[Vpn-help] Cisco VPN 3000 and Shrew 2.1.5-rc-4(2) issue

Mon Nov 30 12:46:40 CST 2009

One thing that Matthew gave away in a recent mail is that Shrew source is
available in a Subversion repository -- I may take advantage of this to
download and test on Linux against all the Netgear half-cadavers that
populate my workplace, whereupon I would give any useful results back to the
source base.  

I'd only do it on Linux, of which I have a few running around.  Since Visual
Studio ca. 2002, I have been unwilling to undergo the charismatic conversion
necessary to keep up with the latest and 'greatest' from Microsoft.  

The Cygwin alternative went over to the dark side too soon, it was only
half-baked when it turned.  Sounds like the topic for a US made-for-TV
movie.

Charles

-----Original Message-----
From: Frank Pikelner [mailto:frank.pikelner at netcraftcommunications.com] 
Sent: Monday, November 30, 2009 7:28 PM
To: Charles Buckley
Cc: 'Mathieu Ploton'; 'Daniel Sabanes Bove'; vpn-help at lists.shrew.net
Subject: RE: [Vpn-help] Cisco VPN 3000 and Shrew 2.1.5-rc-4(2) issue

On Fri, 2009-11-27 at 07:51 +0100, Charles Buckley wrote:
> I would be compelled to wonder, just how flexible and/or universal
> this SSL client installation feature from Cisco is.  I bought the
> Netgear FVS336G because the marketing literature suggested a VPN
> connection "anywhere, anytime" was possible.   To my horror upon
> receiving the unit, I discover it's only good for 32-bit Windows
> clients.  64-bit doesn't work, and in the latest releases of the
> firmware, even Macintosh is not supported.  

Correct, the dynamic SSL agent is Windows only (32bit) - it was very
convenient for its time. From what I understand the Cisco 3000 VPN is
end-of-life, so I doubt there will be a 64bit agent or one for OS X.

I do know the native OS X (10.4/10.5) VPN agent works just fine, so you
do not require the Cisco software installed.

>  
> 
> So I'm back fiddling with IPSec clients.   I don't mind - this is the
> way I discovered the Shrew enterprise, but it's a lot of additional
> hassle in an already over-busy day.  Given the way Netgear seem to
> approach software, I wonder if some sort of OEM cooperation between
> Netgear and Shrewsoft would make sense.
> 

Shrew looks to be an excellent solution, but so far I have been
unsuccessful in getting it to work with NetGear VPN equipment. I have
tried other software products (on OS X to test whether I connect at all)
and they did work. My guess is I need to spend more time with Shrew. One
particular configuration of Shrew causes the NetGear VPN equipment to
stop responding (VPN does not even respond to local pings - when VPN
session initiated from outside) until I disconnect.

Frank