[Swan] problem connect shrew vpn client version 3.29

António Silva asilva at wirelessmundi.com
Thu Jun 27 11:59:29 UTC 2019 

Sorry forget to add the log from the client:

remote id configured
pre-shared key configured
bringin up tunnel...
invalid message from gateway
tunnel disable
detached from key daemon


In the logs i do see libreswan sending xauth request:

Jun 27 13:30:35 cmhome pluto[23927]: | XAUTH: Sending XAUTH 
Login/Password Request


Is there a change from previous version that could affect auth with xauth?

or is just that the shrew client is to old and i should stop using it?


On 27/06/2019 13:36, António Silva wrote:
> Hi,
>
> In version 3.29 i cannot connect shrew vpn client and i don't get why, 
> probably something with new ike negotiation.
>
> other clients (android, cisco client) are working ok.
>
> the configuration (client and server) was working in previous versions:
>
> ipsec.conf:
>
> conn tunnel3
>     pfs=no
>     type=tunnel
>     auto=add
>     ikev2=no
>     phase2=esp
>     sha2-truncbug=yes
>     authby=secret
>     keyingtries=3
>     ikelifetime=1h
>     salifetime=1h
>     left=192.168.1.10
>     leftsubnet=0.0.0.0/0
>     leftid=192.168.1.10
>     leftupdown=/scripts/ipsec_monitor.php
>     right=%any
>     rightid=%any
>     rightaddresspool=192.168.168.80-192.168.168.80
>     rightupdown=/scripts/ipsec_monitor.php
>     dpddelay=30
>     dpdtimeout=60
>     dpdaction=hold
>     leftxauthserver=yes
>     rightxauthclient=yes
>     leftmodecfgserver=yes
>     rightmodecfgclient=yes
>     modecfgpull=yes
>     ike-frag=yes
>     ikev2=never
>     xauthby=pam
>
>
> The output of the connection is:
>
> Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1: 
> STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY 
> cipher=AES_CBC_256 integ=HMAC_MD5 group=MODP2048}
>
> Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1: 
> received Delete SA payload: self-deleting ISAKMP State #1
> Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1: 
> deleting state (STATE_MAIN_R3) aged 0.585s and sending notification
> Jun 27 13:30:35 cmhome pluto[23927]: packet from 192.168.1.66:50591: 
> deleting connection "tunnel3"[2] 192.168.1.66 instance with peer 
> 192.168.1.66 {isakmp=#0/ipsec=#0}
>
> I guess that is something related to the new changes for IKE negotiation.
>
> Full log can be found at : https://pastebin.com/D8aQNWHN
>
>
> Thanks for the help.
>
-- 
Saludos / Regards / Cumprimentos
António Silva

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190627/5af7bcce/attachment.html>

More information about the Swan mailing list