Community discussions

 
jandafields
Forum Guru
Forum Guru
Topic Author
Posts: 1514
Joined: Mon Sep 19, 2005 6:12 pm

Shrew Soft VPN Client

Sat Oct 02, 2010 7:14 pm

The free Shrew Soft VPN Client for IPSEC seems perfect for Mikrotik to make easy connections from Windows computers without having to manually change Windows settings, etc.

However, I am unable to get it to work. After Phase 1, the MT log keeps saying Invalid Exchange Type 6, no matter how many settings I adjust, I can't get it to get pass Phase 2.

Any help?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Shrew Soft VPN Client

Sat Oct 02, 2010 7:18 pm

The VPN client is trying to do mode config (where the VPN server sends the client several parameters to configure the client with). The MT VPN server doesn't speak that mode so it throws the invalid exchange error.
I'm not familiar with that client but going by what you posted the client is configured incorrectly.
 
jandafields
Forum Guru
Forum Guru
Topic Author
Posts: 1514
Joined: Mon Sep 19, 2005 6:12 pm

Re: Shrew Soft VPN Client

Sat Oct 02, 2010 7:46 pm

Do you know of any good free ipsec clients for windows that also supports l2tp?

Thanks.
 
steveb7
just joined
Posts: 11
Joined: Thu Oct 21, 2010 7:53 pm

Re: Shrew Soft VPN Client

Thu Oct 21, 2010 8:09 pm

I was able to successfully get the Greenbow VPN client to work with XP and RouterOS. However my free trial expired so I thought I would try the Shrew Soft client. My goal was to allow "road warrior" access to the network. So far I've not had complete success getting Shrew Soft configured in conjunction with RotuerOS. I'm failing with the error "no suitable proposal found". My current IPSEC config is:

/ip ipsec proposal
set default auth-algorithms=md5 comment="" disabled=no enc-algorithms=aes-128 lifetime=1h name=default pfs-group=\
modp1024
/ip ipsec peer
add address=0.0.0.0/0:500 auth-method=pre-shared-key comment="" dh-group=modp1024 disabled=no dpd-interval=\
disable-dpd dpd-maximum-failures=1 enc-algorithm=aes-128 exchange-mode=main generate-policy=yes \
hash-algorithm=md5 lifebytes=0 lifetime=4h nat-traversal=no proposal-check=obey secret=123456789 \
send-initial-contact=yes

and my Shrew Soft config:
n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:0
n:network-notify-enable:1
n:client-wins-used:0
n:client-wins-auto:0
n:client-dns-used:0
n:client-dns-auto:0
n:client-splitdns-used:0
n:client-splitdns-auto:0
n:phase1-dhgroup:1
n:phase1-life-secs:14400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-keylen:128
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:1
n:phase1-keylen:0
s:network-host:64.119.37.74
s:client-auto-mode:disabled
s:client-iface:direct
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk
s:ident-client-type:address
s:ident-server-type:any
b:auth-mutual-psk:MTIzNDU2Nzg5
s:phase1-exchange:main
s:phase1-cipher:aes
s:phase1-hash:md5
s:phase2-transform:esp-aes
s:phase2-hmac:md5
s:ipcomp-transform:disabled
n:phase2-pfsgroup:1
s:policy-level:require
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Shrew Soft VPN Client

Thu Sep 27, 2012 5:47 pm

Who is online

Users browsing this forum: No registered users and 86 guests