[vpn-help] Help using NetGear FSV318v3
Russ Fling
rfling at estand.com
Thu Feb 3 18:01:03 CST 2011
I am having problems connecting to the NetGear FSV318v3.
NetGear FSV318v3 firmware 0_28 (latest)
Shrew client versions 2.1.7 and 2.2.0 beta 1
Client OS Windows 7 Home Premium 64 bit
(I've also tried Ubuntu and Mac clients, same issue)
NetGear LAN 192.168.8.0/24
NetGear WAN connected directly to internet at xxx.xxx.xxx.xxx (obscured
for now)
Windows client LAN 192.168.3.0/24
client has a DCHP address of 192.168.3.139
The Shrew FAQ's deal with the 338 not the 318 which has a different
interface for users. I am not using the XAuth feature at this time,
just Mutual PSK.
In Policy tab, Policy Generation Level is auto, 192.168.8.0 /
255.255.255.0 has been added to topology. Maintain Persistent Security
Associations is check (but also tried unchecked).
When connecting, the tunnel is enabled but security associations fail
10-20 seconds later.
iked.log contains the following lines when it fails.
ii : fragmented packet to 1514 bytes ( MTU 1500 bytes )
ii : fragmented packet to 70 bytes ( MTU 1500 bytes )
-> : resend 1 phase2 packet(s) [2/2] 192.168.3.139:500 ->
xxx.xxx.xxx.xxx:500
ii : resend limit exceeded for phase2 exchange
Different Phase 1 settings will cause it to fail sooner so I think these
and Authentication settings are OK. Phase 2 settings seem to have no
effect (but I think they are configured properly) and it appears that
the 318 is not responding to phase2 requests (or they are being blocked
somewhere).
Is is a packet fragmentation issue?
Firewall issue?
I saw on some blog that the 338 may need WAN ping enabled, this is
currently off.
Any suggestions?
Thanks in advance.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rfling.vcf
Type: text/x-vcard
Size: 382 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110203/0ebe5829/attachment-0001.vcf>
More information about the vpn-help
mailing list