[Vpn-help] Help configuring Netgear FVX538 router
Ron Thompson
ron at classic-ed.com
Wed Dec 9 18:29:47 CST 2009
Well I don't know if it applies here but I had a very similar situation with my FVS318. I couldn't and still can't get the release code to connect but I have successfully got the 2.2.9 apha code to work very successfully including propagating WINS. I should add that I have two nearly identical config files and one works and the other does not. Only the variable order is changed between the two config files. I am guessing this is a Shrew client problem rather than a Netgear problem.
From: Charles Buckley
Sent: Wednesday, December 09, 2009 6:17 PM
To: vpn-help at lists.shrew.net
Subject: Re: [Vpn-help] Help configuring Netgear FVX538 router
I published a couple of posts about this - I'm waiting for an escalation with Netgear to go through. It seems their customer support people can just misrepresent issues they don't understand, and their management will believe it.
I don't have time to redo the whole thing, but it is possible to get this to work.
You must set up a VPN policy - mode-config doesn't work. This means you must manually configure the VON IP address of each client that connects. This IP address must be on a different subnet than the LAN.
The remote IP mask of he VPN policy must be set to 'any,' which means that NetBIOS broadcasts don't work. All these behaviours (with the exception of no mode config) also occur with the Netgear supplied client (cutting Shrew out of the equation completely). But mode-config does work with the Netgear-supplied client. Netgear are informed of this, but they've chosen to distort and/or ignore the issues.
Those are the main caveats to getting things to work. There may be a few others - search the archives.
--------------------------------------------------------------------------------
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Mike Crowe
Sent: Wednesday, December 09, 2009 10:34 PM
To: vpn-help at lists.shrew.net
Subject: [Vpn-help] Help configuring Netgear FVX538 router
Hi folks,
I'm following the instructions at http://www.shrew.net/support/wiki/HowtoNetgear, and I can't seem to get the shrew client to connect. When I try an initiate a connection, I repeatedly see:
09/12/09 16:14:45 -> : send IKE packet 192.168.1.15:500 -> XX.XXX.XXX.198:500 ( 1177 bytes )
09/12/09 16:14:45 DB : phase1 resend event scheduled ( ref count = 2 )
09/12/09 16:14:50 -> : resend 1 phase1 packet(s) 192.168.1.15:500 -> XX.XXX.XXX.198:500
(full log below). If I look at this, it almost appears that the Netgear isn't listening on port 500. Could that be possible?
Based on this setup, two questions:
1) I don't have to set up a VPN policy, right?
2) I don't have to adjust any port forwarding or other rules, right? I don't have any port 500 rules in place now.
09/12/09 16:10:31 ## : IKE Daemon, ver 2.1.5
09/12/09 16:10:31 ## : Copyright 2009 Shrew Soft Inc.
09/12/09 16:10:31 ## : This product linked OpenSSL 0.9.8h 28 May 2008
09/12/09 16:10:31 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'
09/12/09 16:10:31 ii : rebuilding vnet device list ...
09/12/09 16:10:31 ii : device ROOT\VNET\0000 disabled
09/12/09 16:10:31 ii : network process thread begin ...
09/12/09 16:10:31 ii : ipc server process thread begin ...
09/12/09 16:10:31 ii : pfkey process thread begin ...
09/12/09 16:10:33 ii : ipc client process thread begin ...
