[vpn-help] Windows 7 64bit vs. Windows XP 32bit

Frank Llopis Frank.Llopis at SAPxbi.com
Mon Aug 30 17:29:35 CDT 2010 

  Hi all,

Short description:
VPN tunnels get established with both Windows XP Pro 32bit and Windows 7 
Pro 64bit as clients.
But data gets tunnelled only through the one running on Windows XP.

Long description:
One gateway, two clients using the same VPN connection alternatively.
Gateway Cisco RVS4000 (former Linksys), firmware 1.3.2 (newest).
Client 1 Windows XP Pro 32bit patched up to date,  VPN Client Shrew soft 
2.1.6 release candidate 3,
Client 2 Windows 7 Pro 64bit patched up to date, VPN Client Shrew soft 
2.1.6.

Internet connection over Mobile Broadband New Zealand Vodafone.
It is not the new Windows 7 driver model as far as I understand. I have 
the Shrew soft Lightweight Filter in the device manager and a 'modem' 
entry for the connection in the network adapters.
(Let me know what data you need if you want to verify this.)

Both clients use the same configuration file.
Both clients connect in seconds.
With 'maintain persistent connection' both clients negotiate a SA 
themselfs and renew it automatically.

But TCP/IP traffic never enters the tunnel on Windows 7.
(Example: Ping gateway on the other side)

There are no differences in the VPN connections from XP and Win7 from 
the VPN servers log view .
Everything is working and negotiating the Dead peer recognition and key 
renewal as expected.
The differences from the VPN clients view are:

XP IKE (working):
  ii : creating NONE INBOUND policy ANY:xxx.xxx.xxx.xxx:* -> 
ANY:121.90.218.199:*
  ii : creating NONE OUTBOUND policy ANY:121.90.218.199:* -> 
ANY:xxx.xxx.xxx.xxx:*
  ii : created NONE policy route for xxx.xxx.xxx.xxx/32
  !! : unable to locate inbound policy for init phase2
  ii : creating IPSEC INBOUND policy ANY:192.168.16.0/24:* -> 
ANY:192.168.111.111:*
  ii : creating IPSEC OUTBOUND policy ANY:192.168.111.111:* -> 
ANY:192.168.16.0/24:*

Win7 IKE (not working):
  ii : adapter ROOT\VNET\0000 unavailable, retrying ... 
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  ii : creating NONE INBOUND policy ANY:xxx.xxx.xxx.xxx:* -> 
ANY:27.252.136.30:*
  ii : creating NONE OUTBOUND policy ANY:27.252.136.30:* -> 
ANY:xxx.xxx.xxx.xxx:*
  ii : created NONE policy route for xxx.xxx.xxx.xxx/32
  !! : unable to locate inbound policy for init phase2
  ii : creating NONE INBOUND policy ANY:0.0.0.0:* -> 
ANY:192.168.111.111:* <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  ii : creating NONE OUTBOUND policy ANY:192.168.111.111:* -> 
ANY:0.0.0.0:* <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  ii : created NONE policy route for 0.0.0.0/32 
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  ii : creating IPSEC INBOUND policy ANY:192.168.16.0/24:* -> 
ANY:192.168.111.111:*
  ii : creating IPSEC OUTBOUND policy ANY:192.168.111.111:* -> 
ANY:192.168.16.0/24:*
  !! : unable to locate inbound policy for init phase2 
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

I have deinstalled and reinstalled the Shrew soft VPN client several times.
I have omitted the configuration details because both tunnels are 
working. The problem seems to be with Windows 7 networking.
Maybe this is connected to another problem with Windows 7 64bit that I 
will elaborate on in another post "Windows 7 64bit: filters currently 
installed on the system have reached the limit".

And if you have read that far, let me add Many Thanks for this great 
product and the support offered in this list!

Many Thanks in Advance for any help,
Frank.

More information about the vpn-help mailing list