For 4. Re: Problem after upgrade to ubuntu 11.10 (Kevin VPN) Downgrade to version 2.15.
Best regards, Félix 2011/11/8 <[email protected]> > Send vpn-help mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.shrew.net/mailman/listinfo/vpn-help > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of vpn-help digest..." > > > Today's Topics: > > 1. Re: VPN Connection Problems (Kevin VPN) > 2. Re: SAs expire immediately, connecting to Juniper SSG via > Shrew (Kevin VPN) > 3. Re: Shrew 2.2.0 OS X build does not work on OSX 10.6.8 (Kevin VPN) > 4. Re: Problem after upgrade to ubuntu 11.10 (Kevin VPN) > 5. Re: Shrew 2.2.0 OS X build working on OSX 10.7 Lion? (Kevin VPN) > 6. Re: Shrew 2.2.0 OS X build does not work on OSX 10.6.8 > (Jinyan Huang) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 7 Nov 2011 22:05:17 -0500 > From: Kevin VPN <[email protected]> > Subject: Re: [vpn-help] VPN Connection Problems > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="ISO-8859-1"; format=flowed > > On 10/26/2011 11:05 PM, Joshua Joyce wrote: > > Experts: > > > ... > > > > I have been having problems with the multiple stations kicking off > > the the stations that connected prior. I juggle the connection for a > > while, and soon the VPN Gateway doesn't respond to anyone. Several > > hardware reboots later things start connecting again with the same > > problem. I really noticed this after I connected the server for the > > first time. Prior to that I was able to RDP on station from the > > other station through the VPN Connection, so I know they can reach > > each other. > > > > I set up the Shrew exactly the way shown on the Shrew set-up page for > > netgear. > > > > > > Maybe a question for further down the road, but can I set this up a > > different way than shown on the Shrew set-up page? It ha me using > > 3DES, which I recall uses a ton of processor resourses. > ... > > Hi Josh, > > For the first problem (users kicking others) it's possible that the > Netgear only only allows one concurrent login. Since you're all using > the same remote identifier, I think that there's probably a conflict. > (I'm not sure why it requires multiple reboots to restore service though.) > > I'm not sure if there's a way to allow multiple logins with the same > remote identifier. You could explore using a different Remote > Identifier Type, perhaps there's one that allows a dynamic client IP. If > you have a fixed (and manageable) number of clients, you could also > create a separate VPN (IKE Policy) for each. > > For the second issue, you can always try using some encryption other > than 3DES to save cycles, although you'd probably also sacrifice some > level of crypto strength. It might be worth it though, if your clients > are in the field and battery life is an important issue. Just make sure > that both the gateway and client are set to the same values and it > should work. > > If all you need the VPN for is access to the server, since you've got > Server 2008 R2, if your clients are Win7, you could also look at putting > them together as a domain and using DirectAccess to provide an encrypted > channel between the server and clients. > > > ------------------------------ > > Message: 2 > Date: Mon, 7 Nov 2011 22:13:25 -0500 > From: Kevin VPN <[email protected]> > Subject: Re: [vpn-help] SAs expire immediately, connecting to Juniper > SSG via Shrew > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="ISO-8859-1"; format=flowed > > On 10/27/2011 04:22 PM, Tim Keane wrote: > > > > When I attempt to connect using Shrew, Phase1 and Phase2 negotiations are > > completed successfully. However, the SAs immediately expire. This is > happening > > using Shrew v. 2.1.7 and 2.2.0, on both XP and Win7 client computers. > > > ... > > 11/10/27 15:01:47 ii : processing phase2 packet ( 76 bytes ) > > 11/10/27 15:01:47 ii : processing phase2 packet ( 76 bytes ) > > 11/10/27 15:01:47 DB : phase2 found > > 11/10/27 15:01:47 DB : phase2 found > > 11/10/27 