09/12/09 16:10:33 <A : peer config add message
09/12/09 16:10:33 DB : peer added ( obj count = 1 )
09/12/09 16:10:33 ii : local address 192.168.1.15 selected for peer
09/12/09 16:10:33 DB : tunnel added ( obj count = 1 )
09/12/09 16:10:33 <A : proposal config message
09/12/09 16:10:33 <A : proposal config message
09/12/09 16:10:33 <A : client config message
09/12/09 16:10:33 <A : xauth username message
09/12/09 16:10:33 <A : xauth password message
09/12/09 16:10:33 <A : local id 'vpn.zipitwireless.com' message
09/12/09 16:10:33 <A : preshared key message
09/12/09 16:10:33 <A : remote resource message
09/12/09 16:10:33 <A : peer tunnel enable message
09/12/09 16:10:33 DB : new phase1 ( ISAKMP initiator )
09/12/09 16:10:33 DB : exchange type is aggressive
09/12/09 16:10:33 DB : 192.168.1.15:500 <-> 74.223.161.198:500
09/12/09 16:10:33 DB : 779787518ff0cc3a:0000000000000000
09/12/09 16:10:33 DB : phase1 added ( obj count = 1 )
09/12/09 16:10:33 >> : security association payload
09/12/09 16:10:33 >> : - proposal #1 payload
09/12/09 16:10:33 >> : -- transform #1 payload
09/12/09 16:10:33 >> : -- transform #2 payload
09/12/09 16:10:33 >> : -- transform #3 payload
09/12/09 16:10:33 >> : -- transform #4 payload
09/12/09 16:10:33 >> : -- transform #5 payload
09/12/09 16:10:33 >> : -- transform #6 payload
09/12/09 16:10:33 >> : -- transform #7 payload
09/12/09 16:10:33 >> : -- transform #8 payload
09/12/09 16:10:33 >> : -- transform #9 payload
09/12/09 16:10:33 >> : -- transform #10 payload
09/12/09 16:10:33 >> : -- transform #11 payload
09/12/09 16:10:33 >> : -- transform #12 payload
09/12/09 16:10:33 >> : -- transform #13 payload
09/12/09 16:10:33 >> : -- transform #14 payload
09/12/09 16:10:33 >> : -- transform #15 payload
09/12/09 16:10:33 >> : -- transform #16 payload
09/12/09 16:10:33 >> : -- transform #17 payload
09/12/09 16:10:33 >> : -- transform #18 payload
09/12/09 16:10:33 >> : key exchange payload
09/12/09 16:10:33 >> : nonce payload
09/12/09 16:10:33 >> : identification payload
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local supports XAUTH
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local supports nat-t ( draft v00 )
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local supports nat-t ( draft v01 )
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local supports nat-t ( draft v02 )
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local supports nat-t ( draft v03 )
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local supports nat-t ( rfc )
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local supports FRAGMENTATION
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local is SHREW SOFT compatible
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local is NETSCREEN compatible
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local is SIDEWINDER compatible
09/12/09 16:10:33 >> : vendor id payload
09/12/09 16:10:33 ii : local is CISCO UNITY compatible
09/12/09 16:10:33 >= : cookies 779787518ff0cc3a:0000000000000000
09/12/09 16:10:33 >= : message 00000000
09/12/09 16:10:33 -> : send IKE packet 192.168.1.15:500 -> 74.223.161.198:500 ( 1177 bytes )
09/12/09 16:10:33 DB : phase1 resend event scheduled ( ref count = 2 )
09/12/09 16:10:38 -> : resend 1 phase1 packet(s) 192.168.1.15:500 -> 74.223.161.198:500
09/12/09 16:10:43 -> : resend 1 phase1 packet(s) 192.168.1.15:500 -> 74.223.161.198:500
09/12/09 16:10:48 -> : resend 1 phase1 packet(s) 192.168.1.15:500 -> 74.223.161.198:500
09/12/09 16:10:53 ii : resend limit exceeded for phase1 exchange
09/12/09 16:10:53 ii : phase1 removal before expire time
09/12/09 16:10:53 DB : phase1 deleted ( obj count = 0 )
09/12/09 16:10:53 DB : policy not found
09/12/09 16:10:53 DB : policy not found
09/12/09 16:10:53 DB : tunnel stats event canceled ( ref count = 1 )
09/12/09 16:10:53 DB : removing tunnel config references
09/12/09 16:10:53 DB : removing tunnel phase2 references
09/12/09 16:10:53 DB : removing tunnel phase1 references
09/12/09 16:10:53 DB : tunnel deleted ( obj count = 0 )
09/12/09 16:10:53 DB : removing all peer tunnel refrences
09/12/09 16:10:53 DB : peer deleted ( obj count = 0 )
09/12/09 16:10:53 ii : ipc client process thread exit ...
09/12/09 16:13:03 ii : ipc client process thread begin ...
