[Swan] Problem connecting with shrew vpnclient with version 3.24
Paul Wouters
paul at nohats.ca
Fri Jun 8 18:03:59 UTC 2018
On Fri, 8 Jun 2018, antonio wrote:
> cannot connect with shrew soft vpnclient to libreswan 3.24 (last version that worked was in version 3.20) with psk+xauth:
(this was 3.23 as explained)
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3: STATE_AGGR_R1: sent AR1, expecting AI2
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3: Peer ID is ID_IPV4_ADDR: '192.168.10.170'
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3: received Hash Payload does not match computed value
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3: sending encrypted notification INVALID_HASH_INFORMATION to
> 192.168.10.170:33388
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3: next payload type of ISAKMP Hash Payload has an unknown
> value: 218 (0xda)
> Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1] 192.168.10.170 #3: malformed payload in packet
> The log when connecting with version 3.20:
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3: STATE_AGGR_R1: sent AR1, expecting AI2
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3: transition from state STATE_AGGR_R1 to state STATE_AGGR_R2
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3: new NAT mapping for #3, was 192.168.10.170:33388, now
> 192.168.10.170:40182
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3: STATE_AGGR_R2: ISAKMP SA established {auth=PRESHARED_KEY
> cipher=aes_256 integ=md5 group=MODP1024}
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3: ignoring informational payload IPSEC_INITIAL_CONTACT,
> msgid=00000000, length=28
> Jun 08 15:24:34 sol pluto[12290]: | ISAKMP Notification Payload
> Jun 08 15:24:34 sol pluto[12290]: | 00 00 00 1c 00 00 00 01 01 10 60 02
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3: received and ignored informational message
> Jun 08 15:24:34 sol pluto[12290]: | event EVENT_v1_SEND_XAUTH #3 STATE_AGGR_R2
> Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2] 192.168.10.170 #3: XAUTH: Sending Username/Password request (XAUTH_R0)
Would you be able to test 3.21 / 3.22 or maybe do a git bisect to help?
Or alternatively, if you can give me a shrew client config and the
libreswan server cofig, then I can try and run a git bisect to find
the issue.
Although perhaps first you can try and use a 3.24rcX candicate from
download.libreswan.org/development/ and see if the problem got fixed
already?
Paul
More information about the Swan
mailing list