[Vpn-help] Problem with Netgear FVS318V3 and Windows 7

Phill Devey Philld at don-nan.net
Wed Nov 18 10:07:43 CST 2009 

Hi All,

 

Problem:

 

I am able to connect to a Netgear FVS318 v3 without any problems using
the Shrew 2.14 release in windows XP however, using identical settings
for the 2.1.5-rc-4 or 2.2.0-alpha-9 release on Windows 7 causes an
"invalid response from gateway error"

 

After looking at the logs I found the problem.  The Local and Remote
FQDN names are reversed.  I double checked and they are set correctly in
the router and the client.  On the Router, the local ID is set to
"Router", the remote is set to "Client".  On the PC, the local is set to
"Client" and the remote is set to "Router".

 

Somehow, there is a mis-communication between the shrew client and it is
not getting the correct response back from the router (shown in the
following log extract).

 

09/11/18 09:52:56 << : key exchange payload

09/11/18 09:52:56 << : nonce payload

09/11/18 09:52:56 << : identification payload

09/11/18 09:52:56 !! : phase1 id mismatch 

09/11/18 09:52:56 !! : received = fqdn Client

09/11/18 09:52:56 !! : expected = fqdn Router

09/11/18 09:52:56 DB : phase1 resend event canceled ( ref count = 1 )

 

After swapping the entries in the shrew client, I receive the same error
except the FQDN error is swapped.

 

I am able to bypass this error by setting the Local and Remote FQDN's in
the router to the same value and then setting this in the shrew client.
This works on the 2.14 XP client but not in the Windows 7 client.  I
receive the error "No remote destination hash available for comparison"
shown below

 

09/11/18 09:59:46 ii : phase1 id match 

09/11/18 09:59:46 ii : received = fqdn Client

09/11/18 09:59:46 << : vendor id payload

09/11/18 09:59:46 ii : peer supports nat-t ( draft v00 )

09/11/18 09:59:46 << : vendor id payload

09/11/18 09:59:46 ii : peer supports nat-t ( draft v01 )

09/11/18 09:59:46 << : vendor id payload

09/11/18 09:59:46 ii : peer supports nat-t ( draft v02 )

09/11/18 09:59:46 << : vendor id payload

09/11/18 09:59:46 ii : peer supports nat-t ( draft v03 )

09/11/18 09:59:46 << : vendor id payload

09/11/18 09:59:46 ii : peer supports nat-t ( rfc )

09/11/18 09:59:46 << : vendor id payload

09/11/18 09:59:46 ii : peer supports FRAGMENTATION

09/11/18 09:59:46 << : vendor id payload

09/11/18 09:59:46 ii : peer is SHREW SOFT compatible

09/11/18 09:59:46 << : vendor id payload

09/11/18 09:59:46 ii : peer is NETSCREEN compatible

09/11/18 09:59:46 << : vendor id payload

09/11/18 09:59:46 ii : peer is SIDEWINDER compatible

09/11/18 09:59:46 << : vendor id payload

09/11/18 09:59:46 ii : peer is CISCO UNITY compatible

09/11/18 09:59:46 !! : no remote desitnation hash available for
comparison

09/11/18 09:59:51 -> : resend 1 phase1 packet(s) 192.168.9.156:500 ->
12.xxx.xxx.xxx:500

09/11/18 09:59:51 <- : recv IKE packet 12.xxx.xxx.xxx:500 ->
192.168.9.156:500 ( 462 bytes )

09/11/18 09:59:51 DB : phase1 found

09/11/18 09:59:51 ii : processing phase1 packet ( 462 bytes )

09/11/18 09:59:51 =< : cookies f0c59420d3020bfd:0000000000000000

09/11/18 09:59:51 =< : message 00000000

09/11/18 09:59:51 << : ignoring duplicate security association payload

09/11/18 09:59:51 !! : unprocessed payload data

09/11/18 09:59:51 << : ignoring duplicate key excahnge payload

09/11/18 09:59:51 !! : unprocessed payload data

09/11/18 09:59:56 -> : resend 1 phase1 packet(s) 192.168.9.156:500 ->
12.xxx.xxx.xxx:500

09/11/18 09:59:56 <- : recv IKE packet 12.xxx.xxx.xxx:500 ->
192.168.9.156:500 ( 462 bytes )

09/11/18 09:59:56 DB : phase1 found

09/11/18 09:59:56 ii : processing phase1 packet ( 462 bytes )

09/11/18 09:59:56 =< : cookies f0c59420d3020bfd:0000000000000000

09/11/18 09:59:56 =< : message 00000000

09/11/18 09:59:56 << : ignoring duplicate security association payload

09/11/18 09:59:56 !! : unprocessed payload data

09/11/18 09:59:56 << : ignoring duplicate key excahnge payload

09/11/18 09:59:56 !! : unprocessed payload data

09/11/18 10:00:02 -> : resend 1 phase1 packet(s) 192.168.9.156:500 ->
12.xxx.xxx.xxx:500

09/11/18 10:00:02 <- : recv IKE packet 12.xxx.xxx.xxx:500 ->
192.168.9.156:500 ( 462 bytes )

09/11/18 10:00:02 DB : phase1 found

09/11/18 10:00:02 ii : processing phase1 packet ( 462 bytes )

09/11/18 10:00:02 =< : cookies f0c59420d3020bfd:0000000000000000

09/11/18 10:00:02 =< : message 00000000

09/11/18 10:00:02 << : ignoring duplicate security association payload

09/11/18 10:00:02 !! : unprocessed payload data

09/11/18 10:00:02 << : ignoring duplicate key excahnge payload

09/11/18 10:00:02 !! : unprocessed payload data

09/11/18 10:00:07 ii : resend limit exceeded for phase1 exchange

09/11/18 10:00:07 ii : phase1 removal before expire time

09/11/18 10:00:07 DB : phase1 deleted ( obj count = 0 )

09/11/18 10:00:07 DB : policy not found

09/11/18 10:00:07 DB : policy not found

09/11/18 10:00:07 DB : tunnel stats event canceled ( ref count = 1 )

09/11/18 10:00:07 DB : removing tunnel config references

09/11/18 10:00:07 DB : removing tunnel phase2 references

09/11/18 10:00:07 DB : removing tunnel phase1 references

09/11/18 10:00:07 DB : tunnel deleted ( obj count = 0 )

09/11/18 10:00:07 DB : removing all peer tunnel refrences

09/11/18 10:00:07 DB : peer deleted ( obj count = 0 )

09/11/18 10:00:07 ii : ipc client process thread exit ...

 

I am not able to get past this error.

 

Router:              Netgear FVS318v3

Firmware:          V3.0_22 (also get the same problem with V3.0_27)

 

Just for reference, I am experiencing the same problem on both a Dell
XPS Studio 16 laptop running 64-bit Windows 7 and a Dell Dimension E5020
PC running 32-bit Windows 7 RC-1

 

If anyone can help me or make suggestions I would be very appreciative.
I will supply the full log to anyone who needs it.  The laptop I
purchased is rendered completely useless unless I can come up with some
kind of viable solution to get VPN access to our company network.  We
also have a SSL watchguard firebox that does not have a compatible 64bit
client and 2 of these netgear router one of which is used for our
gateway to gateway VPN's.  I have also attempted to use Greenbow and the
NCP client, non of them worked.  I can't even convert this laptop to an
XP machine because Dell do not offer any XP drivers.  I am stuck in
quite a hole here.

 

Thanks

 

Phill Devey

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091118/ff9177f8/attachment-0001.html>

More information about the vpn-help mailing list