09/12/09 16:13:03 <A : peer config add message
09/12/09 16:13:03 DB : peer added ( obj count = 1 )
09/12/09 16:13:03 ii : local address 192.168.1.15 selected for peer
09/12/09 16:13:03 DB : tunnel added ( obj count = 1 )
09/12/09 16:13:03 <A : proposal config message
09/12/09 16:13:03 <A : proposal config message
09/12/09 16:13:03 <A : client config message
09/12/09 16:13:03 <A : xauth username message
09/12/09 16:13:03 <A : xauth password message
09/12/09 16:13:03 <A : local id 'vpn.zipitwireless.com' message
09/12/09 16:13:03 <A : preshared key message
09/12/09 16:13:03 <A : remote resource message
09/12/09 16:13:03 <A : peer tunnel enable message
09/12/09 16:13:03 DB : new phase1 ( ISAKMP initiator )
09/12/09 16:13:03 DB : exchange type is aggressive
09/12/09 16:13:03 DB : 192.168.1.15:500 <-> 74.223.161.198:500
09/12/09 16:13:03 DB : d83d366fe6644d88:0000000000000000
09/12/09 16:13:03 DB : phase1 added ( obj count = 1 )
09/12/09 16:13:03 >> : security association payload
09/12/09 16:13:03 >> : - proposal #1 payload
09/12/09 16:13:03 >> : -- transform #1 payload
09/12/09 16:13:03 >> : -- transform #2 payload
09/12/09 16:13:03 >> : -- transform #3 payload
09/12/09 16:13:03 >> : -- transform #4 payload
09/12/09 16:13:03 >> : -- transform #5 payload
09/12/09 16:13:03 >> : -- transform #6 payload
09/12/09 16:13:03 >> : -- transform #7 payload
09/12/09 16:13:03 >> : -- transform #8 payload
09/12/09 16:13:03 >> : -- transform #9 payload
09/12/09 16:13:03 >> : -- transform #10 payload
09/12/09 16:13:03 >> : -- transform #11 payload
09/12/09 16:13:03 >> : -- transform #12 payload
09/12/09 16:13:03 >> : -- transform #13 payload
09/12/09 16:13:03 >> : -- transform #14 payload
09/12/09 16:13:03 >> : -- transform #15 payload
09/12/09 16:13:03 >> : -- transform #16 payload
09/12/09 16:13:03 >> : -- transform #17 payload
09/12/09 16:13:03 >> : -- transform #18 payload
09/12/09 16:13:03 >> : key exchange payload
09/12/09 16:13:03 >> : nonce payload
09/12/09 16:13:03 >> : identification payload
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local supports XAUTH
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local supports nat-t ( draft v00 )
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local supports nat-t ( draft v01 )
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local supports nat-t ( draft v02 )
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local supports nat-t ( draft v03 )
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local supports nat-t ( rfc )
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local supports FRAGMENTATION
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local is SHREW SOFT compatible
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local is NETSCREEN compatible
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local is SIDEWINDER compatible
09/12/09 16:13:03 >> : vendor id payload
09/12/09 16:13:03 ii : local is CISCO UNITY compatible
09/12/09 16:13:03 >= : cookies d83d366fe6644d88:0000000000000000
09/12/09 16:13:03 >= : message 00000000
09/12/09 16:13:03 -> : send IKE packet 192.168.1.15:500 -> 74.223.161.198:500 ( 1177 bytes )
09/12/09 16:13:03 DB : phase1 resend event scheduled ( ref count = 2 )
09/12/09 16:13:08 -> : resend 1 phase1 packet(s) 192.168.1.15:500 -> 74.223.161.198:500
09/12/09 16:13:13 -> : resend 1 phase1 packet(s) 192.168.1.15:500 -> 74.223.161.198:500
09/12/09 16:13:18 -> : resend 1 phase1 packet(s) 192.168.1.15:500 -> 74.223.161.198:500
09/12/09 16:13:23 ii : resend limit exceeded for phase1 exchange
09/12/09 16:13:23 ii : phase1 removal before expire time
09/12/09 16:13:23 DB : phase1 deleted ( obj count = 0 )
09/12/09 16:13:23 DB : policy not found
09/12/09 16:13:23 DB : policy not found
09/12/09 16:13:23 DB : tunnel stats event canceled ( ref count = 1 )
09/12/09 16:13:23 DB : removing tunnel config references
09/12/09 16:13:23 DB : removing tunnel phase2 references
09/12/09 16:13:23 DB : removing tunnel phase1 references
09/12/09 16:13:23 DB : tunnel deleted ( obj count = 0 )
09/12/09 16:13:23 DB : removing all peer tunnel refrences
09/12/09 16:13:23 DB : peer deleted ( obj count = 0 )
09/12/09 16:13:23 ii : ipc client process thread exit ...
09/12/09 16:14:45 ii : ipc client process thread begin ...
