[vpn-help] Netgear FVS318

kpickard at simplyc.com kpickard at simplyc.com
Wed Nov 17 11:25:54 CST 2010 

     Thank you Alexis. I went through the VPN Wizard again and followed the steps at the link you provided. I then 
rebooted my router to make sure it was starting with the proper configuration. Now it appears that my router is no 
longer flagging the ISAKMP packets as suspicious and tossing them (which is good). In fact it looks like my router 
is actually trying to process the packets now. But it is having trouble with what it is seeing, based on its own 
internal logs (below)...and a response is not being sent back to the Shrew client.

     My question now is, according to the link you provided, I was to set the Identifier information fields to 
fvs_remote.com and fvs_local.com. Are these just examples or are they the actual values to be used? Should these 
not resolve to real addresses? As can be seen below the FQDN of fvs_remote.com is being sent by the Shrew client in 
the ISAKMP packet. The Netgear then complains about not having a connection. Is this because this address does not 
resolve?

     By the way, the Shrew client is on a network behind a router so is NAT.

     Anyway, below is the log from my Netgear. On the Shrew side I only see the ISAKMP packets being sent out every 
5 seconds without any response coming back.

Wed, 11/17/2010 10:44:22 - TekSavvy IKE:Trying Dynamic IP Searching
Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Receive Packet address:0x1396850 from 216.254.149.98
Wed, 11/17/2010 10:44:28 - TekSavvy IKE:Peer Initialized IKE Aggressive Mode
Wed, 11/17/2010 10:44:28 - TekSavvy IKE:RX << AM_I1 : 216.254.149.98
Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:New State index:6, sno:7
Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Agg. Decoded Peer's ID Type is ID_FQDN
Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Value=66 76 73 5f 72 65 6d 6f 74 65 2e 63 6f 6d 
Wed, 11/17/2010 10:44:28 - TekSavvy IKE:agg_inI1_outR1() connection not found 206.248.160.8[500]-216.254.149.98[500]

     Thanks for any help you can provide.

-----------------------------------~~~~~~~-----------------------------
Doing what you love is Freedom.  | o   o | Kevin Pickard
Loving what you do is Happiness. |   ^   |  kpickard at simplyc.com
------------------------------^^^-----------^^^------------------------


On Mon 10/11/15 10:31 AM , Alexis La Goutte alexis.lagoutte at gmail.com sent:
> Hi Kevin,
> 
> There is a VPN wizard in your FVS318v1 ?
> 
> Because use VPN Wizard and information in this blog 
> http://blog.igut.fr/post/2009/02/07/Client-VPN-IPSec-Shrew-avec-Routeur-VPN
> -NETGEAR[1]
> And it should work !
> 
> Regards,
> 
> On Mon, Nov 15, 2010 at 2:05 PM, Kevin Pickard  wrote:
>        Thanks for the response Alexis. So have you managed to
> get a FVS318v1 to work? Do you know what configuration I should use?
>        As I said in my initial post, my attempts at configuring
> it have failed (see below).
> At 03:59 AM 2010-11-15, Alexis La Goutte wrote:
> >Hi Kevin,
> >
> >Yes, it work but you should not use the Xauth & ModeConfig (no
> available in FVS318v1)
> >
> >Regards,
> >
> >
> >On Sat, Nov 13, 2010 at 11:19 PM, Kevin Pickard  wrote:
> >       I take it no-one else has any experience with this?
> Andreas was the only one to respond but his FVS318 appears to be a
> newer version and is completely different from mine. I have the older
> v1 hardware (FVS318v1). Anyone?
> >At 16:59:21 2010-10-26,  wrote:
> >>Message: 2
> >>Date: Tue, 26 Oct 2010 16:59:21 +0200
> >>From: 
> >>Subject: Re: [vpn-help] Netgear FVS318
> >>To: 
> >>Message-ID: 
> >>Content-Type: text/plain; charset="iso-8859-1"; Format="flowed";
> >>        DelSp="Yes"
> >>
> >>Zitat von :
> >>
> >>>      Hello. Does anyone know if the Shrew client will work
> with the
> >>> Netgear FVS318 router?
> >>>
> >>>      I have scanned the archives and I have found references
> to the
> >>> FVG318 but nothing specific about the FVS318. I have seen
> references
> >>> to needing Mode and Xauth enabled to get the FVS318 to work but
> >>> neither of those options exist on the FVS318 (that I can find).
> So I
> >>> think those people are confusing the FVS318 with another model.
> >>>
> >>>      Has anyone been able to get the Netgear FVS318 (V1
> hardware
> >>> running V2.4 firmware) to work with the Shrew client?
> >>>
> >>>      My initial attempts at trying various configurations
> have only
> >>> resulted in security warnings on my FVS318 indicating that UDP
> >>> packets (from the Shrew Client) are being tossed because they
> >>> contain 'Suspicious UDP Data'. I have configured to use
> PSK. On the
> >>> client
> >>> side, via Wireshark, I only see the ISAKMP packet being sent out
> >>> (this is the one being tossed by the FVS318) at 5 second
> intervals.
> >>> The
> >>> Shrew client itself shows "bringing up tunnel ...", then
> eventually
> >>> followed by "negotiation timout [sic] occurred" after the ISAKMP
> >>> packet has been sent 4 times.
> >>
> >>Only some guess:
> >>If the netgear has some form of firewall you maybe need to allow
> >>inbound UDP port 500 and if using UDP encapsulation port 4500 as
> well
> >>to get the tunnel up.
> >>
> >>Regards
> >>
> >>Andreas
> >>
> >>
> >>-------------- next part --------------
> >>A non-text attachment was scrubbed...
> >>Name: smime.p7s
> >>Type: application/pkcs7-signature
> >>Size: 6046 bytes
> >>Desc: S/MIME Cryptographic Signature
> >>URL: 
> >>
> >>------------------------------
> >>
> >>_______________________________________________
> >>vpn-help mailing list
> >>
> >>http://lists.shrew.net/mailman/listinfo/vpn-help [19]
> >>
> >>
> >>End of vpn-help Digest, Vol 49, Issue 25
> >>****************************************
> 
> >-----------------------------------~~~~~~~-----------------------------
> > Doing what you love is Freedom.  | o   o | Kevin Pickard
> > Loving what you do is Happiness. |   ^   | 
> 
> >------------------------------^^^-----------^^^------------------------
> >_______________________________________________
> >vpn-help mailing list
> >
> >http://lists.shrew.net/mailman/listinfo/vpn-help [24]
> 
> -----------------------------------~~~~~~~-----------------------------
>  Doing what you love is Freedom.  | o   o | Kevin Pickard
>  Loving what you do is Happiness. |   ^   | 
> 
> ------------------------------^^^-----------^^^------------------------
> 
> 
> Links:
> ------
> [1]
> http://blog.igut.fr/post/2009/02/07/Client-VPN-IPSec-Shrew-avec-Routeur-VPN
> -NETGEAR[15]
> http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/6b0c93e4/att
> achment-0001.bin[16]
> http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/6b0c93e4/att
> achment-0001.bin[19] http://lists.shrew.net/mailman/listinfo/vpn-help
> [24] http://lists.shrew.net/mailman/listinfo/vpn-help
> 
>

More information about the vpn-help mailing list