On Wed, 20 Apr 2011 23:18:49 -0500 <[email protected]> wrote: > > So I downloaded, applied & then created the .vpn file. I imported the > created .vpn file and gave it a try. I got a lot further than > before, but I'm still getting an error. >
Hi Greg, This message in the Shrew log suggests to me that you should first check to see if your preshared keys match between Shrew and the gateway. 11/04/20 22:56:37 == : phase1 hash_r ( received ) ( 20 bytes ) 11/04/20 22:56:37 !! : phase1 sa rejected, invalid auth data 11/04/20 22:56:37 !! : 100.55.20.75:4500 <-> 100.100.100.37:4500 If that doesn't work, I'd work to make sure the other phase1 settings match. This is what Shrew is trying to use: 11/04/20 22:56:37 << : security association payload 11/04/20 22:56:37 << : - propsal #1 payload 11/04/20 22:56:37 << : -- transform #1 payload 11/04/20 22:56:37 ii : matched isakmp proposal #1 transform #1 11/04/20 22:56:37 ii : - transform = ike 11/04/20 22:56:37 ii : - cipher type = 3des 11/04/20 22:56:37 ii : - key length = default 11/04/20 22:56:37 ii : - hash type = sha1 11/04/20 22:56:37 ii : - dh group = group1 ( modp-768 ) 11/04/20 22:56:37 ii : - auth type = xauth-initiator-psk 11/04/20 22:56:37 ii : - life seconds = 86400 11/04/20 22:56:37 ii : - life kbytes = 0 And this output from the gateway shows what it would like: Debug 2011-04-21T03:59:26 Process=iked msg=IKE Proposal : peer propose EncryptAlgo 3DES Debug 2011-04-21T03:59:26 Process=iked msg=IKE Proposal : peer propose AuthAlgo SHA-1 Debug 2011-04-21T03:59:26 Process=iked msg=Select IKE Proposal : matched DHGrp 1 Debug 2011-04-21T03:59:26 Process=iked msg=IKE Proposal : peer propose XAuthMode 65001 Debug 2011-04-21T03:59:26 Process=iked msg=P1__Mode: XAuth enforced, peer propose 65001 Debug 2011-04-21T03:59:26 Process=iked msg=IkeSelect Xauth= 65001 1 Debug 2011-04-21T03:59:26 Process=iked msg=Select Proposal : peer propose life sec 86400 Debug 2011-04-21T03:59:26 Process=iked msg=Select Proposal : take local proposed life sec 28800 Debug 2011-04-21T03:59:26 Process=iked msg=IkeProposalHtoN : net order spi(0000 0000 0000 0000) Debug 2011-04-21T03:59:26 Process=iked msg=peer ID type 3 length 19 data0 54 Notice that there is a mismatch when it comes to the "life sec". There may be other mismatches, because I don't know how to map the "peer ID type 3" to the Shrew client settings. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
