IPSEC with shrew vpn helpppppppppp!!!!!!!!!!

matrix1233

Hi,
I made an ipsec VPN and when the client vpn connect i have on the log this =>

racoon: WARNING: trns_id mismatched: my:CAST peer:AES
Nov 18 14:10:18 racoon: WARNING: trns_id mismatched: my:CAST peer:AES
Nov 18 14:10:18 racoon: WARNING: authtype mismatched: my:hmac-sha peer:hmac-md5
Nov 18 14:10:19 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP 93.39.36.193[0]->11.246.14.23[0] spi=25576485(0x1864425)
Nov 18 14:10:19 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP 11.246.14.23[0]->93.39.36.193[0] spi=1029581908(0x3d5e2c54)
Nov 18 14:10:19 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.220.5/32[0] 0.0.0.0/0[0] proto=any dir=in"
Nov 18 14:10:19 racoon: ERROR: such policy does not already exist: "0.0.0.0/0[0] 192.168.22.5à/32[0] proto=any dir=out"
Nov 18 14:12:23 racoon: [Unknown Gateway/Dynamic]: WARNING: remote address mismatched. db=93.39.36.193[500], act=93.39.36.193[8]
Nov 18 14:12:38 racoon: [Unknown Gateway/Dynamic]: WARNING: remote address mismatched. db=93.39.36.193[500], act=93.39.36.193[8]
Nov 18 14:12:41 racoon: INFO: DPD: remote (ISAKMP-SA spi=a7af1b1a563f67d6:5b8258f1d47b9903) seems to be dead.
Nov 18 14:12:41 racoon: INFO: generated policy, deleting it.
Nov 18 14:12:41 racoon: INFO: generated policy, deleting it.
Nov 18 14:12:41 racoon: ERROR: pfkey X_SPDDELETE failed: Invalid argument
Nov 18 14:12:41 racoon: ERROR: pfkey X_SPDDELETE failed: Invalid argument
Nov 18 14:12:42 racoon: ERROR: unknown Informational exchange received.
Nov 18 14:12:42 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA deleted 11.246.14.23[500]-93.39.36.193[500] spi:a7af1b1a563f67d6:5b8258f1d47b9903
Nov 18 14:12:45 racoon: ERROR: unknown Informational exchange received.
Nov 18 14:12:48 last message repeated 4 times

the connection is up for 2minutes and after is down . Can any one help me plzzzzzzzzzzzzzzz

matrix1233

any help ??

XIII

yea, change the algorithm (cipher) to match on both sides. currently one is CAST and the other is AES.

this line in your log tells you EXACTLY what the problem is:

racoon: WARNING: trns_id mismatched: my:CAST peer:AES

matrix1233

hi,
but i verify that the 2 side are 3DES

jimp

Check both your phase 1 and phase 2 settings. You have a mismatch. Neither of those listed is 3DES in the log from either side.

matrix1233

the problem in the client or in the config of server ? .. sorry for this question but finally i can't found any problem in the 2 side
thx

jimp

It could be either one – There is a mismatch, you just need to change one side or the other to match. If you don't see a mismatch, you may be looking in the wrong place. The error you see is from the phase 2 settings.

XIII

you actually have 2 issues:
1. encryption, one side is set to use CAST, the other AES
2. authentication hash, one side is set to yous sha, the other md5

you find this in the top two lines of code you pasted.