cisco client
negotiates policies and then a single security association for all
policies. This works fine with newer PIX/ASA firmware but causes
issues with concentrators and IOS based routers. The problem
occurs because the client attempts to negotiate an SA using a
specific target network value which is typically obtained from the
gateway during modecfg negotiation. Because the gateway expects
the client to negotiate an SA using a generic value of 0.0.0.0/0,
it disconnects the client.
<br>
<br>
If 2.1.6 doesn't work, try adding a single 0.0.0.0/0 include
network ( under the policy tab ). However, I'll be posting a new
2.1.6 beta in the next day or two that introduces additional
control over how SA's are negotiated for generated policies. This
change is designed to solve the problem I just described. Keep an
eye on the mailing list for more details.
<br>
<br>
Thanks,
<br>
<br>
-Matthew
<br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
<title>Signature Home Chastity</title>
<meta content="Gilles Gravier" name="author">
<span style="color: rgb(0, 0, 0);"></span>
<div style="text-align: left;">
<table style="text-align: left; background-color: rgb(102, 102,
102); width: 500px; height: 73px;" border="1" cellpadding="3"
cellspacing="3">
<tbody>
<tr>
<td style="text-align: center; vertical-align: middle;
background-color: rgb(204, 204, 204); white-space:
nowrap;">
<div style="text-align: center; background-color:
rgb(204, 204, 204);"><tt><font color="#7d6eaf"><i><b>Gilles
Gravier</b></i> <b>=</b> </font><a
href="mailto:Gilles@Gravier.org"><font
color="#000000"><b>Gilles@Gravier.org</b></font></a></tt><br>
</div>
<div style="text-align: center; background-color:
rgb(204, 204, 204);"><tt><font color="#009900"><span
style="font-family: monospace; color: rgb(0, 0,
0); font-weight: bold;"></span></font><font
color="#000099">ICQ :</font> <a
href="http://www.icq.com/whitepages/about_me.php?Uin=77488526"><font
color="#009900"><b>77488526</b></font></a></tt> <tt><font
color="#009900"><b><span style="font-family:
monospace; color: rgb(0, 0, 0);"> || </span></b></font></tt><tt><font
color="#000099">MSN Messenger : <a
href="http://members.msn.com/Gilles@Gravier.org"><span
style="color: rgb(0, 153, 0); font-weight:
bold;">Gilles@Gravier.org</span></a></font></tt><tt><font
color="#009900"><b><span style="font-family:
monospace; color: rgb(0, 0, 0);"><br>
</span></b></font></tt><span style="font-family:
monospace; color: rgb(0, 0, 153);">Skype</span><tt><font
color="#000099"><span style="color: rgb(0, 0,
153);"> : </span><a href="callto://ggravier"><span
style="font-weight: bold; color: rgb(0, 153,
0);">ggravier</span></a></font></tt><tt><font
color="#009900"><b><span style="font-family:
monospace; color: rgb(0, 0, 0);"> || </span></b></font></tt><tt><font
color="#000099"><span style="color: rgb(0, 153,
0);"></span><span style="font-weight: bold;"></span>Y!
: <a href="http://profiles.yahoo.com/ggravier"><span
style="color: rgb(0, 153, 0); font-weight:
bold;">ggravier</span></a></font></tt><tt
style="font-weight: bold;"><font color="#009900"><span
style="font-family: monospace; color: rgb(0, 0,
0);"> || </span></font></tt><tt><font
color="#000099">AOL : <a
href="aim:goim?screenname=gillesgravier"><span
style="color: rgb(0, 153, 0); font-weight:
bold;">gillesgravier</span></a><br>
</font></tt><tt><font color="#000099">Aka-Aki :</font>
<a
href="http://www.aka-aki.com/profiles/view/ggravier"><font
color="#009900"><b>ggravier</b></font></a></tt><tt><font
color="#000099"><span style="color: rgb(0, 0,
153);"> </span></font></tt><tt
style="font-weight: bold;"><font color="#009900"><span
style="font-family: monospace; color: rgb(0, 0,
0);">|| </span> </font></tt><tt><font
color="#000099">PGP Key ID :</font> <a
href="http://pgp.mit.edu:11371/pks/lookup?search=0x8DE6D026&op=index"><font
color="#009900"><b>0x8DE6D026</b></font></a><br>
"<span style="font-style: italic;">Living on Earth
is expensive, but it does include a free trip
around the sun.</span>"<br>
</tt> </div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</body>
</html>