Hi Marcel,<br><br>With 2.2-rc2, there is new hash algo supported... (See <a href="https://lists.shrew.net/pipermail/vpn-help/2012-December/014061.html">https://lists.shrew.net/pipermail/vpn-help/2012-December/014061.html</a> ) <br>
<br>Regards,<br><br><div class="gmail_quote">On Thu, Feb 21, 2013 at 3:49 PM, Zweerde, Marcel van de <span dir="ltr"><<a href="mailto:mvandezweerde@alescon.nl" target="_blank">mvandezweerde@alescon.nl</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="NL"><div><p class="MsoNormal">Hello,<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-GB">I’m having some problems with fragmented traffic (and disconnects)<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-GB">Config:<u></u><u></u></span></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span lang="EN-GB">Firewall:<u></u><u></u></span></p><p class="MsoNormal" style="text-indent:35.4pt"><span lang="EN-GB">Netscreen 320M </span><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">6.3.0r9.0</span><span lang="EN-GB"><u></u><u></u></span></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">Block Fragment Traffic Enabled in screen settings for the Untrust interface<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"> Client:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"> Win7 client (etc.)<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"> Client 2.2.0-rc-2<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">Problem:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">The setup is working correctly (except for some random?!? disconnects) if i disable “Block Fragment Traffic” but it seems slow. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">When “Block Fragment Traffic” is Enabled on the Netscreen the tunnel connects but i get fragmented UDP traffic alarms on the Netscreen and there is no traffic through the tunnel.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">To remedy the situation i tried to lower the MTU setting to 800 as a test in the client but that doesn’t seem to work.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">The MTU value for the virtual adapter changes in the registry but the log says otherwise?!?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"">Interesting log entry’s:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"">A<u>p</u>apter ROOT\VNET\0000 MTU is 1500<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">Send NAT-T:IKE packet XXXX:4500 -> XXXXX:4500 ( 1548 bytes )<u></u><u></u></span></p><p class="MsoNormal">
<span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">Fragmented packet to 1514 bytes ( MTU 1500 bytes )<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">Fragmented packet to 82 bytes ( MTU 1500 bytes )<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">How can i resolve this? (hopefully without changing anything to the pc config itself)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">(Maby the disconnects are related to the fragmenting?, the client says the Netscreen ended the connection but the Netscreen doesn’t log anything.)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-GB">Thanks for the great software!<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-GB">Max<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB"><br>
</span><span lang="EN-GB">p.s. The Howto_Juniper_SSG / Create_a_Phase1_ID doesn’t really mention the “</span><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"" lang="EN-GB">Number of Multiple Logins with Same ID” setting, that was the reason i could only login with 1 user at a time, maby an update of the Howto is in place?<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB"><u></u> <u></u></span></p></div></div><br>_______________________________________________<br>
vpn-help mailing list<br>
<a href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a><br>
<a href="https://lists.shrew.net/mailman/listinfo/vpn-help" target="_blank">https://lists.shrew.net/mailman/listinfo/vpn-help</a><br>
<br></blockquote></div><br>