Discussion:
[vpn-help] VPN Client 2.2.2 Release Now Available ...
Admin
2013-07-01 08:39:57 UTC
Permalink
All,

I am pleased to announce the Shrew Soft VPN Client 2.2.2 Release is now
available for download. This release includes improved documentation as
well as support for automatically reconnecting to a remote gateway. For
a complete list of changes, please review the changelog and product
documentation available on our website.

https://www.shrew.net/software
Gerd Röthig
2013-07-01 12:55:07 UTC
Permalink
Dear all,

thank you very much for your efforts in developing this new release.

Unfortunately, there seem to have been some changes in the authentication
procedure which render this new release unusable when users will have to
use a password provided by a hardware token (such as Entrust or RCA).
Scenario is as follows: For logging into the VPN, users will have to
provide a 4-digit PIN number, follwed by an 8-digit number provided by the
hardware token.
This login procedure works without problems in the 2.1.7 release.

The new 2.2.2 release, however, seems to fail transmitting these
credentials properly. Apparently, it then seems to repeat that faulty login
procedure several times, which finally results in the user's Entrust
account being blocked because of too many login failures.

The option to try to re-connect after a disconnect, should therefore NOT be
made the default setting after installing the 2.2.2 Shrew Soft VPN client.

Kind regards,

Gerd


2013/7/1 Admin <admin at shrew.net>
Post by Admin
All,
I am pleased to announce the Shrew Soft VPN Client 2.2.2 Release is now
available for download. This release includes improved documentation as
well as support for automatically reconnecting to a remote gateway. For a
complete list of changes, please review the changelog and product
documentation available on our website.
https://www.shrew.net/software
______________________________**_________________
vpn-help mailing list
vpn-help at lists.shrew.net
https://lists.shrew.net/**mailman/listinfo/vpn-help<https://lists.shrew.net/mailman/listinfo/vpn-help>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130701/dfc42ed2/attachment.html>
Matthew Grooms
2013-07-01 14:03:47 UTC
Permalink
Post by Gerd Röthig
Dear all,
Hi Gerd,
Post by Gerd Röthig
thank you very much for your efforts in developing this new release.
Unfortunately, there seem to have been some changes in the
authentication procedure which render this new release unusable when
users will have to use a password provided by a hardware token (such as
Entrust or RCA).
Scenario is as follows: For logging into the VPN, users will have to
provide a 4-digit PIN number, follwed by an 8-digit number provided by
the hardware token.
Is that 3 different logins, or is that one long password made from
concatenating 3 different values?
Post by Gerd Röthig
This login procedure works without problems in the 2.1.7 release.
Ok.
Post by Gerd Röthig
The new 2.2.2 release, however, seems to fail transmitting these
credentials properly. Apparently, it then seems to repeat that faulty
login procedure several times, which finally results in the user's
Entrust account being blocked because of too many login failures.
The option to try to re-connect after a disconnect, should therefore NOT
be made the default setting after installing the 2.2.2 Shrew Soft VPN
client.
The login behavior should not have changed unless you check the option
in the VPN Access Manager.
Post by Gerd Röthig
Kind regards,
Thanks,

-Matthew
Gerd Röthig
2013-07-01 14:50:01 UTC
Permalink
Dear Matthew, dear all,

the login works as follows:

1. user has a 4-digit PIN PPPP
2. user has got a hardware token (small device) used for creating temporary
passwords (8 digits, HHHHHHHH).
3. When the user wants to connect to the VPN, he has to switch on his
token, create a temporary password (passcode) and then concatenate this
with his PIN. The code to be entered is then PIN followed by temporary
passcode as follows: PPPPHHHHHHHH

Kind regards,

Gerd


2013/7/1 Matthew Grooms <mgrooms at shrew.net>
Post by Matthew Grooms
Post by Gerd Röthig
Dear all,
Hi Gerd,
thank you very much for your efforts in developing this new release.
Post by Gerd Röthig
Unfortunately, there seem to have been some changes in the
authentication procedure which render this new release unusable when
users will have to use a password provided by a hardware token (such as
Entrust or RCA).
Scenario is as follows: For logging into the VPN, users will have to
provide a 4-digit PIN number, follwed by an 8-digit number provided by
the hardware token.
Is that 3 different logins, or is that one long password made from
concatenating 3 different values?
This login procedure works without problems in the 2.1.7 release.
Ok.
The new 2.2.2 release, however, seems to fail transmitting these
Post by Gerd Röthig
credentials properly. Apparently, it then seems to repeat that faulty
login procedure several times, which finally results in the user's
Entrust account being blocked because of too many login failures.
The option to try to re-connect after a disconnect, should therefore NOT
be made the default setting after installing the 2.2.2 Shrew Soft VPN
client.
The login behavior should not have changed unless you check the option in
the VPN Access Manager.
Kind regards,
Thanks,
-Matthew
______________________________**_________________
vpn-help mailing list
vpn-help at lists.shrew.net
https://lists.shrew.net/**mailman/listinfo/vpn-help<https://lists.shrew.net/mailman/listinfo/vpn-help>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130701/486762fc/attachment-0001.html>
Matthew Grooms
2013-07-01 15:54:37 UTC
Permalink
Post by Gerd Röthig
Dear Matthew, dear all,
1. user has a 4-digit PIN PPPP
2. user has got a hardware token (small device) used for creating
temporary passwords (8 digits, HHHHHHHH).
3. When the user wants to connect to the VPN, he has to switch on his
token, create a temporary password (passcode) and then concatenate this
with his PIN. The code to be entered is then PIN followed by temporary
passcode as follows: PPPPHHHHHHHH
Ok. Did you enable the automatic reconnect option in the VPN Access Manager?

Thanks,

-Matthew
Gerd Röthig
2013-07-01 16:30:57 UTC
Permalink
Hello,

I did not change that option, assuming it was set to off upon install of
Shrew Sot VPN Client 2.2.2. However, I did not a fresh install but an
upgrade from 2.1.7 to 2.2.2 so that my profiles would be available without
any further intervention. Perhaps, that was the problem.


Kind regards,

Gerd


2013/7/1 Matthew Grooms <mgrooms at shrew.net>
Post by Matthew Grooms
Post by Gerd Röthig
Dear Matthew, dear all,
1. user has a 4-digit PIN PPPP
2. user has got a hardware token (small device) used for creating
temporary passwords (8 digits, HHHHHHHH).
3. When the user wants to connect to the VPN, he has to switch on his
token, create a temporary password (passcode) and then concatenate this
with his PIN. The code to be entered is then PIN followed by temporary
passcode as follows: PPPPHHHHHHHH
Ok. Did you enable the automatic reconnect option in the VPN Access Manager?
Thanks,
-Matthew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130701/15f71dbd/attachment.html>
Matthew Grooms
2013-07-01 18:11:13 UTC
Permalink
Post by Gerd Röthig
Hello,
I did not change that option, assuming it was set to off upon install of
Shrew Sot VPN Client 2.2.2. However, I did not a fresh install but an
upgrade from 2.1.7 to 2.2.2 so that my profiles would be available
without any further intervention. Perhaps, that was the problem.
Hi Gerd,

What I'm trying to understand is if the client is acting like the
feature is active even if you haven't enable it. It should be disabled
by default. If this the client is attempting an auto-reconnect without
you enabling it, then there is a bug and we need to fix it.

You say that you went from version 2.1.7 to 2.2.2. The auto-reconnect
feature was introduced in 2.2.1. Did you try that version? Could it be
that the problem is related to another change between 2.1.7 and 2.2.2?

Thanks,

-Matthew

Loading...