[vpn-help] Can't Ping Across Tunnel in Win7

[Matthew Grooms]

On 9/13/2010 5:17 PM, Matthew Grooms wrote:
> On 9/6/2010 7:11 PM, Matt Johnson wrote:
>> I have a netbook running Win7 Starter Edition and I'm trying to
>> establish an IPSec tunnel with my Linksys RV042. I've used all the
>> same settings from here:
>> http://www.shrew.net/support/wiki/HowtoLinksys
>>
>> Using v2.1.6 I could not establish a tunnel. The "Network" tab in the
>> Shrew client said 'Established - 0' and my router log only showed the
>> tunnel getting to phase 1 and then it would stall. I've upgraded to
>> v2.1.7 beta and now it appears I can create the tunnel (Shrew client
>> says 'Established - 1', router log shows tunnel successfully created,
>> and the tunnel and client show up in the router's active VPN list.
>> However, I cannot ping or access any addresses through the VPN.
>>
>> If I try to ping any addresses through the tunnel and use Wireshark
>> to monitor the tunnel interface, it shows standard arp "who has"
>> requests but the response is always the same. Also, after the arp
>> request there aren't any ICMP packets. Here's what's shown in my arp
>> cache: C:\>arp -a Interface: 192.168.x.1 --- 0x10 Internet Address
>> Physical Address Type 192.168.y.1 bb-bb-bb-bb-bb-00
>> dynamic 192.168.y.10 bb-bb-bb-bb-bb-00 dynamic
>> 192.168.y.100 bb-bb-bb-bb-bb-00 dynamic . .
>>
>> Is this behavior correct or is something not setup correctly?
>>
>

Hi Matt,

 From looking at the debug log output you provided, a phase2 SA is being 
established and ESP packets are being sent to your gateway. These are 
packets that have been tunneled/encrypted by the VPN Client. Do you see 
any other packets being generated on the virtual network interface, it 
could be DNS packets or something similar. I'm not sure why you can't 
see the ICMP traffic, but something is definitely trying to traverse the 
tunnel.

-Matthew