09/12/09 16:14:45 <A : peer config add message
09/12/09 16:14:45 DB : peer added ( obj count = 1 )
09/12/09 16:14:45 ii : local address 192.168.1.15 selected for peer
09/12/09 16:14:45 DB : tunnel added ( obj count = 1 )
09/12/09 16:14:45 <A : proposal config message
09/12/09 16:14:45 <A : proposal config message
09/12/09 16:14:45 <A : client config message
09/12/09 16:14:45 <A : xauth username message
09/12/09 16:14:45 <A : xauth password message
09/12/09 16:14:45 <A : local id 'vpn.zipitwireless.com' message
09/12/09 16:14:45 <A : preshared key message
09/12/09 16:14:45 <A : remote resource message
09/12/09 16:14:45 <A : peer tunnel enable message
09/12/09 16:14:45 DB : new phase1 ( ISAKMP initiator )
09/12/09 16:14:45 DB : exchange type is aggressive
09/12/09 16:14:45 DB : 192.168.1.15:500 <-> 74.223.161.198:500
09/12/09 16:14:45 DB : 76b900f17cca669d:0000000000000000
09/12/09 16:14:45 DB : phase1 added ( obj count = 1 )
09/12/09 16:14:45 >> : security association payload
09/12/09 16:14:45 >> : - proposal #1 payload
09/12/09 16:14:45 >> : -- transform #1 payload
09/12/09 16:14:45 >> : -- transform #2 payload
09/12/09 16:14:45 >> : -- transform #3 payload
09/12/09 16:14:45 >> : -- transform #4 payload
09/12/09 16:14:45 >> : -- transform #5 payload
09/12/09 16:14:45 >> : -- transform #6 payload
09/12/09 16:14:45 >> : -- transform #7 payload
09/12/09 16:14:45 >> : -- transform #8 payload
09/12/09 16:14:45 >> : -- transform #9 payload
09/12/09 16:14:45 >> : -- transform #10 payload
09/12/09 16:14:45 >> : -- transform #11 payload
09/12/09 16:14:45 >> : -- transform #12 payload
09/12/09 16:14:45 >> : -- transform #13 payload
09/12/09 16:14:45 >> : -- transform #14 payload
09/12/09 16:14:45 >> : -- transform #15 payload
09/12/09 16:14:45 >> : -- transform #16 payload
09/12/09 16:14:45 >> : -- transform #17 payload
09/12/09 16:14:45 >> : -- transform #18 payload
09/12/09 16:14:45 >> : key exchange payload
09/12/09 16:14:45 >> : nonce payload
09/12/09 16:14:45 >> : identification payload
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local supports XAUTH
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local supports nat-t ( draft v00 )
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local supports nat-t ( draft v01 )
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local supports nat-t ( draft v02 )
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local supports nat-t ( draft v03 )
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local supports nat-t ( rfc )
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local supports FRAGMENTATION
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local is SHREW SOFT compatible
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local is NETSCREEN compatible
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local is SIDEWINDER compatible
09/12/09 16:14:45 >> : vendor id payload
09/12/09 16:14:45 ii : local is CISCO UNITY compatible
09/12/09 16:14:45 >= : cookies 76b900f17cca669d:0000000000000000
09/12/09 16:14:45 >= : message 00000000
09/12/09 16:14:45 -> : send IKE packet 192.168.1.15:500 -> 74.223.161.198:500 ( 1177 bytes )
09/12/09 16:14:45 DB : phase1 resend event scheduled ( ref count = 2 )
09/12/09 16:14:50 -> : resend 1 phase1 packet(s) 192.168.1.15:500 -> 74.223.161.198:500
09/12/09 16:14:55 -> : resend 1 phase1 packet(s) 192.168.1.15:500 -> 74.223.161.198:500
09/12/09 16:15:00 -> : resend 1 phase1 packet(s) 192.168.1.15:500 -> 74.223.161.198:500
09/12/09 16:15:05 ii : resend limit exceeded for phase1 exchange
09/12/09 16:15:05 ii : phase1 removal before expire time
09/12/09 16:15:05 DB : phase1 deleted ( obj count = 0 )
09/12/09 16:15:05 DB : policy not found
09/12/09 16:15:05 DB : policy not found
09/12/09 16:15:05 DB : tunnel stats event canceled ( ref count = 1 )
09/12/09 16:15:05 DB : removing tunnel config references
09/12/09 16:15:05 DB : removing tunnel phase2 references
09/12/09 16:15:05 DB : removing tunnel phase1 references
09/12/09 16:15:05 DB : tunnel deleted ( obj count = 0 )
09/12/09 16:15:06 DB : removing all peer tunnel refrences
09/12/09 16:15:06 DB : peer deleted ( obj count = 0 )
09/12/09 16:15:06 ii : ipc client process thread exit ...
--------------------------------------------------------------------------------
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091209/fb169245/attachment-0002.html>
More information about the vpn-help
mailing list