[vpn-help] Shrew Client not working on wireless

Nathan Morrow nmorrow at spotswood.org
Thu Sep 30 12:29:42 CDT 2010


I posted this quite a while back (below).  My issues with the HP Broadcom based wireless card is fixed.  Turns out my Win 7 Pro 32bit installed a “Microsoft Virtual WiFi Miniport Adapter” and apparently it is bound to the Broadcom adapter and not the USB wireless adapters I have plugged in over time.  Searching the web, this Virtual miniport is so you can run an adhoc network at the same time you are on connected to an access point.

Anyway, just disabling the virtual miniport (didn’t uninstall it, just disabled it) was the trick.  Shrew works just fine over wireless now.

Nathan Morrow
540-898-0757

From: Nathan Morrow
Sent: Wednesday, August 18, 2010 12:24 AM
To: vpn-help at lists.shrew.net
Subject: RE: [vpn-help] Shrew Cleint with Netgear FVX538

Well, I am still not finding easy as a word with VPNs.

Here is where I am:

1.
 Apparently there is an issue using the wireless adapter in my HP (Broadcom based).  When using Ethernet I actually connect and get communications on both ends.  On the wireless I see stuff in the shrew trace log, but nothing at the server.
Is there any way to use the built in wireless card.


2.
If I try to use the netgear example on the shrew website (ike config pull), I get
config message type is invalid for pull config”
in the shrew trace log and
[IKE] ISAKMP-SA established for WORKIP[4500]-REMOTEIP[4500] with spi:2a66a846b45e6422:7b1231493b23d4cb_
[IKE] Sending Informational Exchange: notify payload[INITIAL-CONTACT]_
[IKE] Short payload_
in the netgear log.
Not sure what needs to change on the client side to make it a valid config.

3.
If I change that mode to “Ike config push” and actually fill in all the necessary info in the shrew client that was set to auto, it gets much further, but then I get
resend 1 phase2 packet(s) 192.168.50.132:4500 -> WORKIP:4500
 in the shrew trace log.  And
No policy found: 192.168.2.5/32[0] 192.168.0.0/24[0] proto=any dir=in_ 2010 Aug 18 04:16:57 [SpotswoodFVX538] [IKE] Failed to get proposal for responder._
in the netgear log. Not sure if I am hosing everything with that change.  But I did get further.

As always, any help is appreciated.  I am running 2.1.6 with DPD turned off on both ends.

Nathan Morrow
540-898-0757

From: mikelupo at aol.com [mailto:mikelupo at aol.com]
Sent: Friday, July 30, 2010 5:22 PM
To: Nathan Morrow; vpn-help at lists.shrew.net
Subject: Re: [vpn-help] Shrew Cleint with Netgear FVX538

Like you, I know litte about VPNs but I managed to get a Netgear FVS318G set up and working with Shrew.
What does your network topography look like? If there's nothing in the VPN logs, then I call to question if your packets are even getting there...
As a quick test, you can also configure your client PC into the local router's DMZ and try again. If you get further along (i.e. VPN log entries on the FVS), then that may indicate the gateway/router you're using to connecting to the internet might not be configured for VPN passthrough or port forwarding/triggering for ports 500 and 4500 might need some consideration.





-----Original Message-----
From: Nathan Morrow <nmorrow at spotswood.org>
To: vpn-help at lists.shrew.net <vpn-help at lists.shrew.net>
Sent: Fri, Jul 30, 2010 3:50 pm
Subject: [vpn-help] Shrew Cleint with Netgear FVX538
So I am pretty knowledgable when it comes to networking, dhcp, dns, etc, etc.  But not VPNs.  I followed the procedure for Netgear VPNs to the T (except for IPs and encryption algorithm) and I don’t believe I am getting anywhere fast.

The local Shrew Client tries to contact the VPN gateway, and it looks like there is on response after the initial handshakes:
10/07/30 15:31:32 >= : message 00000000
10/07/30 15:31:37 -> : resend 1 phase1 packet(s) 192.168.1.2:500 -> GATEWAYIPWUZHERE:500
10/07/30 15:31:42 -> : resend 1 phase1 packet(s) 192.168.1.2:500 -> GATEWAYIPWUZHERE:500
10/07/30 15:31:47 -> : resend 1 phase1 packet(s) 192.168.1.2:500 -> GATEWAYIPWUZHERE:500
10/07/30 15:31:52 ii : resend limit exceeded for phase1 exchange
10/07/30 15:31:52 ii : phase1 removal before expire time

On the VPN side (Netgear FVX538):
Nothing in the VPN log.  I’m lost.

A good next step to try would be appreciated.

Nathan Morrow
Director of Technical Ministries
Spotswood Baptist Church
4009 Lafayette Blvd
Fredericksburg, Va 22408
540-898-0757
F: 540-891-7549


_______________________________________________

vpn-help mailing list

vpn-help at lists.shrew.net

http://lists.shrew.net/mailman/listinfo/vpn-help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20100930/5f829ef8/attachment.html>


More information about the vpn-help mailing list