<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font face="DejaVu Serif">Sorry is version 3.23, 3.24 is not yet
release :)</font><br>
</p>
<br>
<div class="moz-cite-prefix">On 06/08/2018 03:30 PM, antonio wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1f267ce1-9c80-949e-da07-eafc1b76b445@wirelessmundi.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<p>Hi,</p>
<p>cannot connect with shrew soft vpnclient to libreswan 3.24
(last version that worked was in version 3.20) with psk+xauth:<br>
</p>
<p><font face="DejaVu Serif">Jun 08 15:27:46 sol pluto[18056]:
packet from 192.168.10.170:33388: IKEv1 Aggressive Mode with
PSK is vulnerable to dictionary attacks and is cracked on
large scale by TLA's<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: Peer ID is ID_FQDN: '@'<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: responding to Aggressive Mode, state #3,
connection "tunnel8-aggr"[1] 192.168.10.170 from
192.168.10.170<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: STATE_AGGR_R1: sent AR1, expecting AI2<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: Peer ID is ID_IPV4_ADDR: '192.168.10.170'<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: received Hash Payload does not match
computed value<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: sending encrypted notification
INVALID_HASH_INFORMATION to 192.168.10.170:33388<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: next payload type of ISAKMP Hash Payload
has an unknown value: 218 (0xda)<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: malformed payload in packet<br>
</font></p>
<p><font face="DejaVu Serif"><br>
</font></p>
<p><font face="DejaVu Serif">I tried to force phase1 parameters
with no success, i always get "</font><font face="DejaVu
Serif"><font face="DejaVu Serif">Hash Payload does not match
computed value". Any idea what it could be the issue here? <br>
</font></font></p>
<p><font face="DejaVu Serif"><br>
</font></p>
<p><font face="DejaVu Serif">The log when connecting with version
3.20:</font></p>
<p><font face="DejaVu Serif">Jun 08 15:24:34 sol pluto[12290]:
packet from 192.168.10.170:33388: IKEv1 Aggressive Mode with
PSK is vulnerable to dictionary attacks and is cracked on
large scale by TLA's<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[1]
192.168.10.170 #3: Aggressive mode peer ID is ID_FQDN: '@'<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[1]
192.168.10.170 #3: switched from "tunnel8-aggr"[1]
192.168.10.170 to "tunnel8-aggr"<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: deleting connection "tunnel8-aggr"[1]
192.168.10.170 instance with peer 192.168.10.170
{isakmp=#0/ipsec=#0}<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: responding to Aggressive Mode, state #3,
connection "tunnel8-aggr"[2] 192.168.10.170 from
192.168.10.170<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: transition from state STATE_AGGR_R0 to
state STATE_AGGR_R1<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: STATE_AGGR_R1: sent AR1, expecting AI2<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: transition from state STATE_AGGR_R1 to
state STATE_AGGR_R2<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: new NAT mapping for #3, was
192.168.10.170:33388, now 192.168.10.170:40182<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: STATE_AGGR_R2: ISAKMP SA established
{auth=PRESHARED_KEY cipher=aes_256 integ=md5 group=MODP1024}<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: ignoring informational payload
IPSEC_INITIAL_CONTACT, msgid=00000000, length=28<br>
Jun 08 15:24:34 sol pluto[12290]: | ISAKMP Notification
Payload<br>
Jun 08 15:24:34 sol pluto[12290]: | 00 00 00 1c 00 00 00
01 01 10 60 02<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: received and ignored informational message<br>
Jun 08 15:24:34 sol pluto[12290]: | event EVENT_v1_SEND_XAUTH
#3 STATE_AGGR_R2<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: XAUTH: Sending Username/Password request
(XAUTH_R0)<br>
<br>
</font></p>
<pre class="moz-signature" cols="72">--
Saludos / Regards / Cumprimentos
Anónio Silva</pre>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Swan mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Saludos / Regards / Cumprimentos
Anónio Silva</pre>
</body>
</html>