Hey, hopefully one of you can help me. I have to connect to a Watchguard VPN Server. I got from the VPN Owner a configuration file for the shrewsoft client. With this client you can connect to the vpn but only on windows and not without GUI. In the linux Client there are some known issues with nat traversal where the connection can be established but you can’t send any traffic over it.
I wrote the whole problem down in a StackOverflow post: https://stackoverflow.com/questions/74722259/libreswan-invalid-peer-id-while-connecting-to-ikev1-tunnel In a nutshell: I get an INVALID_ID_INFORMATION error and I captured the initial ISAKMP network traffic from both the shrewsoft client and the libreswan client, I would assume when I send the same payloads the Gateway should give me the correct id, right? I am aware of resources like https://libreswan.org/man/ipsec.conf.5.html https://libreswan.org/wiki/Configuration_examples But I couldn’t find any answers in it. Shrewsoft traffic: User Datagram Protocol, Src Port: 500, Dst Port: 500 Internet Security Association and Key Management Protocol Initiator SPI: add0b9afcf550e9f Responder SPI: 0000000000000000 Next payload: Security Association (1) Version: 1.0 Exchange type: Aggressive (4) Flags: 0x00 Message ID: 0x00000000 Length: 629 Payload: Security Association (1) Payload: Key Exchange (4) Payload: Nonce (10) Payload: Identification (5) Payload: Vendor ID (13) : XAUTH Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-00 Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-01 Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-02\n Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-03 Payload: Vendor ID (13) : RFC 3947 Negotiation of NAT-Traversal in the IKE Payload: Vendor ID (13) : RFC 3706 DPD (Dead Peer Detection) Payload: Vendor ID (13) : Unknown Vendor ID Payload: Vendor ID (13) : Shrew Soft Payload: Vendor ID (13) : Netscreen-15 Payload: Vendor ID (13) : SIDEWINDER Payload: Vendor ID (13) : CISCO-UNITY 1.0 Libreswan traffic: User Datagram Protocol, Src Port: 500, Dst Port: 500 Internet Security Association and Key Management Protocol Initiator SPI: 58a02f2b38e2e070 Responder SPI: 0000000000000000 Next payload: Security Association (1) Version: 1.0 Exchange type: Aggressive (4) Flags: 0x00 Message ID: 0x00000000 Length: 516 Payload: Security Association (1) Payload: Key Exchange (4) Payload: Nonce (10) Payload: Identification (5) Payload: Vendor ID (13) : XAUTH Payload: Vendor ID (13) : RFC 3706 DPD (Dead Peer Detection) Payload: Vendor ID (13) : RFC 3947 Negotiation of NAT-Traversal in the IKE Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-03 Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-02\n Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-02 Regards, Sascha
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
