Re: [Swan] problem connect shrew vpn client version 3.29

Thu, 27 Jun 2019 04:59:44 -0700 

Sorry forget to add the log from the client:

remote id configured
pre-shared key configured
bringin up tunnel...
invalid message from gateway
tunnel disable
detached from key daemon


In the logs i do see libreswan sending xauth request:
Jun 27 13:30:35 cmhome pluto[23927]: | XAUTH: Sending XAUTH Login/Password Request 


Is there a change from previous version that could affect auth with xauth?

or is just that the shrew client is to old and i should stop using it?


On 27/06/2019 13:36, António Silva wrote:

Hi,
In version 3.29 i cannot connect shrew vpn client and i don't get why, probably something with new ike negotiation. 

other clients (android, cisco client) are working ok.

the configuration (client and server) was working in previous versions:

ipsec.conf:

conn tunnel3
    pfs=no
    type=tunnel
    auto=add
    ikev2=no
    phase2=esp
    sha2-truncbug=yes
    authby=secret
    keyingtries=3
    ikelifetime=1h
    salifetime=1h
    left=192.168.1.10
    leftsubnet=0.0.0.0/0
    leftid=192.168.1.10
    leftupdown=/scripts/ipsec_monitor.php
    right=%any
    rightid=%any
    rightaddresspool=192.168.168.80-192.168.168.80
    rightupdown=/scripts/ipsec_monitor.php
    dpddelay=30
    dpdtimeout=60
    dpdaction=hold
    leftxauthserver=yes
    rightxauthclient=yes
    leftmodecfgserver=yes
    rightmodecfgclient=yes
    modecfgpull=yes
    ike-frag=yes
    ikev2=never
    xauthby=pam


The output of the connection is:
Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_MD5 group=MODP2048}
Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1: received Delete SA payload: self-deleting ISAKMP State #1 Jun 27 13:30:35 cmhome pluto[23927]: "tunnel3"[2] 192.168.1.66 #1: deleting state (STATE_MAIN_R3) aged 0.585s and sending notification Jun 27 13:30:35 cmhome pluto[23927]: packet from 192.168.1.66:50591: deleting connection "tunnel3"[2] 192.168.1.66 instance with peer 192.168.1.66 {isakmp=#0/ipsec=#0} 

I guess that is something related to the new changes for IKE negotiation.

Full log can be found at : https://pastebin.com/D8aQNWHN


Thanks for the help.


--
Saludos / Regards / Cumprimentos
António Silva


_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to