On 4/29/2011 1:17 PM, [email protected] wrote:
Kevin, et. al.,
I've gotten further on this and I do now have it working between Shrew
(2.1.7& 2.2) and the WatchGuard (Fireware 11.4.1 Pro). WatchGuard folks
have a brand-new release that supports the Shrew client (11.4[.1]). There
is a "firmware" and a System Manager, both at the same release levels. They
have a feature to generate either a WatchGuard config file or a Shrew (.vpn)
config file. This is what I found shortly before I sent the second note. I
gave it a go and had some problems. I've been working with the WatchGuard
folks since 4/21/11.
The problem is that the FireWire Web UI is a) not filling in the PSK in the
.vpn file (It had "b:auth-mutual-psk:(null)") and b) is barfing when it
received this from the client. This then responded fail to the PSK
authentication which made it look like the PSK values did not match.
The interesting thing is that via the WSM (their service manager software)
the .vpn file is generated correctly (base64 encoded psk).
I have a ticket open with them now. They were quite responsive while they
thought it was a setup error or Shrew's fault, but have been a bit slower
when I proved that it was their generation of the that was at fault.
There are next to zero config options on the WatchGuard, but the software
does work when the .vpn file is generated correctly.
One question I have is: Is it legal to have "b:auth-mutual-psk:(null)" in
the .vpn file and what does Shrew do when it encounters such?
It may load the file but the connection would obviously fail. Try it and
see what happens.
-Matthew
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
