[vpn-help] Shrew Client and routing through AVM Fritz Router 7270

Rainer Budde rbudde at rwh-ia.de
Mon Mar 8 04:28:45 CST 2010

Daer all,


I've severaly VPN Clients with Shrew Client Software and everything works without any problem except one VPN-Client. The VPN-configuration on the router is for all the same except the PSK-Password.


My colleague has a strange behaviour with the Shrew VPN Client and a AVM Fritz Router 7270 (latest firmware is installed). He has at home a AVM Fritz Router 7270 and tries to dial-in in our company via VPN with a notebook. If the notebook is connected via network cable, everything works fine - no problems! He can dial-in and access to the network, mails servers, web servers aso. 


But if he is connected to the Wireless LAN he couldn't access to the VPN-Router (LANCOM 1711+ latest firmware). He can ping the LANCOM VPN-Router and he can access to all other internet services but if he try to make a VPN connection the connection immediately fails with the message "negotiation timeout" and "detach from the key daemon". 


Addionally, now the strange behaviour: If my colleague uninstalls the Shrew VPN Client, restarts the PC and reinstalls the client (and deactivates the ShrewSoft DNS Proxy Daemon) without a restart the VPN connection works without any problem. If he restarts the PC it doesn't work again. He can reproduce it everytime!


Here some configuration data of the VPN client:


- Windows 7 - 64bit


- VPN Client: 2.1.5

- General Tab:

  - Hostname: vpn.my-domain.de 

  - Port: 500

  - Auto Configuration: ike config pull

  - Address Method: Use a virtual adapter and assigned address

  - MTU: 1380

  - Obtain Automatically: Yes

- Client Tab:

  - NAT Traversal: enable

  - NAT Traversal Port: 4500

  - Keep-alive packet rate: 15 sec

  - IKE Fragmentation: enabled

  - Maximum packet size: 540 Bytes

  - Enable Dead Peer Detection: Yes

  - Enable ISAKMP Failure Notifications: Yes

  - Enable Client Login Banner: Yes

- Name Resolution Tab

  - All items "Enabled" and "Obtain Automatically" is set

- Authentication Tab

  - Method: Mutual PSK + XAuth

  - Local Identity:

    - Local Identifier: Key Identifier

    - Key ID String: name of user

  - Remote Identity:

    - Local Identifier: Key Identifier

    - Key ID String: name of user

  - Credentials Tab: 

    - Pre Shared Key: value of PSK

- Phase 1 Tab

  - Exchange Type: aggressive

  - DH exchange: group 2

  - Cipher Algorithm: auto

  - Hash Algorithm: auto

  - Key Life Time limit: 86400 Secs

  - Key Life Data limit: 0 Kbytes

  - Enable Check Point Compatible Vender ID: No

- Phase 2 Tab

  - Transform Algorithm: auto

  - HMAC Algorithm: auto

  - PFS Exchange: group 2

  - Compress Algorithm: disabled

  - Key Life Time limit: 3600 Secs

  - Key Life Data limit: 0 Kbytes

- Policy Tab

  - Maintain Persistent Descurity Associations: No

- Obtain Topology Automatically or Tunnel All: Yes


At the moment I don't know where the problem is located. Is this problem a router problem (with cable it works, with Wireless LAN not), or a client problem (It runs with new installation and without any restart)? Has anybody a idea for this problem(s)?


Kind regards


Rainer Budde


Rainer Budde

Software Engineering


RWH Industrieautomatisierung GmbH

Emsteker Strasse 14-16

D-49661 Cloppenburg


Fon: +49 (0) 4471 - 9293 -18

Fax: +49 (0) 4471 - 9293 -22

Mail: rbudde at rwh-ia.de


Geschäftsführer: Andreas Reuter, Amtsgericht Oldenburg, HRB 151141


This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of RWH Industrieautomatisierung GmbH or any of its subsidiaries or affiliates. If you are not the original recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error, and that any use, dissemination, forwarding, printing or copying this e-mail is strictly prohibited. If you receive this e-mail in error, please immediately notify mail at rwh-ia.de


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100308/707847d4/attachment-0001.html>

More information about the vpn-help mailing list