On 1/21/2011 9:25 PM, DuWayne Odom wrote:
Better late than never... :-)
That change fixed the problem. Thanks for your response! I was almost on
the edge of giving up on pfsense.
As a side note: Shrewsoft has been a huge life saver for me as an IT
support person. It has allowed my co-workers which have 64 bit windows
to finally be able to connect to the Cisco VPN Concentrator at my work.
Prior to finding out about Shrewsoft we had to tell all 64 bit users
that they could not connect to our concentrators due to Cisco deciding
they were not going to support 64 bit windows on our concentrator. I
have not had a chance to try out vpn connectivity between shrew and
pfsense's ipsec/vpn but hope to be able to play with it some in the
future so I can connect securely to my home network.
Thanks again for the solution... you rock!!!
Hi DuWayne,
No problem. Glad to hear the problem is now resolved. We added the new
policy generation mode feature to allow for more complete compatibility
with VPN gateways such as Cisco. The Cisco VPN client only negotiates a
single SA using a remote network ID of 0.0.0.0/0 and then selectively
tunnels traffic based on the remote topology specifications provided by
the VPN gateway during modecfg. The Shrew Soft client will try to mimic
this behavior when it receives a CISCO vendor ID. It just so happens
that the ipsec-tools racoon daemon provides the same vendor ID during
phase1 negotiations for compatibility reasons.
By specifying UNIQUE under the policy tab, the VPN client negotiates a
unique SA for each destination network it needs to talk to. This is the
way pfSense and other Linux/BSD based systems typically operate. In any
case, thanks for trying the Shrew Soft VPN client and following up with
this list to report your results after changing the suggested setting.
-Matthew
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
