[Vpn-help] Problem with Netgear FVS318V3 and Windows 7
Phill Devey
Philld at don-nan.net
Wed Nov 18 10:07:43 CST 2009
Hi All,
Problem:
I am able to connect to a Netgear FVS318 v3 without any problems using
the Shrew 2.14 release in windows XP however, using identical settings
for the 2.1.5-rc-4 or 2.2.0-alpha-9 release on Windows 7 causes an
"invalid response from gateway error"
After looking at the logs I found the problem. The Local and Remote
FQDN names are reversed. I double checked and they are set correctly in
the router and the client. On the Router, the local ID is set to
"Router", the remote is set to "Client". On the PC, the local is set to
"Client" and the remote is set to "Router".
Somehow, there is a mis-communication between the shrew client and it is
not getting the correct response back from the router (shown in the
following log extract).
09/11/18 09:52:56 << : key exchange payload
09/11/18 09:52:56 << : nonce payload
09/11/18 09:52:56 << : identification payload
09/11/18 09:52:56 !! : phase1 id mismatch
09/11/18 09:52:56 !! : received = fqdn Client
09/11/18 09:52:56 !! : expected = fqdn Router
09/11/18 09:52:56 DB : phase1 resend event canceled ( ref count = 1 )
After swapping the entries in the shrew client, I receive the same error
except the FQDN error is swapped.
I am able to bypass this error by setting the Local and Remote FQDN's in
the router to the same value and then setting this in the shrew client.
This works on the 2.14 XP client but not in the Windows 7 client. I
receive the error "No remote destination hash available for comparison"
shown below
09/11/18 09:59:46 ii : phase1 id match
09/11/18 09:59:46 ii : received = fqdn Client
09/11/18 09:59:46 << : vendor id payload
09/11/18 09:59:46 ii : peer supports nat-t ( draft v00 )
09/11/18 09:59:46 << : vendor id payload
09/11/18 09:59:46 ii : peer supports nat-t ( draft v01 )
09/11/18 09:59:46 << : vendor id payload
09/11/18 09:59:46 ii : peer supports nat-t ( draft v02 )
09/11/18 09:59:46 << : vendor id payload
09/11/18 09:59:46 ii : peer supports nat-t ( draft v03 )
09/11/18 09:59:46 << : vendor id payload
09/11/18 09:59:46 ii : peer supports nat-t ( rfc )
09/11/18 09:59:46 << : vendor id payload
09/11/18 09:59:46 ii : peer supports FRAGMENTATION
09/11/18 09:59:46 << : vendor id payload
09/11/18 09:59:46 ii : peer is SHREW SOFT compatible
09/11/18 09:59:46 << : vendor id payload
09/11/18 09:59:46 ii : peer is NETSCREEN compatible
09/11/18 09:59:46 << : vendor id payload
09/11/18 09:59:46 ii : peer is SIDEWINDER compatible
09/11/18 09:59:46 << : vendor id payload
09/11/18 09:59:46 ii : peer is CISCO UNITY compatible
09/11/18 09:59:46 !! : no remote desitnation hash available for
comparison
09/11/18 09:59:51 -> : resend 1 phase1 packet(s) 192.168.9.156:500 ->
12.xxx.xxx.xxx:500
09/11/18 09:59:51 <- : recv IKE packet 12.xxx.xxx.xxx:500 ->
192.168.9.156:500 ( 462 bytes )
09/11/18 09:59:51 DB : phase1 found
09/11/18 09:59:51 ii : processing phase1 packet ( 462 bytes )
09/11/18 09:59:51 =< : cookies f0c59420d3020bfd:0000000000000000
09/11/18 09:59:51 =< : message 00000000
09/11/18 09:59:51 << : ignoring duplicate security association payload
09/11/18 09:59:51 !! : unprocessed payload data
09/11/18 09:59:51 << : ignoring duplicate key excahnge payload
09/11/18 09:59:51 !! : unprocessed payload data
09/11/18 09:59:56 -> : resend 1 phase1 packet(s) 192.168.9.156:500 ->
12.xxx.xxx.xxx:500
09/11/18 09:59:56 <- : recv IKE packet 12.xxx.xxx.xxx:500 ->
192.168.9.156:500 ( 462 bytes )
09/11/18 09:59:56 DB : phase1 found
09/11/18 09:59:56 ii : processing phase1 packet ( 462 bytes )
09/11/18 09:59:56 =< : cookies f0c59420d3020bfd:0000000000000000
09/11/18 09:59:56 =< : message 00000000
09/11/18 09:59:56 << : ignoring duplicate security association payload
09/11/18 09:59:56 !! : unprocessed payload data
09/11/18 09:59:56 << : ignoring duplicate key excahnge payload
09/11/18 09:59:56 !! : unprocessed payload data
09/11/18 10:00:02 -> : resend 1 phase1 packet(s) 192.168.9.156:500 ->
12.xxx.xxx.xxx:500
09/11/18 10:00:02 <- : recv IKE packet 12.xxx.xxx.xxx:500 ->
192.168.9.156:500 ( 462 bytes )
09/11/18 10:00:02 DB : phase1 found
09/11/18 10:00:02 ii : processing phase1 packet ( 462 bytes )
09/11/18 10:00:02 =< : cookies f0c59420d3020bfd:0000000000000000
09/11/18 10:00:02 =< : message 00000000
09/11/18 10:00:02 << : ignoring duplicate security association payload
09/11/18 10:00:02 !! : unprocessed payload data
09/11/18 10:00:02 << : ignoring duplicate key excahnge payload
09/11/18 10:00:02 !! : unprocessed payload data
09/11/18 10:00:07 ii : resend limit exceeded for phase1 exchange
09/11/18 10:00:07 ii : phase1 removal before expire time
09/11/18 10:00:07 DB : phase1 deleted ( obj count = 0 )
09/11/18 10:00:07 DB : policy not found
09/11/18 10:00:07 DB : policy not found
09/11/18 10:00:07 DB : tunnel stats event canceled ( ref count = 1 )
09/11/18 10:00:07 DB : removing tunnel config references
09/11/18 10:00:07 DB : removing tunnel phase2 references
09/11/18 10:00:07 DB : removing tunnel phase1 references
09/11/18 10:00:07 DB : tunnel deleted ( obj count = 0 )
09/11/18 10:00:07 DB : removing all peer tunnel refrences
09/11/18 10:00:07 DB : peer deleted ( obj count = 0 )
09/11/18 10:00:07 ii : ipc client process thread exit ...
I am not able to get past this error.
Router: Netgear FVS318v3
Firmware: V3.0_22 (also get the same problem with V3.0_27)
Just for reference, I am experiencing the same problem on both a Dell
XPS Studio 16 laptop running 64-bit Windows 7 and a Dell Dimension E5020
PC running 32-bit Windows 7 RC-1
If anyone can help me or make suggestions I would be very appreciative.
I will supply the full log to anyone who needs it. The laptop I
purchased is rendered completely useless unless I can come up with some
kind of viable solution to get VPN access to our company network. We
also have a SSL watchguard firebox that does not have a compatible 64bit
client and 2 of these netgear router one of which is used for our
gateway to gateway VPN's. I have also attempted to use Greenbow and the
NCP client, non of them worked. I can't even convert this laptop to an
XP machine because Dell do not offer any XP drivers. I am stuck in
quite a hole here.
Thanks
Phill Devey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091118/ff9177f8/attachment-0001.html>
More information about the vpn-help
mailing list