[Vpn-help] Netgear DG834G

shrew.nelipot at spamgourmet.com shrew.nelipot at spamgourmet.com
Wed Apr 29 07:07:43 CDT 2009 

Hi,

I have an EeePC 901 running Eeebuntu (Ubuntu 8.10 Intrepid) on which I
have installed Shrew Soft VPN Client Ver. 2.1.0.

At each of my office and home I have a Netgear DG834G running firmware
V5.01.09.  The Netgear DG834Gs can establish a VPN connection with each
other with either one acting as the Initiator.  I need to be able to
establish a VPN connection with both my home and office (at different
times) from my EeePC using Public WiFi hotspots.

I have attempted to create a VPN tunnel using my EeePC but have as yet
been unsuccessful.  I've used the HowTo
[http://www.shrew.net/support/wiki/HowtoNetgear] as the basis for
configuring the VPN policy in both the VPN server and Client, which is
broadly consistent though obviously not precisely as the Netgear
equipment is quite different.  The connection appears to fail at the
authentication stage.

I've set-up the client using the following configuration settings:-

General Tab

On the General Tab the Remote Host is a dynamic host name (DynDNS), as
the IP address at my home is dynamic.  Auto configuration is ike config
pull as stated in the HowTo.

The Local Host is set to 'Use virtual adapter and assigned address'.
MTU = 1380.

Client Tab

NAT Traversal is enabled

NAT Traversal Port is 4500

Keep Alive Packet Ra is 15 Secs

IKE Fragmentation is enabled and Maximum Pack size is 540 Bytes.

Other Options are all checked

Name Resolution Tab

Enable DNS and Obtain Automaticall are both checked.

Phase 1 Tab

The Exchange Type is Main Mode as the server software only accommodates
Main Mode (i.e. there's no Aggressive Mode option).

DH Exchange is set to auto as the server can't accommodate anything
other than auto.

Authentication Tab

The Authentication Mode is set to Mutual PSK as the DG834G cannot
accommodate XAUTH.

Local Identity Tab is set to IP Address as the client only has this
option.  I have unchecked the 'Use discovered local host address' and
inserted 255.255.255.255 as the address string.  I also tried leaving
the 'Use discovered local host address' checked but that didn't work.  I
believe that this setting is the problem and I'll include an excerpt
from the server's log file which will show why I believe that this the
point at which the negotiation fails.

Remote Identity is IP Address and the Use discovered remote host address
is checked.

The Credentials Tab shows the Pre Shared Key as a string of asterisks.

Under the Policy Tab I have inserted the Remote Network Resource as
192.168.2.0 / 255.255.255.0, which is in accordance with the HowTo.


This is an extract from the Log file of the VPN Server.  The earlier
attempts to connect have already dropped off, but it was essentially the
same response except that instead of the line "no suitable connection
for peer '255.255.255.255'" it read something like no suitable
connection for peer '192.168.0.16'

Wed, 2009-04-29 10:10:43 - [MiniEee] responding to Main Mode from
unknown peer 58.8.187.98
Wed, 2009-04-29 10:10:43 - [MiniEee] no suitable connection for peer
'255.255.255.255'
Wed, 2009-04-29 10:10:43 - [MiniEee] sending encrypted notification
INVALID_ID_INFORMATION to <invalid>:0
Wed, 2009-04-29 10:10:53 - [MiniEee] no suitable connection for peer
'255.255.255.255'
Wed, 2009-04-29 10:10:53 - [MiniEee] sending encrypted notification
INVALID_ID_INFORMATION to <invalid>:0
Wed, 2009-04-29 10:10:53 - [MiniEee] STATE_MAIN_R2: retransmission; will
wait 20s for response
Wed, 2009-04-29 10:11:03 - [MiniEee] no suitable connection for peer
'255.255.255.255'
Wed, 2009-04-29 10:11:03 - [MiniEee] sending encrypted notification
INVALID_ID_INFORMATION to <invalid>:0
Wed, 2009-04-29 10:11:13 - [MiniEee] sending notification
PAYLOAD_MALFORMED to <invalid>:0
Wed, 2009-04-29 10:11:13 - [MiniEee] STATE_MAIN_R2: retransmission; will
wait 40s for response
Wed, 2009-04-29 10:11:53 - [MiniEee] max number of retransmissions
(4861828) reached
Wed, 2009-04-29 11:09:39 - [ICR] received Delete SA payload: deleting
ISAKMP State #1

Any thoughts on how I can get these two (three) devices to talk to each
other?

Thanks,

Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20090429/30dc6e4a/attachment-0001.html>

More information about the vpn-help mailing list