[vpn-help] vpn client troubleshooting

kevin vpn kvpn at live.com
Wed Jun 29 20:49:29 CDT 2011


On Wed, 29 Jun 2011 13:58:47 -0500
"Robert Trevino" <rtrevino at swkey.org> wrote:

> To Whom It May Concern,
> 
> I'm having difficulty connecting my Shrew Soft VPN Client with my AT&T
> Novatel wireless mobile broadband card. It says the tunnel has been
> established but I still can't connect to my servers. The connection
> does establish when I'm using a Sprint usb modem or LAN connection
> just fine; it's just my internal broadband card that I'm not able to
> connect. Included is my client and gateway information also with a
> full debug report.  
> 
> Client and Gateway Information
> VPN Client Version 2.1.7
> Windows 7 Professional
> Gateway : Watchguard Firebox X5500e
> Gateway OS version : XTM V11.3.4
> 
>  
> 11/06/29 12:54:54 ii : received config pull response
> 11/06/29 12:54:54 ii : - IP4 Address = 10.1.1.245
> 11/06/29 12:54:54 ii : - IP4 DNS Server = 10.1.1.95
> 11/06/29 12:54:54 ii : - IP4 DNS Server = 10.1.1.96
> 11/06/29 12:54:54 !! : invalid private netmask, defaulting to class c
> 
...
> 
> 11/06/29 12:54:55 ii : generating IPSEC security policies at UNIQUE
> level
> 11/06/29 12:54:55 ii : creating NONE INBOUND policy ANY:71.42.191.34:*
> -> ANY:10.70.226.14:*
> 11/06/29 12:54:55 ii : creating NONE OUTBOUND policy
> ANY:10.70.226.14:* -> ANY:71.42.191.34:*
> 11/06/29 12:55:00 !! : failed to create NONE policy route for
> 71.42.191.34/32
> 11/06/29 12:55:00 ii : creating NONE INBOUND policy
> ANY:32.176.168.33:* -> ANY:10.1.1.245:*
> 11/06/29 12:55:00 ii : creating NONE OUTBOUND policy ANY:10.1.1.245:*
> -> ANY:32.176.168.33:*
> 11/06/29 12:55:05 !! : failed to create NONE policy route for
> 32.176.168.33/32
> 
...
> 

Hi Robert,

I'm seeing some policy creation failures and I'm also seeing a bunch of
10-dot (ie 10.x.x.x) IPs in use, so I'm wondering if there's some kind
of an overlap problem?  There's also a netmask error on the assigned IP
that might suggest the same.

I'm also noticing on the Policy tab of the Site configuration that
you've set the Policy Generation Level to 'unique', you could try
playing with that.  I've only ever used it on auto.



More information about the vpn-help mailing list