[vpn-help] failing with WLAN connection on Win7 x64 [Shrew 2.2.0]

Kevin VPN kvpn at live.com
Fri Dec 16 23:36:05 CST 2011 

On 12/16/2011 09:35 AM, Andrew Fischer wrote:
> Kevin,
>
> I did some more testing late yesterday. I also spoke with ACES AdTran
> support.
>
> The problem is more than likely one of my wireless routers. With the
> affected router I can connect with wired or wireless on two other
> laptops - one is XP and the other is win 7 x64 without the MS Virtual
> WiFi. The laptops that have the MS Virtual WiFi will only connect on
> that network with a wired LAN. Those SAME MS Virtual WiFi laptops
> will connect to the VPN on OTHER WIFI networks. They just won't
> connect on the network they were being tested on.
>
> I have ruled out the ISP, because I have connected with the same ISP.
> I would bet if I replaced the wireless router with a known compatible
> router that the issue would be resolved. This may take a couple of
> weeks to get that far, but I will let you know.
>
> Thanks,
>
> Andy
>
> -----Original Message----- From: Kevin VPN [mailto:kvpn at live.com]
> Sent: Thursday, December 15, 2011 9:39 PM To: Andrew Fischer Subject:
> Re: [vpn-help] failing with WLAN connection on Win7 x64 [Shrew
> 2.2.0]
>
> On 12/14/2011 10:55 PM, Andrew Fischer wrote:
>> Hello Kevin,
>>
>> AdTran NetVanta 3450 with the lastest O/S Sony Windows 7 x64 Home
>> prem (this system) several diff models of Dell X64 Win 7 Pro Client
>> ver 2.1.5 this time
>>
>> I have tried cient version 2.1.5, 2.1.7, 2.20 beta 1 and 2.
>> (restarted the laptops)
>>
>> I tried to renable and disable the MS WIFI (restarted the laptops)
>>
>> The vpn config works on and computer that does not have the MS
>> WIFI adapter and fails on all of the computers that have it
>>
>> The VPN will connect from the LAN adapter on all computers.
>> Windows XP, Windows 7 x64, win 7 32 bit
>>
>> removed antivirus.
>>
>> Here is the requested info.
>>
>
> Hi Andy,
>
> The symptoms in the iked.log look like the Virtual WiFi problem, in
> that Shrew never receives response packets.  Your ipconfig doesn't
> look unusual either.  You didn't include a route print output, but
> that's not a big deal.  I doubt your routing table is messed up since
> you say it works over the LAN adapter.
>
> Shrew clients 2.1.5 and 2.1.7 have a conflict with the Microsoft
> Virtual WiFi Miniport adapter.  The workaround for these clients is
> to disable the Virtual WiFi adapter.
>
> Shrew clients 2.2.0 beta have a fix for the conflict and you should
> be able to run Shrew side by side with the WiFi Miniport.  This has
> been correct for nearly a year (since the beta1 came out).  We've had
> two reports this week where they have not worked together.
>
> I'm not sure what has changed.  Maybe Microsoft patched something
> Tuesday and now the conflict is back?
>
> The other person who reported a problem managed to solve the problem
> by disabling the Virtual WiFi and by using the 2.2.0 client.  Maybe
> try that again?
>
>

Hi Andy,

I took the liberty to post this back to the list so that others could 
see the results of your thorough trials.

What router is the one that is failing? Vendor, etc?

I'm curious as to why that router would work with the devices without 
Virtual WiFi and would not for the ones that do.  That suggests to me 
that even when the Virtual WiFi adapter is disabled, something is 
different (structure or content) about the packets sent from those 
machines.  I'd love to find out what it is - to me that sounds like the 
slightly different packet is causing the AdTran to choke on it.

It may be that the problem is actually two-part: the presence of Virtual 
WiFi results in a different packet format or IPSec connection option (I 
don't want to say it's an OS bug as it may still be in spec) coupled 
with possibly a limited IPSec pass-through implementation on the router 
(it may only support the most common connections) that does not include 
the Virtual WiFi scenario.

If you know how to use Wireshark, I'd be willing to look at some packet 
traces you've taken using a machine without Virtual WiFi and another 
that has it installed to see if there's packet format differences. 
(Unfortunately I don't have a Win7 machine without Virtual WiFi.)  We 
could also use the Shrew trace utility to get decoded IPSec traces, but 
I don't know the spec at all.

Regardless, thanks very much for reporting back.  If you do find any 
more information, please post it.

And of course if we can help, please ask away.

More information about the vpn-help mailing list