VPN and Vista

Forums Network Management ZeroShell VPN and Vista

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #40792


    I’ve been trying to get the ZeroShell VPN to work with Windows Vista but I’m not having any luck. The VPN works with XP so the problem is specifically with Vista. Here is the info from the logs:

    07:09:02 INFO: respond new phase 1 negotiation:[500]<=>[500]
    07:09:02 INFO: begin Identity Protection mode.
    07:09:02 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
    07:09:02 INFO: received Vendor ID: RFC 3947
    07:09:02 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    07:09:02 INFO: received Vendor ID: FRAGMENTATION
    07:09:02 ERROR: invalid DH group 20.
    07:09:02 ERROR: invalid DH group 19.
    07:09:02 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = MD5:SHA
    07:09:02 ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
    07:09:02 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = MD5:SHA
    07:09:02 ERROR: no suitable proposal found.
    07:09:02 ERROR: failed to get valid proposal.
    07:09:02 ERROR: failed to process packet.

    Does anyone have any idea what the problem might be?



    Sorry, but I haven’t Windows Vista available to try to solve the issue. In any case, in the next release of Zeroshell I will update racoon and l2tp daemons.
    Why do you not use OpenVPN for the host-to-LAN VPN connections? I know that there is the client for Windows Vista that works fine.
    Zeroshell supports OpenVPN for Roadwarrios connections starting with the release 1.0.beta7.



    With the below in my /root/kerbynet.cgi/template.cfg/racoon.conf I can connect successfully from Vista but:

    1. After disconnecting I cannot reconnect again until I disable and re-enable the IPSEC/L2TP server

    2. After I reboot the config gets replaced – how can I make this permanent???

    BTW the below config also works fine wih XP.

    I am running the VMware image; if these issues are addressed in beta8, how can I move over my certificates and users to the new virtual machine?


    path certificate “/etc/ssl/certs/trusted_CAs/”;

    remote anonymous {
    exchange_mode main;
    generate_policy on;
    passive on;
    certificate_type x509 “/var/register/system/ipsec/TLS/cert.pem” “/var/register/system/ipsec/TLS/key.pem”;
    my_identifier asn1dn;
    peers_identifier asn1dn;
    proposal_check obey;
    nat_traversal ;
    proposal {
    encryption_algorithm 3des;
    hash_algorithm sha1;
    authentication_method rsasig;
    dh_group modp2048;

    sainfo anonymous {
    pfs_group modp1024;
    encryption_algorithm aes;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate;


    Thanks, I will change the Racoon’s configuration in the next release.
    I will also update the ipsec tools to try if it is possible to solve the other problems you listed.




    I have the exact same problem. My goal with ZeroShell was to set up a VPN server for my Windows users, but I can’t install any additional software on the users’ machines (OpenVPN) so I wanted to go with IPSec/L2TP, but I get the same error as above. Also it says that NAT-T is broken in beta9, do you know when it will be fixed?


Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.