[Swan] problem connect shrew vpn client version 3.29
António Silva
asilva at wirelessmundi.com
Thu Jun 27 11:59:29 UTC 2019
Sorry forget to add the log from the client:
remote id configured
pre-shared key configured
bringin up tunnel...
invalid message from gateway
tunnel disable
detached from key daemon
In the logs i do see libreswan sending xauth request:
Jun 27 13:30:35 cmhome pluto[23927]: | XAUTH: Sending XAUTH
Login/Password Request
Is there a change from previous version that could affect auth with xauth?
or is just that the shrew client is to old and i should stop using it?
On 27/06/2019 13:36, António Silva wrote:
> Hi,
>
> In version 3.29 i cannot connect shrew vpn client and i don't get why,
> probably something with new ike negotiation.
>
> other clients (android, cisco client) are working ok.
>
> the configuration (client and server) was working in previous versions:
>
> ipsec.conf:
>
> conn tunnel3
> pfs=no
> type=tunnel
> auto=add
> ikev2=no
> phase2=esp
> sha2-truncbug=yes
> authby=secret
> keyingtries=3
> ikelifetime=1h
> salifetime=1h
> left=192.168.1.10
> leftsubnet=0.0.0.0/0
> leftid=192.168.1.10
> leftupdown=/scripts/ipsec_monitor.php
> right=%any
> rightid=%any
> rightaddresspool=192.168.168.80-192.168.168.80
> rightupdown=/scripts/ipsec_monitor.php
> dpddelay=30
> dpdtimeout=60
> dpdaction=hold
> leftxauthserver=yes
> rightxauthclient=yes
> leftmodecfgserver=yes
> rightmodecfgclient=yes
> modecfgpull=yes
> ike-frag=yes
> ikev2=never
> xauthby=pam
>
>
> The output of the connection is:
>
> Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:
> STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY
> cipher=AES_CBC_256 integ=HMAC_MD5 group=MODP2048}
>
> Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:
> received Delete SA payload: self-deleting ISAKMP State #1
> Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:
> deleting state (STATE_MAIN_R3) aged 0.585s and sending notification
> Jun 27 13:30:35 cmhome pluto[23927]: packet from 192.168.1.66:50591:
> deleting connection "tunnel3"[2] 192.168.1.66 instance with peer
> 192.168.1.66 {isakmp=#0/ipsec=#0}
>
> I guess that is something related to the new changes for IKE negotiation.
>
> Full log can be found at : https://pastebin.com/D8aQNWHN
>
>
> Thanks for the help.
>
--
Saludos / Regards / Cumprimentos
António Silva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190627/5af7bcce/attachment.html>
More information about the Swan
mailing list