[Swan] problem connect shrew vpn client version 3.29
António Silva
asilva at wirelessmundi.com
Thu Jun 27 11:36:23 UTC 2019
Hi,
In version 3.29 i cannot connect shrew vpn client and i don't get why,
probably something with new ike negotiation.
other clients (android, cisco client) are working ok.
the configuration (client and server) was working in previous versions:
ipsec.conf:
conn tunnel3
pfs=no
type=tunnel
auto=add
ikev2=no
phase2=esp
sha2-truncbug=yes
authby=secret
keyingtries=3
ikelifetime=1h
salifetime=1h
left=192.168.1.10
leftsubnet=0.0.0.0/0
leftid=192.168.1.10
leftupdown=/scripts/ipsec_monitor.php
right=%any
rightid=%any
rightaddresspool=192.168.168.80-192.168.168.80
rightupdown=/scripts/ipsec_monitor.php
dpddelay=30
dpdtimeout=60
dpdaction=hold
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
ike-frag=yes
ikev2=never
xauthby=pam
The output of the connection is:
Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY
cipher=AES_CBC_256 integ=HMAC_MD5 group=MODP2048}
Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:
received Delete SA payload: self-deleting ISAKMP State #1
Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:
deleting state (STATE_MAIN_R3) aged 0.585s and sending notification
Jun 27 13:30:35 cmhome pluto[23927]: packet from 192.168.1.66:50591:
deleting connection "tunnel3"[2] 192.168.1.66 instance with peer
192.168.1.66 {isakmp=#0/ipsec=#0}
I guess that is something related to the new changes for IKE negotiation.
Full log can be found at : https://pastebin.com/D8aQNWHN
Thanks for the help.
--
Saludos / Regards / Cumprimentos
António Silva
More information about the Swan
mailing list