[Swan] Problem connecting with shrew vpnclient with version 3.23
antonio
asilva at wirelessmundi.com
Fri Jun 8 13:47:09 UTC 2018
Sorry is version 3.23, 3.24 is not yet release :)
On 06/08/2018 03:30 PM, antonio wrote:
>
> Hi,
>
> cannot connect with shrew soft vpnclient to libreswan 3.24 (last
> version that worked was in version 3.20) with psk+xauth:
>
> Jun 08 15:27:46 sol pluto[18056]: packet from 192.168.10.170:33388:
> IKEv1 Aggressive Mode with PSK is vulnerable to dictionary attacks and
> is cracked on large scale by TLA's
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
> Peer ID is ID_FQDN: '@'
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
> responding to Aggressive Mode, state #3, connection "tunnel8-aggr"[1]
> 192.168.10.170 from 192.168.10.170
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
> STATE_AGGR_R1: sent AR1, expecting AI2
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
> Peer ID is ID_IPV4_ADDR: '192.168.10.170'
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
> received Hash Payload does not match computed value
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
> sending encrypted notification INVALID_HASH_INFORMATION to
> 192.168.10.170:33388
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
> next payload type of ISAKMP Hash Payload has an unknown value: 218 (0xda)
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3:
> malformed payload in packet
>
>
> I tried to force phase1 parameters with no success, i always get "Hash
> Payload does not match computed value". Any idea what it could be the
> issue here?
>
>
> The log when connecting with version 3.20:
>
> Jun 08 15:24:34 sol pluto[12290]: packet from 192.168.10.170:33388:
> IKEv1 Aggressive Mode with PSK is vulnerable to dictionary attacks and
> is cracked on large scale by TLA's
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[1] 192.168.10.170 #3:
> Aggressive mode peer ID is ID_FQDN: '@'
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[1] 192.168.10.170 #3:
> switched from "tunnel8-aggr"[1] 192.168.10.170 to "tunnel8-aggr"
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
> deleting connection "tunnel8-aggr"[1] 192.168.10.170 instance with
> peer 192.168.10.170 {isakmp=#0/ipsec=#0}
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
> responding to Aggressive Mode, state #3, connection "tunnel8-aggr"[2]
> 192.168.10.170 from 192.168.10.170
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
> transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
> STATE_AGGR_R1: sent AR1, expecting AI2
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
> transition from state STATE_AGGR_R1 to state STATE_AGGR_R2
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
> new NAT mapping for #3, was 192.168.10.170:33388, now 192.168.10.170:40182
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
> STATE_AGGR_R2: ISAKMP SA established {auth=PRESHARED_KEY
> cipher=aes_256 integ=md5 group=MODP1024}
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
> ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000,
> length=28
> Jun 08 15:24:34 sol pluto[12290]: | ISAKMP Notification Payload
> Jun 08 15:24:34 sol pluto[12290]: | 00 00 00 1c 00 00 00 01 01 10
> 60 02
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
> received and ignored informational message
> Jun 08 15:24:34 sol pluto[12290]: | event EVENT_v1_SEND_XAUTH #3
> STATE_AGGR_R2
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3:
> XAUTH: Sending Username/Password request (XAUTH_R0)
>
> --
> Saludos / Regards / Cumprimentos
> Anónio Silva
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
--
Saludos / Regards / Cumprimentos
Anónio Silva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180608/b3c3c69d/attachment.html>
More information about the Swan
mailing list