On 12/01/2011 11:25 PM, Greg Ledford wrote:
I appreciate the response. I thought I included both phases. I'll put more of
the log in this message. Thanks for any help. (I also think it's stupid
Watchguard switched over to Shrew because it's lazy on their part!)
11/11/30 21:03:33 ii : phase1 sa established
...
11/11/30 21:03:33 ii : sending xauth response for xxxx
...
11/11/30 21:03:33 ii : processing config packet ( 116 bytes )
11/11/30 21:03:33 DB : config found
11/11/30 21:03:33 =< : cookies bd0b5c039a760147:e5d89fd56d79cb3b
11/11/30 21:03:33 =< : message d879ecbe
11/11/30 21:03:33 =< : decrypt iv ( 8 bytes )
11/11/30 21:03:33 == : decrypt packet ( 116 bytes )
11/11/30 21:03:33 !! : validate packet failed ( reserved value is non-null )
11/11/30 21:03:33 !! : config packet ignored ( packet decryption error )
11/11/30 21:03:33<- : recv NAT-T:IKE packet ##.###.###.##:4500 ->
192.168.1.21:4500 ( 116 bytes )
11/11/30 21:03:33 DB : phase1 found
Hi Greg,
This log shows a little more. Phase1 goes alright, as does the xauth
stage. Where it goes dodgy is in the config exchange.
Are you using a config file generated from the Watchguard that you
imported into the Shrew client? If so, I would first try to manually
enter the PSK into the Shrew configuration (on the
Authentication/Credentials tab). Maybe somehow the PSK didn't get
shared correctly.
Second thing I would try is to play with the Auto Configuration on the
General tab of the Shrew configuration.
It might be even more helpful if you could provide us with the actual
Shrew configuration file that was generated by the Watchguard. It's
just a text file, so feel free to anonymize any IPs you wish.
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
