[Swan] Problem connecting with shrew vpnclient with version 3.24
antonio
asilva at wirelessmundi.com
Fri Jun 8 13:30:21 UTC 2018
Hi,
cannot connect with shrew soft vpnclient to libreswan 3.24 (last version
that worked was in version 3.20) with psk+xauth:
Jun 08 15:27:46 sol pluto[18056]: packet from 192.168.10.170:33388:
IKEv1 Aggressive Mode with PSK is vulnerable to dictionary attacks and
is cracked on large scale by TLA's
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
Peer ID is ID_FQDN: '@'
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
responding to Aggressive Mode, state #3, connection "tunnel8-aggr"[1]
192.168.10.170 from 192.168.10.170
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
STATE_AGGR_R1: sent AR1, expecting AI2
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
Peer ID is ID_IPV4_ADDR: '192.168.10.170'
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
received Hash Payload does not match computed value
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
sending encrypted notification INVALID_HASH_INFORMATION to
192.168.10.170:33388
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
next payload type of ISAKMP Hash Payload has an unknown value: 218 (0xda)
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
malformed payload in packet
I tried to force phase1 parameters with no success, i always get "Hash
Payload does not match computed value". Any idea what it could be the
issue here?
The log when connecting with version 3.20:
Jun 08 15:24:34 sol pluto[12290]: packet from 192.168.10.170:33388:
IKEv1 Aggressive Mode with PSK is vulnerable to dictionary attacks and
is cracked on large scale by TLA's
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[1] 192.168.10.170 #3:
Aggressive mode peer ID is ID_FQDN: '@'
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[1] 192.168.10.170 #3:
switched from "tunnel8-aggr"[1] 192.168.10.170 to "tunnel8-aggr"
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
deleting connection "tunnel8-aggr"[1] 192.168.10.170 instance with peer
192.168.10.170 {isakmp=#0/ipsec=#0}
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
responding to Aggressive Mode, state #3, connection "tunnel8-aggr"[2]
192.168.10.170 from 192.168.10.170
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
STATE_AGGR_R1: sent AR1, expecting AI2
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
transition from state STATE_AGGR_R1 to state STATE_AGGR_R2
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
new NAT mapping for #3, was 192.168.10.170:33388, now 192.168.10.170:40182
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
STATE_AGGR_R2: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256
integ=md5 group=MODP1024}
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000,
length=28
Jun 08 15:24:34 sol pluto[12290]: | ISAKMP Notification Payload
Jun 08 15:24:34 sol pluto[12290]: | 00 00 00 1c 00 00 00 01 01 10 60 02
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
received and ignored informational message
Jun 08 15:24:34 sol pluto[12290]: | event EVENT_v1_SEND_XAUTH #3
STATE_AGGR_R2
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
XAUTH: Sending Username/Password request (XAUTH_R0)
--
Saludos / Regards / Cumprimentos
Anónio Silva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180608/b4a16eb6/attachment.html>
More information about the Swan
mailing list