3

I'm using ShrewSoft VPN-client to connect to a client's network. It's an IKEv1 IPsec with AE256, SHA256, and MODP2048. This connection works fine with ShrewSoft VPN-client under Windows7 or Windows10. But if I try to use same settings with ShrewSoft VPN-client under Linux (Xubuntu or Debian), the tunnel is enabled, but there is no traffic coming thru. My tap-device gets a correct IP, but there is no connection to the network. On the linux machines there isn't any "magic", no firewall or whatever - just "regularly" installed machines.

I also tried setting 

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

as in this CentOS forum post, but with no luck.

Any ideas about this?

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
Johannes C. Schulz
  • 153
  • 1
  • 1
  • 7
  • I have the same issue under Ubuntu 16.04.3 – CB-Dan Apr 12 '18 at 18:00
  • I have the same problem. It seems to be an issue in the Linux Client: https://lists.shrew.net/pipermail/vpn-devel/2013-May/000626.html I am not sure if it will ever be fixed because as far as I can see there was no developement since 2013. – Luca Jul 25 '18 at 19:29
  • I have the same issue in Ubuntu 16.04.5 .. vpn is connected but I can't ping any of the available resources in it VPN works in windows 8.1 though – Osmar Jan 24 '19 at 17:48
  • Meanwhile I installed Shrew on Arch and on Debian. But got it never sending data through the tunnel. It connects, but keeps silent :-( – Johannes C. Schulz Jul 17 '19 at 12:35
  • Today I tried a bit more in debugging... I saw that phase1 is active, but phase2 stucks in "processing" (or call it "negotiating"). Tried different (lower) encryption-settings with no luck. – Johannes C. Schulz Sep 17 '19 at 07:37

1 Answers1

0

After fiddling around for days, resign and retry, I finally got it to work. But - sadly - not with the desired VPN-configuration in my router.

Originally I had AES256, SHA256 and MODP2048 (DH 14) - this did not work with ShrewSoft and Linux.

Now woking with: AES128, SHA1 and MODP1024 (DH 2). Not ideal, but ok I think. I had to configure another profile in my router, so I have one profile for use with Windows-Clients and one for use with Linux-Clients.

Johannes C. Schulz
  • 153
  • 1
  • 1
  • 7