15:01:47 !! : phase2 packet ignored, resending last packet ( > phase2 > > already mature ) > > 11/10/27 15:01:47 !! : phase2 packet ignored, resending last packet ( > phase2 > > already mature ) > > > > Hi Tim, > > I would suggest that your problem is that Phase 2 is not completing > successfully. Shrew might think that it's complete (mature), but the > gateway is still sending configure packets, suggesting that it does not > agree. I've seen this before, but can't remember exactly the cause. > Maybe the proxy ids or policies didn't match? > > Double-check your Phase 2, proxy and/or policy settings to be sure they > are the same on both the client and gateway. > > > ------------------------------ > > Message: 3 > Date: Mon, 7 Nov 2011 22:18:16 -0500 > From: Kevin VPN <[email protected]> > Subject: Re: [vpn-help] Shrew 2.2.0 OS X build does not work on OSX > 10.6.8 > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="ISO-8859-1"; format=flowed > > On 11/02/2011 11:05 PM, Jinyan Huang wrote: > > Dear list, > > > > I have Shrew VPN on my windows and Mac OS. In the same network > > environment, the windows version is working, but on Mac is not. The > > log file is follow. Any suggestions? Thank you very much in advance. > > > > config loaded for site 'server' > > attached to key daemon ... > > peer configured > > iskamp proposal configured > > esp proposal configured > > client configured > > local id configured > > remote id configured > > file password required for user@serverb > > file password required for user@serverb > > file password required for user@serverb > > file password required for user@serverb > > server cert configured > > client cert configured > > client key configured > > bringing up tunnel ... > > negotiation timout occurred > > tunnel disabled > > detached from key daemon > > user > > > > sudo iked restart > > ii : created ike socket 0.0.0.0:500 > > ii : created natt socket 0.0.0.0:4500 > > ## : IKE Daemon, ver 2.2.0 > > ## : Copyright 2009 Shrew Soft Inc. > > ## : This product linked OpenSSL 0.9.8r 8 Feb 2011 > > > > > > ps aux | grep iked > > user 1498 0.0 0.0 2435116 528 s003 S+ 10:52AM 0:00.00 > grep iked > > root 1485 0.0 0.0 611516 836 ?? Ss 10:49AM 0:00.07 > > iked restart > > Hi Jinyan, > > I don't have a Mac, so I can't really help much, but are you perhaps > running a firewall or other VPN software that is intercepting/blocking > the packets coming back from the VPN gateway? The iked.log does not > show any packets received from the gateway. > > Are you able to look at the gateway to see if it receives the connect > request from Shrew? > > > ------------------------------ > > Message: 4 > Date: Mon, 7 Nov 2011 22:27:05 -0500 > From: Kevin VPN <[email protected]> > Subject: Re: [vpn-help] Problem after upgrade to ubuntu 11.10 > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="ISO-8859-1"; format=flowed > > On 10/28/2011 09:10 AM, Joao Mendes wrote: > > Hi Tio, > > I tryed 2.2.0 beta 2 and worked. > > > > I send you a deb I made with checkinstall (install at your > responsability) > > > > I needed to start iked manually (after renaming /etc/iked.conf.sample to > > /etc/iked.conf) > > > > Then start the UI qikea.. > > > > The vpn configuration file is the same. > > > > > > Cumprimentos, > > Jo?o Mendes > > > > Hi Jo?o, > > This deb file is really welcome, thank you! This will help a lot of > people! Especially since the bug hasn't even been assigned to someone > to fix yet (https://bugs.launchpad.net/ubuntu/+source/ike/+bug/860208). > > I notice that the build is for amd64. I'm not very aware of Linux > builds, but I think that means it is for 64bit versions of Ubuntu. Is > it possible for you to also make one for 32bit? Pretty please? :) > > > ------------------------------ > > Message: 5 > Date: Mon, 7 Nov 2011 22:30:13 -0500 > From: Kevin VPN <[email protected]> > Subject: Re: [vpn-help] Shrew 2.2.0 OS X build working on OSX 10.7 > Lion? > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="ISO-8859-1"; format=flowed > > On 11/01/2011 05:45 PM, Jaren Angerbauer wrote: > > On Tue, Nov 1, 2011 at 3:35 PM, Paul Theodoropoulos<[email protected]> > wrote: > >> apologies for the delay replying - to the best of my recollection, i > did not > >> reinstall shrew after upgrading to lion, however, i could not testify to > >> that in a court of law. :) > > > > FWIW, I installed Shrew for the first time after upgrading to Lion, > > and it's working great. For those having issues, perhaps try > > uninstalling / reinstalling. Is there any guide that shows how to > > completely remove the software from the system? > > > > I second that, a set of instructions for removal from OS X would be most > useful - I'm assuming it's not so simple as deleting the Shrew objects > from the Applications menu in Finder, since iked runs at startup. > > > ------------------------------ > > Message: 6 > Date: Tue, 8 Nov 2011 11:54:00 +0800 > From: Jinyan Huang <[email protected]> > Subject: Re: [vpn-help] Shrew 2.2.0 OS X build does not work on OSX > 10.6.8 > To: Kevin VPN <[email protected]> > Cc: [email protected] > Message-ID: > <can31xkcdn262odxo8qgfnfjc7t-ib_8nygm2k_aqc++5dew...@mail.gmail.com > > > Content-Type: text/plain; charset=ISO-8859-1 > > I just use the client of shrew. I cannot look at the gateway to see if > it receives the connect request from Shrew. > > But I used the same internet the windows Shrew can connect but Mac > not. In my Mac, I do not install firewall or other VPN software. > > It is strange. > > On Tue, Nov 8, 2011 at 11:18 AM, Kevin VPN <[email protected]> wrote: > > On 11/02/2011 11:05 PM, Jinyan Huang wrote: > >> > >> Dear list, > >> > >> I have Shrew VPN on my windows and Mac OS. In the same network > >> environment, the windows version is working, but on Mac is not. The > >> log file is follow. Any suggestions? Thank you very much in advance. > >> > >> config loaded for site 'server' > >> attached to key daemon ... > >> peer configured > >> iskamp proposal configured > >> esp proposal configured > >> client configured > >> local id configured > >> remote id configured > >> file password required for user@serverb > >> file password required for user@serverb > >> file password required for user@serverb > >> file password required for user@serverb > >> server cert configured > >> client cert configured > >> client key configured > >> bringing up tunnel ... > >> negotiation timout occurred > >> tunnel disabled > >> detached from key daemon > >> user > >> > >> sudo iked restart > >> ii : created ike socket 0.0.0.0:500 > >> ii : created natt socket 0.0.0.0:4500 > >> ## : IKE Daemon, ver 2.2.0 > >> ## : Copyright 2009 Shrew Soft Inc. > >> ## : This product linked OpenSSL 0.9.8r 8 Feb 2011 > >> > >> > >> ps aux | grep iked > >> user ? ?1498 ? 0.0 ?0.0 ?2435116 ? ?528 s003 ?S+ ? 10:52AM ? 0:00.00 > grep > >> iked > >> root ? ? ?1485 ? 0.0 ?0.0 ? 611516 ? ?836 ? ?? ?Ss ? 10:49AM ? 0:00.07 > >> iked restart > > > > Hi Jinyan, > > > > I don't have a Mac, so I can't really help much, but are you perhaps > running > > a firewall or other VPN software that is intercepting/blocking the > packets > > coming back from the VPN gateway? ?The iked.log does not show any packets > > received from the gateway. > > > > Are you able to look at the gateway to see if it receives the connect > > request from Shrew? > > _______________________________________________ > > vpn-help mailing list > > [email protected] > > http://lists.shrew.net/mailman/listinfo/vpn-help > > > > > ------------------------------ > > _______________________________________________ > vpn-help mailing list > [email protected] > http://lists.shrew.net/mailman/listinfo/vpn-help > > > End of vpn-help Digest, Vol 62, Issue 4 > *************************************** > -- *Félix Pablo Grande Ramos* *Carpe diem quam minimum credula postero *Aprovecha el día, no confíes en mañana *Horacio (Odas,I,11) *
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
