[vpn-help] Problem Connecting to Commercial Gateway ...

Matthew Grooms mgrooms at shrew.net
Wed Mar 15 22:08:18 CST 2006


Kimmo Koivisto wrote:
> I installed B8 and it did not crash, so you managed to fix it :)

Good news. That was a pesky one.

> 
> I had other problems and thus was not able to try out fragmentation.
> I was now able to negotiate IPsec SA:s and I can see that traffic is sent out 
> of the Shrew (what exactly is the name of the vpn client, should it be called 
> Shrew VPN client or what :) ). Then I can see something wierd:
> 

Its called the "Shrew Soft" VPN Client ( like the small rodent ). Unlike 
the software, most varieties of shrew don't create tunnels. They do use 
tunnels to hunt in though. Maybe seeing the logo will help. Soon there 
we be an actual web site to go with it.

http://www.shrew.net/

If you just refer to it as the client or the VPN client, I will know 
what your talking about :)

> My Shrew clients public IP is A and it has private address B (I'm behind NAT) 
> and Shrew virtual adapter has address C.
> 
> Remote peer decrypts traffic (ping) and sends it to the destination. When 
> reply comes, remote peer tries to send ESP to my virtual address C instead of 
> public address C?
> 
> This seems to be problem in the Commercial Gateway product, I have to debug it 
> more to be sure.
>  

That is a bit odd. I wouldn't rule out a problem with the client. I will 
take another pass through all the NAT-T tests just to be sure. Sounds 
like something to do with the ID payloads in phase2. I don't see how 
that could influence where the transport packets would be addressed to 
though. Let me know if you dig up any more information and I will do my 
best to fix the problem. Thanks for the heads up.

> 
> Well, I tried without life in kb's and I could not negotiate IPsec SA's, 
> ISAKMP SA went fine. But with lifetime in kb's, IPsec SA's were negotiated.
> 

Hmmm, back to the drawing board on that one.

> Regards
> Kimmo
> 

BTW, I have uploaded another beta. It has seen more change than the 
previous releases so I would appreciate feedback from all who are able.

http://www.shrew.net/download/changelog.php?ver=beta-9
http://www.shrew.net/download/vpn-client-1.0-beta-9.exe

Thanks again,

-Matthew




More information about the vpn-help mailing list