[vpn-help] Shrew Cleint with Netgear FVX538

Matthew Grooms mgrooms at shrew.net
Thu Aug 19 12:08:06 CDT 2010 

On 8/17/2010 11:23 PM, Nathan Morrow wrote:
> Well, I am still not finding easy as a word with VPNs.
>
> Here is where I am:
>
> 1.
>
>   Apparently there is an issue using the wireless adapter in my HP
> (Broadcom based).  When using Ethernet I actually connect and get
> communications on both ends.  On the wireless I see stuff in the shrew
> trace log, but nothing at the server.
>
> Is there any way to use the built in wireless card.
>

Do you see the Shrew Soft LWF driver enabled for your wireless adapter? 
What make/model of Wireless adapter are you using?

> 2.
>
> If I try to use the netgear example on the shrew website (ike config
> pull), I get
>
> config message type is invalid for pull config”
>
> in the shrew trace log and
>
> [IKE] ISAKMP-SA established for WORKIP[4500]-REMOTEIP[4500] with
> spi:2a66a846b45e6422:7b1231493b23d4cb_
>
> [IKE] Sending Informational Exchange: notify payload[INITIAL-CONTACT]_
>
> [IKE] Short payload_
>
> in the netgear log.
>
> Not sure what needs to change on the client side to make it a valid config.
>

I believe another user was experiencing problems with his netgear until 
they upgraded the firmware. Are you running the latest version?

> 3.
>
> If I change that mode to “Ike config push” and actually fill in all the
> necessary info in the shrew client that was set to auto, it gets much
> further, but then I get
>
> resend 1 phase2 packet(s) 192.168.50.132:4500 -> WORKIP:4500
>
>   in the shrew trace log.  And
>
> No policy found: 192.168.2.5/32[0] 192.168.0.0/24[0] proto=any dir=in_
> 2010 Aug 18 04:16:57 [SpotswoodFVX538] [IKE] Failed to get proposal for
> responder._
>
> in the netgear log. Not sure if I am hosing everything with that
> change.  But I did get further.
>
> As always, any help is appreciated.  I am running 2.1.6 with DPD turned
> off on both ends.
>

You should definitely be using 'ike config pull' with netgear. They use 
the ipsec-tools based racoon daemon. If you still have problems after 
upgrading your firmware, try gathering some debug output and sending it 
to me directly. I'll have a look.

-Matthew

More information about the vpn-help mailing list