OPNsense Forum

English Forums => Virtual private networks => Topic started by: ntkevinshao on August 08, 2022, 09:34:45 am

Title: Shrew VPN Client Connected but Security Associatetions Failed
Post by: ntkevinshao on August 08, 2022, 09:34:45 am: Sorry, I got stuck with IPsec VPN Mobile Clients testing and I could not find out why :
OpnSense : 22.1.2 running on VMware Workstation Pro v16
Shrew Soft VPN Client : 2.2.2 installed and running on Windows 10 PC
IPsec Phase 1 Authentication : Mutual PSK + XAUTH
After I launched the Shrew VPN client and entered correct username/password, it said Tunnel Status : "Connected", but Security Associations "Failed", and of course my remote access did not work.
I checked :
"VPN: IPsec: Security Association Database" ------> No IPsec security associations.
"VPN: IPsec: Security Policy Database" -----> No IPsec security policies.

Then I went to "VPN: IPsec: Status Overview" and manually clicked the green triangle icon under "Staus" column, then "VPN: IPsec: Security Policy Database" and "VPN: IPsec: Security Association Database" were filled with some session information and my VPN remote access worked.

Did I miss configuring anything so the Security Associations did not come up ?
Title: Re: Shrew VPN Client Connected but Security Associatetions Failed
Post by: atom on August 08, 2022, 10:29:23 am: Hi,

Version 2.2.2 does not support IKE, technically only 2.2.1 works.
But basically I advise against using it, because the Shrew client is no longer maintained and also only supports IKEv1.

Regards,
atom

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy