I have VPN (I don't know what's the software) and I was able to connect to it from my old Debian 7.7 (amd64), with Shrewsoft client (apt-get install ike). This was working for years.
Recently, I had to wipe all the data on my laptop and install Debian 8.7 (amd64). Now I can't connect to my VPN. Config files are all the same, just as Ike version. Here's how I'm trying to do that.
user@i3d:~/$ ikec -r config.vpn -u username -p password -a
ii : ## : VPN Connect, ver 2.2.1
## : Copyright 2013 Shrew Soft Inc.
## : press the <h> key for help
>> : config loaded for site 'config.vpn'
>> : attached to key daemon ...
>> : peer configured
>> : iskamp proposal configured
>> : esp proposal configured
>> : client configured
>> : local id configured
>> : remote id configured
>> : pre-shared key configured
ii : bringing up tunnel ...
>> : network device configured
ii : tunnel enabled
So it says like tunnel is enabled, but in fact I can't reach (ping) any host, neither in VPN, nor from public network.
As far as I can see, ike replaces DNS server on my system with a host inside of VPN, and this host is unreachable (I can't ping it while Ike says that "tunnel is enabled").
user@i3d:~/$ cat /etc/resolv.conf
nameserver 192.168.3.20
# Generated by NetworkManager
Here's what's in Ike logs:
user@i3d:~/$ tail /var/log/iked.log
17/05/05 20:11:46 ## : IKE Daemon, ver 2.2.1
17/05/05 20:11:46 ## : Copyright 2013 Shrew Soft Inc.
17/05/05 20:11:46 ## : This product linked OpenSSL 1.0.1t 3 May 2016
17/05/05 20:11:46 K! : recv X_SPDDUMP message failure ( errno = 2 )
17/05/05 20:11:52 !! : invalid private netmask, defaulting to 255.255.255.0
17/05/05 20:11:52 !! : peer violates RFC, transform number mismatch ( 1 != 13 )
I've created a number of VMs (Vagrant, Virtualbox) — Ubuntu 14.04, Debian 7.11 (debian/wheezy64), Centos 6 (centos/6) and Windows XP. I installed Ike on all of them, and tried to connect to my VPN. That worked for WinXP only.
My /etc/sysctl.conf is empty.
Here's my config.vpn
n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:0
n:network-notify-enable:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-dns-suffix-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:client-wins-used:1
n:client-wins-auto:1
n:phase1-dhgroup:0
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:1
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
s:network-host:104.149.*.* // this host is reachable from my machine
s:client-auto-mode:pull
s:client-iface:virtual
s:network-natt-mode:enable
s:network-frag-mode:force
s:auth-method:mutual-psk-xauth
s:ident-client-type:keyid
s:ident-server-type:any
s:ident-client-data:mynetwork
b:auth-mutual-psk:QVNLa2pzYWhmaWFzd*************
s:phase1-exchange:main
s:phase1-cipher:auto
s:phase1-hash:auto
s:phase2-transform:auto
s:phase2-hmac:auto
s:ipcomp-transform:disabled
n:phase2-pfsgroup:-1
s:policy-level:auto
s:policy-list-include:192.168.3.0 / 255.255.255.0,10.10.10.0 / 255.255.255.0,192.168.20.0 / 255.255.255.0
UPD: I can connect to my VPN from another machine in my local network (Windows), with the same config file/credentials.
Best Answer
The problem was not actually solved. I had few admins trying to get that working, with no result. We ended up moving both client and server side to OpenVPN.