[vpn-help] VPN not passing traffic using Shrew Client

mikelupo at aol.com mikelupo at aol.com
Sun May 9 18:22:35 CDT 2010 





Hi Kevin,
Attached is the iked.log file as you requested. As well as a screenshot.png of the two VPN Trace tabs you mentioned in your reply for your convenience. As always, it's a good idea to run a virus scan.

The 2.1.6 Beta did not solve the issue. 

FYI:. I also have the Netgear VPN client on a different PC going through my same home network. It connects fine and I can communicate to servers on the secured LAN inside the same distant VPN. So I know that the VPN network "can" work. 
With this in mind, I don't "think" I am having a double NAT issue. And yup, the Netgear is capable of NAT Traversal.
For convenience, A one pager on the router can be found here: http://www.netgear.com/upload/product/fvs318g/fvs318g_ds_15sept09.pdf

The purpose of my using the Shrew client in addition to the Netgear branded VPN client is to give the Windows 7 users in the company an alternative to the incompatible Netgear client. 

I really appreciate the help you've given me today.
Thank you.

Mike





-----Original Message-----
From: kevin shrew-vpn <klmlk at hotmail.com>
To: vpn-help at lists.shrew.net
Sent: Sun, May 9, 2010 1:14 pm
Subject: Re: [vpn-help] VPN not passing traffic using Shrew Client


On Sun, 09 May 2010 12:14:03 -0400
ikelupo at aol.com wrote:
> 1) I do not have overlapping local LAN IP address ranges.
 In fact, my local LAN address is 10.0.0.x and the remote lan address
 (behind the VPN router) is in the 192.168.1.175 -to-192.168.1.195
 range. So no problem there. So listed: 192.168.1.1 is the VPN's local
 network gateway address. 192.168.1.175 thru 195 is the DHCP address
 range as set up in the Netgear mode-config for VPN clients
 connecting. 255.255.255.0 is the network mask used by VPN and client
 so that they match on both ends.
 
 The WAN address is NOT static unfortunately as Comcast refused the
 business owner. As a workaround, we're using dyndns.org.
 
 2) I will uninstall 2.1.5 in favor of the 2.1.6 beta and see if this
 helps. Is there any log file or any other source of information that
 I could post that would perhaps give greater visibilty into the issue?
 
Hi Mike, the next thing I would look at is the Policy defined in the
PN configuration.  If it is set to "Obtain Topology Automatically or
unnel All" and the NetGear is not providing the network details, you
ay run into the tunnel traffic to gateway problem fixed in 2.1.6.
opefully your testing with the 2.1.6 beta will eliminate this.
The next thing you might be running into is a NAT-traversal problem.
here could be some additional NATting going on.  Do you know if the
etGear is NAT-T capable (or has it enabled)?
If you want to provide some useful information, try providing a debug
og.  Open the Shrew Trace Utility.  Go File->Options and change the
Log output level" from none to informational or debug. Make note of
he IKE log file location, then click OK.  Use the restart button on the
KE, DNS and IPSEC service tabs.  Then connect the VPN, try some
raffic, then disconnect.  Stop the IKE service and upload the iked.log
ile.
Something to watch on the trace utility when you're connected are the
ecurity Policies and the Security Associations tabs. On the SP tab,
hen you're connected there should be at least two IPSEC policies (one
n each direction) and one rule that is not IPSEC that covers the VPN
ateway public IP.  There should be two associations on the SA tab
also one for each direction).
______________________________________________
pn-help mailing list
pn-help at lists.shrew.net
ttp://lists.shrew.net/mailman/listinfo/vpn-help

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100509/139d39d7/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iked.log
Type: application/octet-stream
Size: 35335 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100509/139d39d7/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: screenshot.PNG
Type: image/x-png
Size: 31564 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100509/139d39d7/attachment-0002.bin>

More information about the vpn-help mailing list