I have never used Shrew, and cannot assist you with that side of your configuration.
----
Correct your ipsec.conf settings:
- dynamic is an incorrect IKE mode. I recommend passive mode. Quoting the ipsec.conf(5) man page, red highlights mine:
Quote:
When passive is specified, isakmpd(8) will not immediately start negotiation of this tunnel, but wait for an incoming request from the remote peer. When active or dynamic is specified, negotiation will be started at once. The dynamic mode will additionally enable Dead Peer Detection (DPD) and use the local hostname as the identity of the local peer, if not specified by the srcid parameter. dynamic mode should be used for hosts with dynamic IP addresses like road warriors or dialup hosts.
|
- The addresses in the ike configuration describe IP packets which get placed under ESP or AH protocols. You have described "any to any" but you do not define peers; peers are the tunnel end points.
- One of your tunnel end points (peers) is 192.168.0.111. The other is the address of your workstation. The man page says:
Quote:
The peer parameter specifies the address or FQDN of the remote end-point. For host-to-host connections where dst is identical to remote, this option is generally not needed as it will be set to dst automatically. If it is not specified or if the keyword any is given, the default peer is used.
|
Yours is not a host-to-host connection, it is, instead, any-to-any. Your error message stated
Quote:
no address configured for "peer default"
|
Try adding a peer parameter to your ike statement.