Not sure if this is unique to our site or not. In any event, here's some detail:
Linux clients, using ShrewSoft 2.1.5 (compiled on each system) and using a site profile that is used successfully by Windows clients, connect to our gateway. The client reports a successful connect, and tap0 is spawned with a valid IP address from our ip pool. If the linux client attempts to ping or connect to a LAN resource, the connection fails. Nothing passes over the tap0 interface, and no traffic ever hits the remote side. Details: linux clients have included Ubuntu 9.10, Fedora core 6, Fedora core 9, Ubuntu 8.x iked versions tried: 2.1.5, 2.1.6b4, 2.2.0a9 Gateway is a Juniper SSG350M running 6.2.0r3.0 (Firewall+VPN) Windows clients (Vista, XP and 7, 32 and 64 bit) running 2.1.5 are able to connect using this same site profile. Mac clients using the same parameters connect using IPSecuritas. In other words, Linux clients fail exclusively, which implies either a linux config issue or an iked bug not present on Windows? I have debug logs and pcap logs. Is there a support email that they can be sent to? I can sanitize them to a certain extent and post them here if anyone has any ideas. I do see log entries like: Fairly early on (starting iked) recv X_SPDUMP message failure ( errno = 2 ) Much later, after xauth has passed and tap0 has been configured, during the policy add, I see send pfkey X_SPDADD UPSPEC message and that repeats at least 3 times. Then the policy sets up and tap0 is enabled. Now, if I start pinging the LAN that the tunnel is attached to, all I see are DPDV1-R-U-THERE notification messages over and over, every X seconds as the tunnel tries to stay alive. Otherwise, nothing is happening on the logs or over the interfaces. Routing is proper according to the route tables (192.168.0.0/20 -> tap0) and, again, this profile works on windows ShrewSoft clients. If anyone has any ideas....I'd be happy to try just about anything. Thanks, jason _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
