[vpn-help] Netgear FVS318

Alexis La Goutte alexis.lagoutte at gmail.com
Wed Nov 17 11:31:42 CST 2010 

Hi Kevin,

The identifier Information (fvs_remote.com and fvs_local.com) are actual
values to be used, not need to resolve this address.

Check your phase1 parameter (ISAKMP)


Regards,

On Wed, Nov 17, 2010 at 6:25 PM, <kpickard at simplyc.com> wrote:

>     Thank you Alexis. I went through the VPN Wizard again and followed the
> steps at the link you provided. I then
> rebooted my router to make sure it was starting with the proper
> configuration. Now it appears that my router is no
> longer flagging the ISAKMP packets as suspicious and tossing them (which is
> good). In fact it looks like my router
> is actually trying to process the packets now. But it is having trouble
> with what it is seeing, based on its own
> internal logs (below)...and a response is not being sent back to the Shrew
> client.
>
>     My question now is, according to the link you provided, I was to set
> the Identifier information fields to
> fvs_remote.com and fvs_local.com. Are these just examples or are they the
> actual values to be used? Should these
> not resolve to real addresses? As can be seen below the FQDN of
> fvs_remote.com is being sent by the Shrew client in
> the ISAKMP packet. The Netgear then complains about not having a
> connection. Is this because this address does not
> resolve?
>
>     By the way, the Shrew client is on a network behind a router so is NAT.
>
>     Anyway, below is the log from my Netgear. On the Shrew side I only see
> the ISAKMP packets being sent out every
> 5 seconds without any response coming back.
>
> Wed, 11/17/2010 10:44:22 - TekSavvy IKE:Trying Dynamic IP Searching
> Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Receive Packet address:0x1396850
> from 216.254.149.98
> Wed, 11/17/2010 10:44:28 - TekSavvy IKE:Peer Initialized IKE Aggressive
> Mode
> Wed, 11/17/2010 10:44:28 - TekSavvy IKE:RX << AM_I1 : 216.254.149.98
> Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:New State index:6, sno:7
> Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Agg. Decoded Peer's ID Type is
> ID_FQDN
> Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Value=66 76 73 5f 72 65 6d 6f 74
> 65 2e 63 6f 6d
> Wed, 11/17/2010 10:44:28 - TekSavvy IKE:agg_inI1_outR1() connection not
> found 206.248.160.8[500]-216.254.149.98[500]
>
>     Thanks for any help you can provide.
>
> -----------------------------------~~~~~~~-----------------------------
> Doing what you love is Freedom.  | o   o | Kevin Pickard
> Loving what you do is Happiness. |   ^   |  kpickard at simplyc.com
> ------------------------------^^^-----------^^^------------------------
>
>
> On Mon 10/11/15 10:31 AM , Alexis La Goutte alexis.lagoutte at gmail.comsent:
> > Hi Kevin,
> >
> > There is a VPN wizard in your FVS318v1 ?
> >
> > Because use VPN Wizard and information in this blog
> >
> http://blog.igut.fr/post/2009/02/07/Client-VPN-IPSec-Shrew-avec-Routeur-VPN
> > -NETGEAR[1]
> > And it should work !
> >
> > Regards,
> >
> > On Mon, Nov 15, 2010 at 2:05 PM, Kevin Pickard  wrote:
> >        Thanks for the response Alexis. So have you managed to
> > get a FVS318v1 to work? Do you know what configuration I should use?
> >        As I said in my initial post, my attempts at configuring
> > it have failed (see below).
> > At 03:59 AM 2010-11-15, Alexis La Goutte wrote:
> > >Hi Kevin,
> > >
> > >Yes, it work but you should not use the Xauth & ModeConfig (no
> > available in FVS318v1)
> > >
> > >Regards,
> > >
> > >
> > >On Sat, Nov 13, 2010 at 11:19 PM, Kevin Pickard  wrote:
> > >       I take it no-one else has any experience with this?
> > Andreas was the only one to respond but his FVS318 appears to be a
> > newer version and is completely different from mine. I have the older
