4. IPSEC with shrew vpn helpppppppppp!!!!!!!!!!

IPSEC with shrew vpn helpppppppppp!!!!!!!!!!

  • M

    Hi,
    I made an ipsec VPN and when the client vpn connect i have on the log this =>

    racoon: WARNING: trns_id mismatched: my:CAST peer:AES
    Nov 18 14:10:18 racoon: WARNING: trns_id mismatched: my:CAST peer:AES
    Nov 18 14:10:18 racoon: WARNING: authtype mismatched: my:hmac-sha peer:hmac-md5
    Nov 18 14:10:19 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP 93.39.36.193[0]->11.246.14.23[0] spi=25576485(0x1864425)
    Nov 18 14:10:19 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP 11.246.14.23[0]->93.39.36.193[0] spi=1029581908(0x3d5e2c54)
    Nov 18 14:10:19 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.220.5/32[0] 0.0.0.0/0[0] proto=any dir=in"
    Nov 18 14:10:19 racoon: ERROR: such policy does not already exist: "0.0.0.0/0[0] 192.168.22.5à/32[0] proto=any dir=out"
    Nov 18 14:12:23 racoon: [Unknown Gateway/Dynamic]: WARNING: remote address mismatched. db=93.39.36.193[500], act=93.39.36.193[8]
    Nov 18 14:12:38 racoon: [Unknown Gateway/Dynamic]: WARNING: remote address mismatched. db=93.39.36.193[500], act=93.39.36.193[8]
    Nov 18 14:12:41 racoon: INFO: DPD: remote (ISAKMP-SA spi=a7af1b1a563f67d6:5b8258f1d47b9903) seems to be dead.
    Nov 18 14:12:41 racoon: INFO: generated policy, deleting it.
    Nov 18 14:12:41 racoon: INFO: generated policy, deleting it.
    Nov 18 14:12:41 racoon: ERROR: pfkey X_SPDDELETE failed: Invalid argument
    Nov 18 14:12:41 racoon: ERROR: pfkey X_SPDDELETE failed: Invalid argument
    Nov 18 14:12:42 racoon: ERROR: unknown Informational exchange received.
    Nov 18 14:12:42 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA deleted 11.246.14.23[500]-93.39.36.193[500] spi:a7af1b1a563f67d6:5b8258f1d47b9903
    Nov 18 14:12:45 racoon: ERROR: unknown Informational exchange received.
    Nov 18 14:12:48 last message repeated 4 times

    the connection is up for 2minutes and after is down . Can any one help me plzzzzzzzzzzzzzzz

    0
  • M

    any help ??

    0
  • X

    yea, change the algorithm (cipher) to match on both sides. currently one is CAST and the other is AES.

    this line in your log tells you EXACTLY what the problem is:

    racoon: WARNING: trns_id mismatched: my:CAST peer:AES

    0
  • M

    hi,
    but i verify that the 2 side are 3DES

    0
  • Rebel Alliance Developer Netgate

    Check both your phase 1 and phase 2 settings. You have a mismatch. Neither of those listed is 3DES in the log from either side.

    0
  • M

    the problem in the client or in the config of server ? .. sorry for this question but finally i can't found any problem in the 2 side
    thx

    0
  • Rebel Alliance Developer Netgate

    It could be either one – There is a mismatch, you just need to change one side or the other to match. If you don't see a mismatch, you may be looking in the wrong place. The error you see is from the phase 2 settings.

    0
  • X

    you actually have 2 issues:
    1. encryption, one side is set to use CAST, the other AES
    2. authentication hash, one side is set to yous sha, the other md5

    you find this in the top two lines of code you pasted.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy