Re: [vpn-help] Shrew 2.2.0 OS X build does not work on OSX 10.6.8

Tue, 03 Jan 2012 20:05:19 -0800 

On 12/21/2011 02:50 AM, Jinyan Huang wrote:

Now have a new problem. I can connect the vpn. But can not do ssh. The
log file is in the attachment.

...
11/12/21 08:40:35 ii : received config pull response
11/12/21 08:40:35 ii : - IP4 WINS Server = 10.10.2.16
11/12/21 08:40:35 ii : - IP4 DNS Server = 10.10.2.16
11/12/21 08:40:35 ii : - IP4 Netmask = 255.255.255.0
11/12/21 08:40:35 ii : - Address Expiry = -1341915136
11/12/21 08:40:35 ii : - IP4 Address = 10.2.2.5
...
11/12/21 08:40:37 ii : matched ipsec-esp proposal #1 transform #1
11/12/21 08:40:37 ii : - transform    = esp-3des
11/12/21 08:40:37 ii : - key length   = default
11/12/21 08:40:37 ii : - encap mode   = udp-tunnel ( rfc )
11/12/21 08:40:37 ii : - msg auth     = hmac-sha1
11/12/21 08:40:37 ii : - pfs dh group = none
11/12/21 08:40:37 ii : - life seconds = 3600
11/12/21 08:40:37 ii : - life kbytes  = 0
11/12/21 08:40:37 DB : policy found
11/12/21 08:40:37 K>  : send pfkey GETSPI ESP message
11/12/21 08:40:37 ii : phase2 ids accepted
11/12/21 08:40:37 ii : - loc ANY:10.2.2.5:* ->  ANY:0.0.0.10/0:*
11/12/21 08:40:37 ii : - rmt ANY:0.0.0.10/0:* ->  ANY:10.2.2.5:*
11/12/21 08:40:37 ii : phase2 sa established
...


Hi Jinyan,
First off, congratulations on getting the VPN to connect - I see that both phase1 and phase2 negotiations now complete successfully! Good work and great persistence! (I'd love it if you posted a message explaining what you had to do to get the VPN working especially with details about the certificate setup.) 

As for not being able to SSH, there may still be some details to work out.
1. First, I notice an odd thing with your tunnel policies. The "loc ANY:10.2.2.5:* -> ANY:0.0.0.10/0:*" policy seems off. Because it uses a mask of /0, it is really a "Tunnel All" policy, since /0 will match on any IP address. The standard convention for this type of policy to specify the net-range as 0.0.0.0/0. I'm not sure where the 0.0.0.10 is coming from. That may be a sign of a misconfiguration somewhere. 

Other suggestions:
2. Are you trying to SSH to an IP address or a hostname? Try SSHing to the IP address of the server directly in case DNS is not working.
3. I would check if the server you are trying to connect to is configured to allow connections from the VPN address range (10.2.2.x/24). 
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help

Reply via email to