<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Sorry forget to add the log from the client:</p>

    remote id configured<br>

    pre-shared key configured<br>

    bringin up tunnel...<br>

    <font color="#ff0000">invalid message from gateway</font><br>

    tunnel disable<br>

    detached from key daemon<br>

    <p><br>

    </p>

    <p>In the logs i do see libreswan sending xauth request:</p>

    <p>Jun 27 13:30:35 cmhome pluto[23927]: | XAUTH: Sending XAUTH

      Login/Password Request</p>

    <p><br>

    </p>

    <p>Is there a change from previous version that could affect auth

      with xauth? <br>

    </p>

    <p>or is just that the shrew client is to old and i should stop

      using it? <br>

    </p>

    <p><br>

    </p>

    <div class="moz-cite-prefix">On 27/06/2019 13:36, António Silva

      wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:68ca4f4e-49d6-70ad-5676-bfcfee8af228@wirelessmundi.com">Hi,

      <br>

      <br>

      In version 3.29 i cannot connect shrew vpn client and i don't get

      why, probably something with new ike negotiation.

      <br>

      <br>

      other clients (android, cisco client) are working ok.

      <br>

      <br>

      the configuration (client and server) was working in previous

      versions:

      <br>

      <br>

      ipsec.conf:

      <br>

      <br>

      conn tunnel3

      <br>

          pfs=no

      <br>

          type=tunnel

      <br>

          auto=add

      <br>

          ikev2=no

      <br>

          phase2=esp

      <br>

          sha2-truncbug=yes

      <br>

          authby=secret

      <br>

          keyingtries=3

      <br>

          ikelifetime=1h

      <br>

          salifetime=1h

      <br>

          left=192.168.1.10

      <br>

          leftsubnet=0.0.0.0/0

      <br>

          leftid=192.168.1.10

      <br>

          leftupdown=/scripts/ipsec_monitor.php

      <br>

          right=%any

      <br>

          rightid=%any

      <br>

          rightaddresspool=192.168.168.80-192.168.168.80

      <br>

          rightupdown=/scripts/ipsec_monitor.php

      <br>

          dpddelay=30

      <br>

          dpdtimeout=60

      <br>

          dpdaction=hold

      <br>

          leftxauthserver=yes

      <br>

          rightxauthclient=yes

      <br>

          leftmodecfgserver=yes

      <br>

          rightmodecfgclient=yes

      <br>

          modecfgpull=yes

      <br>

          ike-frag=yes

      <br>

          ikev2=never

      <br>

          xauthby=pam

      <br>

      <br>

      <br>

      The output of the connection is:

      <br>

      <br>

      Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:

      STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY

      cipher=AES_CBC_256 integ=HMAC_MD5 group=MODP2048}

      <br>

      <br>

      Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:

      received Delete SA payload: self-deleting ISAKMP State #1

      <br>

      Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:

      deleting state (STATE_MAIN_R3) aged 0.585s and sending

      notification

      <br>

      Jun 27 13:30:35 cmhome pluto[23927]: packet from

      192.168.1.66:50591: deleting connection "tunnel3"[2] 192.168.1.66

      instance with peer 192.168.1.66 {isakmp=#0/ipsec=#0}

      <br>

      <br>

      I guess that is something related to the new changes for IKE

      negotiation.

      <br>

      <br>

      Full log can be found at : <a class="moz-txt-link-freetext" href="https://pastebin.com/D8aQNWHN">https://pastebin.com/D8aQNWHN</a>

      <br>

      <br>

      <br>

      Thanks for the help.

      <br>

      <br>

    </blockquote>

    <pre class="moz-signature" cols="72">-- 

Saludos / Regards / Cumprimentos

António Silva</pre>

  </body>

</html>