> > v1 hardware (FVS318v1). Anyone?
> > >At 16:59:21 2010-10-26,  wrote:
> > >>Message: 2
> > >>Date: Tue, 26 Oct 2010 16:59:21 +0200
> > >>From:
> > >>Subject: Re: [vpn-help] Netgear FVS318
> > >>To:
> > >>Message-ID:
> > >>Content-Type: text/plain; charset="iso-8859-1"; Format="flowed";
> > >>        DelSp="Yes"
> > >>
> > >>Zitat von :
> > >>
> > >>>      Hello. Does anyone know if the Shrew client will work
> > with the
> > >>> Netgear FVS318 router?
> > >>>
> > >>>      I have scanned the archives and I have found references
> > to the
> > >>> FVG318 but nothing specific about the FVS318. I have seen
> > references
> > >>> to needing Mode and Xauth enabled to get the FVS318 to work but
> > >>> neither of those options exist on the FVS318 (that I can find).
> > So I
> > >>> think those people are confusing the FVS318 with another model.
> > >>>
> > >>>      Has anyone been able to get the Netgear FVS318 (V1
> > hardware
> > >>> running V2.4 firmware) to work with the Shrew client?
> > >>>
> > >>>      My initial attempts at trying various configurations
> > have only
> > >>> resulted in security warnings on my FVS318 indicating that UDP
> > >>> packets (from the Shrew Client) are being tossed because they
> > >>> contain 'Suspicious UDP Data'. I have configured to use
> > PSK. On the
> > >>> client
> > >>> side, via Wireshark, I only see the ISAKMP packet being sent out
> > >>> (this is the one being tossed by the FVS318) at 5 second
> > intervals.
> > >>> The
> > >>> Shrew client itself shows "bringing up tunnel ...", then
> > eventually
> > >>> followed by "negotiation timout [sic] occurred" after the ISAKMP
> > >>> packet has been sent 4 times.
> > >>
> > >>Only some guess:
> > >>If the netgear has some form of firewall you maybe need to allow
> > >>inbound UDP port 500 and if using UDP encapsulation port 4500 as
> > well
> > >>to get the tunnel up.
> > >>
> > >>Regards
> > >>
> > >>Andreas
> > >>
> > >>
> > >>-------------- next part --------------
> > >>A non-text attachment was scrubbed...
> > >>Name: smime.p7s
> > >>Type: application/pkcs7-signature
> > >>Size: 6046 bytes
> > >>Desc: S/MIME Cryptographic Signature
> > >>URL:
> > >>
> > >>------------------------------
> > >>
> > >>_______________________________________________
> > >>vpn-help mailing list
> > >>
> > >>http://lists.shrew.net/mailman/listinfo/vpn-help [19]
> > >>
> > >>
> > >>End of vpn-help Digest, Vol 49, Issue 25
> > >>****************************************
> >
> > >-----------------------------------~~~~~~~-----------------------------
> > > Doing what you love is Freedom.  | o   o | Kevin Pickard
> > > Loving what you do is Happiness. |   ^   |
> >
> > >------------------------------^^^-----------^^^------------------------
> > >_______________________________________________
> > >vpn-help mailing list
> > >
> > >http://lists.shrew.net/mailman/listinfo/vpn-help [24]
> >
> > -----------------------------------~~~~~~~-----------------------------
> >  Doing what you love is Freedom.  | o   o | Kevin Pickard
> >  Loving what you do is Happiness. |   ^   |
> >
> > ------------------------------^^^-----------^^^------------------------
> >
> >
> > Links:
> > ------
> > [1]
> >
> http://blog.igut.fr/post/2009/02/07/Client-VPN-IPSec-Shrew-avec-Routeur-VPN
> > -NETGEAR[15]
> >
> http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/6b0c93e4/att
> > achment-0001.bin[16]
> >
> http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/6b0c93e4/att
> > achment-0001.bin[19] http://lists.shrew.net/mailman/listinfo/vpn-help
> > [24] http://lists.shrew.net/mailman/listinfo/vpn-help
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20101117/747733f7/attachment-0002.html>

More information about the vpn-help mailing list