Hi Matt Have a look at this
http://lists.shrew.net/pipermail/vpn-help/2008-November/000950.html Alexis On Sat, Nov 20, 2010 at 11:05 AM, Matt Leventhal < [email protected]> wrote: > > Dear Support, > > I have been trying for some time to connect the ShrewVPN to a Juniper > gateway at my work place, from Linux Mint (64 bit) at home. And have > recently upgraded to the latest version of Mint (10 - Julia) and still > having no luck. (Previously was on version 9, and all attempts at > connection have been over wireless). > > The GUI says the VPN has connected, and while connected I lose all internet > access, but equally I still do not have any access to my work place.. > nothing on my office LAN replies to pings, nor can I rdesktop to our office > terminal server etc. > > The same .pcf file works fine from a Windows XP VM I have on this machine, > which I hope rules out a mismatch of .pcf vs gateway settings, or anything > to do with my home internet access. Meaning it must be something to do with > my Linux install, but I'm too much of a newbie on Linux to have any idea > what to do next ! > > Here is the result of sudo iked -F -d 6 > ii : created ike socket 0.0.0.0:500 > ii : created natt socket 0.0.0.0:4500 > ## : IKE Daemon, ver 2.1.5 > ## : Copyright 2009 Shrew Soft Inc. > ## : This product linked OpenSSL 0.9.8o 01 Jun 2010 > K! : recv X_SPDDUMP message failure ( errno = 2 ) > !! : peer violates RFC, transform number mismatch ( 1 != 6 ) > !! : peer violates RFC, transform number mismatch ( 1 != 5 ) > > > And that's all I get, it just sits there after that with the client saying > it's connected but with no access to anything :( > > Very many thanks for your help, .pcf settings below. > > Kind regards, > Matt > > > .pcf settings (with sensitive information obscured): > n:version:2 > n:network-ike-port:500 > n:network-mtu-size:1380 > n:client-addr-auto:1 > n:network-natt-port:4500 > n:network-natt-rate:15 > n:network-frag-size:540 > n:network-dpd-enable:1 > n:client-banner-enable:0 > n:network-notify-enable:1 > n:client-wins-used:0 > n:client-wins-auto:0 > n:client-dns-used:1 > n:client-dns-auto:1 > n:client-splitdns-used:1 > n:client-splitdns-auto:1 > n:phase1-dhgroup:2 > n:phase1-life-secs:28800 > n:phase1-life-kbytes:0 > n:vendor-chkpt-enable:0 > n:phase2-life-secs:3600 > n:phase2-life-kbytes:0 > n:policy-nailed:0 > n:policy-list-auto:0 > s:network-host:xx.xx.xx.xx > s:client-auto-mode:push > s:client-iface:virtual > s:network-natt-mode:enable > s:network-frag-mode:enable > s:auth-method:mutual-psk-xauth > s:ident-client-type:fqdn > s:ident-server-type:fqdn > s:ident-client-data:xxxxx.xxxxxxxx.co.uk > s:ident-server-data:xxxxxx.xxxxxxxx.co.uk > b:auth-mutual-psk:xxxxxxxxxxx > s:phase1-exchange:aggressive > s:phase1-cipher:auto > s:phase1-hash:auto > s:phase2-transform:auto > s:phase2-hmac:auto > s:ipcomp-transform:disabled > n:phase2-pfsgroup:-1 > s:policy-list-include:192.168.230.0 / 255.255.255.0 > > _______________________________________________ > vpn-help mailing list > [email protected] > http://lists.shrew.net/mailman/listinfo/vpn-help > >
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
