Racoon IPSEC Roadwarrior with shrewsoft and cisco VPN Client problems
-
Try the different values of the "proposal check" option in the GUI, see if that makes a difference.
-
Hi jimp,
i tested all proposal checking options but phase 2 still dont work. shrewsoft proposal settings are "auto".
Also try to change some IP Security Options like "Prefer older IPsec SAs" and "Enable MSS clamping on VPN traffic" but no success.
obey:
Oct 16 17:12:04 racoon: []: ERROR: failed to pre-process packet. Oct 16 17:12:04 racoon: []: ERROR: failed to get sainfo. Oct 16 17:12:04 racoon: []: ERROR: failed to get sainfo. Oct 16 17:12:04 racoon: []: INFO: respond new phase 2 negotiation: xxx.xxx.xxx.xxx[4500]<=> xxx.xxx.xxx.xxx[52005] Oct 16 17:11:59 racoon: []: ERROR: failed to pre-process packet. Oct 16 17:11:59 racoon: []: ERROR: failed to get sainfo. Oct 16 17:11:59 racoon: []: ERROR: failed to get sainfo. Oct 16 17:11:59 racoon: []: INFO: respond new phase 2 negotiation: xxx.xxx.xxx.xxx[4500]<=> xxx.xxx.xxx.xxx[52005] Oct 16 17:11:52 racoon: []: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY Oct 16 17:11:52 racoon: []: INFO: login succeeded for user "vpn" Oct 16 17:11:52 racoon: []: INFO: Using port 0 Oct 16 17:11:52 racoon: []: INFO: ISAKMP-SA established xxx.xxx.xxx.xxx[4500]- xxx.xxx.xxx.xxx[52005] spi:9483a6a3f6d54d54:ecdfc1da4b53ab37 Oct 16 17:11:52 racoon: []: INFO: Sending Xauth request Oct 16 17:11:52 racoon: []: INFO: NAT detected: ME PEER Oct 16 17:11:52 racoon: []: INFO: NAT-D payload #1 doesn't match Oct 16 17:11:52 racoon: []: INFO: Hashing xxx.xxx.xxx.xxx[52005] with algo #2 Oct 16 17:11:52 racoon: []: INFO: NAT-D payload #0 doesn't match Oct 16 17:11:52 racoon: []: INFO: Hashing xxx.xxx.xxx.xxx1[4500] with algo #2 Oct 16 17:11:52 racoon: []: INFO: NAT-T: ports changed to: xxx.xxx.xxx.xxx[52005]<-> xxx.xxx.xxx.xxx[4500] Oct 16 17:11:52 racoon: []: INFO: Adding xauth VID payload. Oct 16 17:11:52 racoon: []: INFO: Hashing xxx.xxx.xxx.xxx[500] with algo #2 Oct 16 17:11:52 racoon: []: INFO: Hashing xxx.xxx.xxx.xxx[500] with algo #2 Oct 16 17:11:52 racoon: []: INFO: Adding remote and local NAT-D payloads. Oct 16 17:11:52 racoon: []: INFO: Selected NAT-T version: RFC 3947 Oct 16 17:11:52 racoon: []: WARNING: No ID match. Oct 16 17:11:52 racoon: []: INFO: received Vendor ID: CISCO-UNITY Oct 16 17:11:52 racoon: []: INFO: received Vendor ID: DPD Oct 16 17:11:52 racoon: []: INFO: received broken Microsoft ID: FRAGMENTATION Oct 16 17:11:52 racoon: []: INFO: received Vendor ID: RFC 3947 Oct 16 17:11:52 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 Oct 16 17:11:52 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Oct 16 17:11:52 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01 Oct 16 17:11:52 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 Oct 16 17:11:52 racoon: []: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt Oct 16 17:11:52 racoon: []: INFO: begin Aggressive mode. Oct 16 17:11:52 racoon: []: INFO: respond new phase 1 negotiation: xxx.xxx.xxx.xxx[500]<=> xxx.xxx.xxx.xxx[500]strict:
Oct 16 17:16:10 racoon: []: ERROR: phase1 negotiation failed. Oct 16 17:16:10 racoon: []: ERROR: failed to pre-process packet. Oct 16 17:16:10 racoon: []: ERROR: failed to get valid proposal. Oct 16 17:16:10 racoon: []: ERROR: no suitable proposal found. Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#18) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#18) = 3DES-CBC:DES-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#17) = SHA:MD5 Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#17) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#17) = 3DES-CBC:DES-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#16) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#16) = 3DES-CBC:CAST-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#15) = SHA:MD5 Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#15) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#15) = 3DES-CBC:CAST-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#14) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#13) = SHA:MD5 Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#13) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#12) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#12) = 3DES-CBC:Blowfish-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#11) = SHA:MD5 Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#11) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#11) = 3DES-CBC:Blowfish-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#10) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#10) = 3DES-CBC:Blowfish-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#9) = SHA:MD5 Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#9) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#9) = 3DES-CBC:Blowfish-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#8) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#8) = 3DES-CBC:Blowfish-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#7) = SHA:MD5 Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#7) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#7) = 3DES-CBC:Blowfish-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#6) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#6) = 3DES-CBC:AES-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = SHA:MD5 Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#5) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = 3DES-CBC:AES-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#4) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 3DES-CBC:AES-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = SHA:MD5 Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#3) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 3DES-CBC:AES-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#2) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 3DES-CBC:AES-CBC Oct 16 17:16:10 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA:MD5 Oct 16 17:16:10 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#1) = XAuth pskey server:XAuth pskey client Oct 16 17:16:10 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 3DES-CBC:AES-CBC Oct 16 17:16:10 racoon: []: INFO: Selected NAT-T version: RFC 3947 Oct 16 17:16:10 racoon: []: WARNING: No ID match. Oct 16 17:16:10 racoon: []: INFO: received Vendor ID: CISCO-UNITY Oct 16 17:16:10 racoon: []: INFO: received Vendor ID: DPD Oct 16 17:16:10 racoon: []: INFO: received broken Microsoft ID: FRAGMENTATION Oct 16 17:16:10 racoon: []: INFO: received Vendor ID: RFC 3947 Oct 16 17:16:10 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 Oct 16 17:16:10 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Oct 16 17:16:10 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01 Oct 16 17:16:10 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 Oct 16 17:16:10 racoon: []: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt Oct 16 17:16:10 racoon: []: INFO: begin Aggressive mode. Oct 16 17:16:10 racoon: []: INFO: respond new phase 1 negotiation: xxx.xxx.xxx.xxx[500]<=>xxx.xxx.xxx.xxx[500]claim:
Oct 16 17:20:27 racoon: []: ERROR: failed to pre-process packet. Oct 16 17:20:27 racoon: []: ERROR: failed to get sainfo. Oct 16 17:20:27 racoon: []: ERROR: failed to get sainfo. Oct 16 17:20:27 racoon: []: INFO: respond new phase 2 negotiation: xxx.xxx.xxx.xxx[4500]<=>xxx.xxx.xxx.xxx[26145] Oct 16 17:20:22 racoon: []: ERROR: failed to pre-process packet. Oct 16 17:20:22 racoon: []: ERROR: failed to get sainfo. Oct 16 17:20:22 racoon: []: ERROR: failed to get sainfo. Oct 16 17:20:22 racoon: []: INFO: respond new phase 2 negotiation: xxx.xxx.xxx.xxx[4500]<=>xxx.xxx.xxx.xxx[26145] Oct 16 17:19:33 racoon: []: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY Oct 16 17:19:33 racoon: []: INFO: login succeeded for user "vpn" Oct 16 17:19:33 racoon: []: INFO: Using port 0 Oct 16 17:19:33 racoon: []: INFO: ISAKMP-SA established xxx.xxx.xxx.xxx[4500]-xxx.xxx.xxx.xxx[26145] spi:5dd79ef30dc1fd5f:f59a4e58a3730483 Oct 16 17:19:33 racoon: []: INFO: Sending Xauth request Oct 16 17:19:33 racoon: []: INFO: NAT detected: ME PEER Oct 16 17:19:33 racoon: []: INFO: NAT-D payload #1 doesn't match Oct 16 17:19:33 racoon: []: INFO: Hashing xxx.xxx.xxx.xxx[26145] with algo #2 Oct 16 17:19:33 racoon: []: INFO: NAT-D payload #0 doesn't match Oct 16 17:19:33 racoon: []: INFO: Hashing xxx.xxx.xxx.xxx[4500] with algo #2 Oct 16 17:19:33 racoon: []: INFO: NAT-T: ports changed to: xxx.xxx.xxx.xxx[26145]<->xxx.xxx.xxx.xxx[4500] Oct 16 17:19:33 racoon: []: INFO: Adding xauth VID payload. Oct 16 17:19:33 racoon: []: INFO: Hashing xxx.xxx.xxx.xxx[500] with algo #2 Oct 16 17:19:33 racoon: []: INFO: Hashing xxx.xxx.xxx.xxx[500] with algo #2 Oct 16 17:19:33 racoon: []: INFO: Adding remote and local NAT-D payloads. Oct 16 17:19:33 racoon: []: INFO: Selected NAT-T version: RFC 3947 Oct 16 17:19:33 racoon: []: WARNING: No ID match. Oct 16 17:19:33 racoon: []: INFO: received Vendor ID: CISCO-UNITY Oct 16 17:19:33 racoon: []: INFO: received Vendor ID: DPD Oct 16 17:19:33 racoon: []: INFO: received broken Microsoft ID: FRAGMENTATION Oct 16 17:19:33 racoon: []: INFO: received Vendor ID: RFC 3947 Oct 16 17:19:33 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 Oct 16 17:19:33 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Oct 16 17:19:33 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01 Oct 16 17:19:33 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 Oct 16 17:19:33 racoon: []: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt Oct 16 17:19:33 racoon: []: INFO: begin Aggressive mode. Oct 16 17:19:33 racoon: []: INFO: respond new phase 1 negotiation: xxx.xxx.xxx.xxx[500]<=>xxx.xxx.xxx.xxx[500]Exact:
Oct 16 17:22:55 racoon: []: ERROR: phase1 negotiation failed. Oct 16 17:22:55 racoon: []: ERROR: failed to pre-process packet. Oct 16 17:22:55 racoon: []: ERROR: failed to get valid proposal. Oct 16 17:22:55 racoon: []: ERROR: no suitable proposal found. Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#18) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#18) = 3DES-CBC:DES-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#17) = SHA:MD5 Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#17) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#17) = 3DES-CBC:DES-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#16) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#16) = 3DES-CBC:CAST-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#15) = SHA:MD5 Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#15) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#15) = 3DES-CBC:CAST-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#14) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#13) = SHA:MD5 Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#13) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#12) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#12) = 3DES-CBC:Blowfish-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#11) = SHA:MD5 Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#11) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#11) = 3DES-CBC:Blowfish-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#10) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#10) = 3DES-CBC:Blowfish-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#9) = SHA:MD5 Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#9) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#9) = 3DES-CBC:Blowfish-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#8) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#8) = 3DES-CBC:Blowfish-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#7) = SHA:MD5 Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#7) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#7) = 3DES-CBC:Blowfish-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#6) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#6) = 3DES-CBC:AES-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = SHA:MD5 Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#5) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = 3DES-CBC:AES-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#4) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 3DES-CBC:AES-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = SHA:MD5 Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#3) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 3DES-CBC:AES-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#2) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 3DES-CBC:AES-CBC Oct 16 17:22:55 racoon: []: ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA:MD5 Oct 16 17:22:55 racoon: []: ERROR: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#1) = XAuth pskey server:XAuth pskey client Oct 16 17:22:55 racoon: []: ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 3DES-CBC:AES-CBC Oct 16 17:22:55 racoon: []: INFO: Selected NAT-T version: RFC 3947 Oct 16 17:22:55 racoon: []: WARNING: No ID match. Oct 16 17:22:55 racoon: []: INFO: received Vendor ID: CISCO-UNITY Oct 16 17:22:55 racoon: []: INFO: received Vendor ID: DPD Oct 16 17:22:55 racoon: []: INFO: received broken Microsoft ID: FRAGMENTATION Oct 16 17:22:55 racoon: []: INFO: received Vendor ID: RFC 3947 Oct 16 17:22:55 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 Oct 16 17:22:55 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Oct 16 17:22:55 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01 Oct 16 17:22:55 racoon: []: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 Oct 16 17:22:55 racoon: []: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt Oct 16 17:22:55 racoon: []: INFO: begin Aggressive mode. Oct 16 17:22:55 racoon: []: INFO: respond new phase 1 negotiation: xxx.xxx.xxx.xxx[500]<=>xxx.xxx.xxx.xxx[500]plz help me :)
cya spiritbreaker
-
Can you update to the latest snapshot and try again?
There were a couple commits on the IPsec GUI code, it may make a difference in what you are seeing.
-
Hi jimp,
i tested with 2.0-BETA4 (i386) built on Thu Oct 14 01:16:12 EDT 2010 FreeBSD 8.1-RELEASE-p1 (You are on the latest version.)
There is no newer snapshot available.
cya
-
There is a snapshot building now that will have the fixes, it isn't ready yet.
-
HI jimp,
updated to 2.0-BETA4 (i386) built on Mon Oct 18 15:51:06 EDT 2010 FreeBSD 8.1-RELEASE-p1
But problem isnt solved. Phase 2 still not working.
cya
-
Can't believe I overlooked this before, but did you actually set that up directly on the Tunnel tab, or the Mobile tab?
To connect in with the Shrew Soft client you should be configuring things from the Mobile tab, which will make a special mobile client phase 1 entry.
-
Hi jimp,
i configured on tunnel and mobile tab as u can see in screenshots on earlier posts. Im sure this setup was working with screwsoft one month before.
My racoon config seems normal. I try with shrewsoft auto settings and with explicit p1 and p2 settings but nothing work.
Do u need more screenshots?
Cya
-
Ah, yeah I see it now, the Xauth part had me mixed up, since the PSK shows up on the phase 1 config then.
-
I hope this means u found the issue. :)
Little question btw ;D
1. Is it possible to use radius for Xauth? Radius auth test on Diagnostics -> Authentication works fine. I changed primary auth to radius on Users tab but it dont work for mobile ipsec.
Is there a workarround?2. Status of mobile ipsec connections is always down even when mobile clients are connected. Is that a bug of the gui?
Cya
-
No, still haven't found the issue, I just thought I was reading something wrong in what you had there.
Radius for IPsec should have worked, though at one time the ipsec port was missing the radius bits. I haven't checked lately.
-
Hi jimp,
-> http://forum.pfsense.org/index.php/topic,30188.msg156312.html#msg156312
Shrewsoft Client: Policy Generation Level -> unique solves connection problems.
But Cisco VPN Client work only with vpn.inc modification.
racoon.conf for cisco vpn client (windows clients): change: sainfo subnet <lansubnet>/24 any anonymous to sainfo anonymous</lansubnet>Cya
-
We do print just "sainfo anonymous" in some cases, like pure-psk remote tunnels.
If it turns out that is really needed for xauth tunnels as well, I can amend the code to take that into account.
-
I just committed a change that should print just "sainfo anonymous" also for xauth-psk setups.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.