Today I had 2 weird problems when connecting to 2 different pfSense firewalls with ShrewSoft VPN Client 2.2.2 (from 2 different computers). In both cases the connection appeared to have succeeded, but no resources on the remote network could be accessed.
This is what pfSense IPsec logs showed on the first firewall: Jan 14 14:27:35 racoon: [193.77.xx.xx] INFO: received INITIAL-CONTACT Jan 14 14:27:35 racoon: INFO: Using port 0 Jan 14 14:27:35 racoon: user 'username' authenticated Jan 14 14:27:35 racoon: INFO: login succeeded for user "username" Jan 14 14:27:35 racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY Jan 14 14:27:35 racoon: ERROR: Cannot open "/etc/motd" Jan 14 14:27:35 racoon: ERROR: Hybrid auth negotiated but peer did not succeed Xauth exchange Jan 14 14:27:35 racoon: ERROR: Attempt to start phase 2 whereas Xauth failed Jan 14 14:27:39 racoon: ERROR: Hybrid auth negotiated but peer did not succeed Xauth exchange Jan 14 14:27:39 racoon: ERROR: Attempt to start phase 2 whereas Xauth failed Jan 14 14:27:40 racoon: ERROR: Hybrid auth negotiated but peer did not succeed Xauth exchange Jan 14 14:27:40 racoon: ERROR: Attempt to start phase 2 whereas Xauth failed And here's the second (this one happened to a client actually): Jan 14 18:23:23 racoon: [92.37.xx.xx] INFO: received INITIAL-CONTACT Jan 14 18:23:23 racoon: INFO: Using port 0 Jan 14 18:23:24 racoon: user 'username' authenticated Jan 14 18:23:24 racoon: INFO: login succeeded for user "username" Jan 14 18:23:24 racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY Jan 14 18:23:24 racoon: ERROR: Cannot open "/etc/motd" Jan 14 18:23:24 racoon: [92.37.xx.xx] ERROR: can't start the quick mode, there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07 Jan 14 18:23:29 racoon: [92.37.xx.xx] ERROR: can't start the quick mode, there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07 Jan 14 18:23:34 racoon: [92.37.xx.xx] ERROR: can't start the quick mode, there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07 Jan 14 18:23:39 racoon: [92.37.xx.xx] ERROR: can't start the quick mode, there is no ISAKMP-SA, 0caea91f28234f3e:d2a5175f4c39e97a:00005d07 Running the ShrewSoft installer made the problem go away, but I'd like to avoid doing this in the future. In the first case I was investigating why a client wasn't able to connect to our firewall, and when I tried to connect with their username and password, ShrewSoft stopped working (until that point, I could connect from my test machine without any problems; afterwards neither their, nor my own username worked anymore). In the second case, a (different) client called me that they installed the VPN client on a new machine, and it worked for a few hours, then they lost connection to the RDP server, and couldn't reestablish it. I'm not sure which Windows version the first client is using, but the second client, and my test computer both run 8.1. -- < Jernej Simončič ><><><><><><><><><><><>< http://eternallybored.org/ > Because 10 billion years' time is so fragile, so ephemeral... it arouses such a bittersweet, almost heartbreaking fondness. _______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
