Am 12.03.2010 10:53, Henry Barker schrieb: > When I specify 0.0.0.0/24 as the remote network resource the tunnel is > brought up successfully, but I cannot route any traffic through the tunnel, > either to the remote LAN or to the Internet. I can resolve DNS addresses > however. > > On the Shrewsoft end I get the following in the IKE log: > 10/03/12 09:17:43 ii : received peer NO-PROPOSAL-CHOSEN notification > > On my router end I have the following: > x.x.x.x->x.x.x.x: [1/3] <- recv HASH|SA|NONCE, responder, quick mode > => connection lookup matching remote(192.168.123.20) <-> local(*.*.*.*) > -> consider connection profile AUTOL_192.168.123.0/24_to_192.168.250.0/24_#1 > --> skipped connection AUTOL_192.168.123.0/24_to_192.168.250.0/24_#1, its > peer is AUTOL_to_195.200.146.253_#1 > -> consider connection profile AUTOS_Conn_AUTOS_Net_192.168.123.0/24 > --> connection AUTOS_Conn_AUTOS_Net_192.168.123.0/24 local-id mismatch > -> consider connection profile > AUTOS_Conn_AUTOS_Net_192.168.123.0/24_192.168.123.0-255.255.255 > --> connection > AUTOS_Conn_AUTOS_Net_192.168.123.0/24_192.168.123.0-255.255.255 local-id > mismatch > => no matching connection profile found for incoming quick mode > quick mode failed: no connection profile found peer
That looks to me not like a successful connection. Client is complaining about no choosen proposal and the router got in trouble with "no matching connection profile". The complete shrew vpn logfiles would be helpful. > And the following adapter configuration: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Shrew Soft Virtual Adapter > Physical Address. . . . . . . . . : AA-AA-AA-46-24-00 > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > Link-local IPv6 Address . . . . . : fe80::f02a:594b:d369:2bcb%26(Preferred) > IPv4 Address. . . . . . . . . . . : 192.168.123.20(Preferred) > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 0.0.0.0 That looks suspicious. 0.0.0.0 is used as all-addresses but does not make sense as default-gateway. just my 5 cent stefan -- Stefan Bauer ----------------------------------------- PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34 -------- plzk.de - Linux - because it works ---------- _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
