<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Sorry forget to add the log from the client:</p>
remote id configured<br>
pre-shared key configured<br>
bringin up tunnel...<br>
<font color="#ff0000">invalid message from gateway</font><br>
tunnel disable<br>
detached from key daemon<br>
<p><br>
</p>
<p>In the logs i do see libreswan sending xauth request:</p>
<p>Jun 27 13:30:35 cmhome pluto[23927]: | XAUTH: Sending XAUTH
Login/Password Request</p>
<p><br>
</p>
<p>Is there a change from previous version that could affect auth
with xauth? <br>
</p>
<p>or is just that the shrew client is to old and i should stop
using it? <br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 27/06/2019 13:36, António Silva
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:68ca4f4e-49d6-70ad-5676-bfcfee8af228@wirelessmundi.com">Hi,
<br>
<br>
In version 3.29 i cannot connect shrew vpn client and i don't get
why, probably something with new ike negotiation.
<br>
<br>
other clients (android, cisco client) are working ok.
<br>
<br>
the configuration (client and server) was working in previous
versions:
<br>
<br>
ipsec.conf:
<br>
<br>
conn tunnel3
<br>
pfs=no
<br>
type=tunnel
<br>
auto=add
<br>
ikev2=no
<br>
phase2=esp
<br>
sha2-truncbug=yes
<br>
authby=secret
<br>
keyingtries=3
<br>
ikelifetime=1h
<br>
salifetime=1h
<br>
left=192.168.1.10
<br>
leftsubnet=0.0.0.0/0
<br>
leftid=192.168.1.10
<br>
leftupdown=/scripts/ipsec_monitor.php
<br>
right=%any
<br>
rightid=%any
<br>
rightaddresspool=192.168.168.80-192.168.168.80
<br>
rightupdown=/scripts/ipsec_monitor.php
<br>
dpddelay=30
<br>
dpdtimeout=60
<br>
dpdaction=hold
<br>
leftxauthserver=yes
<br>
rightxauthclient=yes
<br>
leftmodecfgserver=yes
<br>
rightmodecfgclient=yes
<br>
modecfgpull=yes
<br>
ike-frag=yes
<br>
ikev2=never
<br>
xauthby=pam
<br>
<br>
<br>
The output of the connection is:
<br>
<br>
Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY
cipher=AES_CBC_256 integ=HMAC_MD5 group=MODP2048}
<br>
<br>
Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:
received Delete SA payload: self-deleting ISAKMP State #1
<br>
Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1:
deleting state (STATE_MAIN_R3) aged 0.585s and sending
notification
<br>
Jun 27 13:30:35 cmhome pluto[23927]: packet from
192.168.1.66:50591: deleting connection "tunnel3"[2] 192.168.1.66
instance with peer 192.168.1.66 {isakmp=#0/ipsec=#0}
<br>
<br>
I guess that is something related to the new changes for IKE
negotiation.
<br>
<br>
Full log can be found at : <a class="moz-txt-link-freetext" href="https://pastebin.com/D8aQNWHN">https://pastebin.com/D8aQNWHN</a>
<br>
<br>
<br>
Thanks for the help.
<br>
<br>
</blockquote>
<pre class="moz-signature" cols="72">--
Saludos / Regards / Cumprimentos
António Silva</pre>
</body>
</html>