[Vpn-help] cannot connect to a fortigate with shrew vpn client on windows

Noach Sumner nsumner at compu-skill.com
Thu Nov 20 14:37:27 CST 2008

Okay, I went to dbl check my config I have the following...

>From WAN (all) to WAN (all) (IE WAN2 to WAN2) DHCP set to Encrypt. Make sure
of course you have a IPSec DHCP server setup on the Fortigate
>From Internal to WAN I have Internal ALL to WAN ("vpn addresses") Encrypt
(allow inbound and outbound of course).

vpn addresses is for me defined as Basically whatever
addresses your IPSec DHCP server will be assigning. Note there is no reason
(in fact it shouldn't) be the same IP block used on your local network.

Here are some of the important parts to set on the Fortigate
Mode: Agressive (Main won't work).
X-Auth has worked in some versions and not others so be careful with this

Make sure of course that you have your Shrew config set to match your
Fortigate (it is easy to make small mistakes here).

BTW: Matthew, I have noticed that the latest 2.2alpha you sent me ALWAYS has
the multiple IP issue (3 ips). I don't know for sure if it is related but it
might be a better place to start as for me that isn't intermittent. Again I
am running Vista (which I am guessing is the root of the problem).

I am running MR7P1 and it works pretty well with Shrew. MR7P2 is due out any
day now but I of course can't guarantee how well it will work with Shrew.

On Thu, Nov 20, 2008 at 9:06 PM, Matthew Grooms <mgrooms at shrew.net> wrote:

> Noach Sumner wrote:
>> I don't remember which build sat where but there were a good number of
>> builds where Fortigate had completely broken the VPN connectivity. But I
>> wonder if you have a policy from internal to internal with service set to
>> DHCP and policy set to encrypt? BTW is there a reason you are running the
>> old build? MR5 is on P6 I believe and MR7 is on P1 and P2 is around the
>> corner (actually 4MR1 is supposed to be out before the end of the year).
> Thanks for your input Noach. Ive had problems in the past while testing
> certain builds of the Fortigate firmware. Upgrading or downgrading to a
> different version seemed to resolve the issue.
>  BTW, Matthew have you had a chance to look at the multiple IP issue yet?
> I tried a few times but was unable to reproduce the issue. This is very
> high on my todo list and I hope to have something worked out by the end of
> the weekend.
> Thanks,
> -Matthew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20081120/f5d8f175/attachment-0002.html>

More information about the vpn-help mailing list