Am 17.03.2010 09:37, Shai Ayal schrieb: > Hello, > > I'm trying to setup shrewvpn to connect to racoon. > shrewvpn ver 2.1.5 on win XP > racoon 1:0.7.1-1.3+lenny2 on debian lenny 2.6.26-2-486 > > I'm getting the following error at the end of the racoon log: > 2010-03-17 10:33:33: INFO: respond new phase 1 negotiation: > 192.168.0.125[500]<=>192.168.0.83[500] > 2010-03-17 10:33:33: INFO: begin Identity Protection mode. > 2010-03-17 10:33:33: INFO: received Vendor ID: > draft-ietf-ipsra-isakmp-xauth-06.txt > 2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 > 2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01 > 2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 > > 2010-03-17 10:33:33: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 > 2010-03-17 10:33:33: INFO: received Vendor ID: RFC 3947 > 2010-03-17 10:33:33: INFO: received broken Microsoft ID: FRAGMENTATION > 2010-03-17 10:33:33: INFO: received Vendor ID: DPD > 2010-03-17 10:33:33: INFO: received Vendor ID: CISCO-UNITY > 2010-03-17 10:33:33: INFO: Selected NAT-T version: RFC 3947 > 2010-03-17 10:33:33: ERROR: rejected authmethod: > DB(prop#1:trns#1):Peer(prop#1:trns#1) = XAuth RSASIG server:Hybrid RSA > client > 2010-03-17 10:33:33: ERROR: no suitable proposal found. > 2010-03-17 10:33:33: ERROR: failed to get valid proposal. > 2010-03-17 10:33:33: ERROR: failed to pre-process packet. > 2010-03-17 10:33:33: ERROR: phase1 negotiation failed. > > I have shrewvpn authentication set to "Hybrid RSA + XAuth". > the way I read this error is thet shrewvpn is asking for "Hybrid RSA > client" method, and racoon doesn't have anything matching, although the > "XAuth RSASIG server" should be equivalent according to the manuals.
Shai, could you please provide your racoon.conf ? Stefan (Debian ipsec-tools/racoon Maintainer) -- Stefan Bauer ----------------------------------------- PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34 -------- plzk.de - Linux - because it works ---------- _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
