[Vpn-help] Vista and 3G

Wed Dec 3 09:06:13 CST 2008

Hi,

I've been testing using Shrewsoft 2.1.4 and 2.2.0-alpha-2 on Windows
Vista clients to an OpenSwan server (v. 2.4.4). Everything is working
well if I use a wired/wireless connection.

However I have encountered a couple of issues when using a 3G internet
connection. Initially I found that although the tunnel came up and I
could do most things on my network, I couldn't browse file shares. This
was solved fairly easily by upgrading to Vista SP1. I now have one
remaining problem in that if I disconnect and bring down my 3G
connection, I cannot reconnect - the connection times out.

The only way I can reconnect to my VPN is to either, reinstall Shrewsoft
or reboot the client machine. Restarting Shrewsoft and all of the
Shrewsoft services has no effect. 

If I bring down the tunnel and reconnect, without disconnecting my 3G
connection, the tunnel comes up fine, so it is only when I recreate the
3G connection that I have the problem. The same problem exists on both
the latest 2.1.4 and 2.2.0 versions. 

I've included some details of my configuration below. If you need any
more details let me know.

Client OS: Windows Vista SP1
VPN Client: Shrewsoft 2.1.4 and 2.2.0-alpha-2
Gateway: Linux Openswan U2.4.4/K2.6.16.13-4.smp (netkey)
Gateway OS: OpenSuSE 10.1 

Shrewsoft config:

n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:0
n:network-notify-enable:1
n:client-wins-used:0
n:client-wins-auto:0
n:client-dns-used:1
n:client-dns-auto:0
n:client-splitdns-used:0
n:client-splitdns-auto:0
n:phase1-dhgroup:0
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
s:network-host:111.222.333.444
s:client-auto-mode:disabled
s:client-iface:direct
s:network-natt-mode:enable
s:network-frag-mode:enable
s:client-dns-addr:192.168.1.1
s:client-dns-suffix:mycompany.co.uk
s:auth-method:mutual-rsa
s:ident-client-type:asn1dn
s:ident-server-type:asn1dn
s:phase1-exchange:main
s:phase1-cipher:auto
s:phase1-hash:auto
s:phase2-transform:auto
s:phase2-hmac:auto
s:ipcomp-transform:disabled
n:phase2-pfsgroup:2
s:policy-list-include:192.168.1.0 / 255.255.255.0
s:auth-client-cert:MyVPN.p12
b:auth-client-cert-data:
s:auth-client-key:MyVPN.p12
b:auth-client-key-data:
s:auth-server-cert:MyVPN.p12
b:auth-server-cert-data:

Mike Peters
www.opengi.co.uk

Please consider the environment before printing this e-mail

"This message is intended for the named recipient only and may be
privileged and/or confidential. If you are not
the intended or named recipient or have received this email in error
then you should not copy forward or disclose
it to any other persons. If you have received this email in error you
should destroy it and contact the sender so
that we may take appropriate action. The views and opinions expressed in
this email may not represent the views
and opinions of Open International Limited or any of its subsidiaries
and are made without prejudice and subject
to contract. The Company Reserves the right to intercept and review all
email communications."

Open International Limited. Registered Office: Buckholt Drive, Warndon,
Worcester, WR4 9SR.
Registered in England. Registered No: 05716519