[vpn-help] Netgear336 connection problems
Matthew Grooms
mgrooms at shrew.net
Tue Mar 1 17:57:36 CST 2011
On 2/8/2011 7:15 AM, Steve Harrold wrote:
> Hi,
> I've been following the "how to setup a Netgear VPN client" guide, but
> am struggling to connect to a netgear336GV2 VPN server. I'd really
> appreciate any tips anyone can give.
>
> I'm running the 2.17 linux version of the VPN access manager, and can
> establish a tunnel, but the IPsec SA configuration is failing. If I run
> the client daemon in foreground mode, the message I get is "K! :
> unhandled pfkey message type EXPIRE ( 8 )". I have been assuming this is
> a complaint about the PFS key, but don't understand why since I have
> disabled PFS in both the server and client.
>
...
> 2011 Feb 8 12:37:43 [FVS336GV2] [IKE] Failed to get IPsec SA
> configuration for: 0.0.0.192/0<->192.168.225.100/32 from
> steve_remote.com_
>
I'm not sure where 0.0.0.192/0 is coming from. Do you have that
configured under the client policy tab?
>
> I have had to disable the auto-configuration in the client because using
> the recommended "ike pull" method brings up an "invalid message type"
> response, but I don't think this is causing the problem as the correct
> IP address is being assigned. The client address is on a different
> subnet to the VPN server. It's the phase 2 negotiations which are failing.
>
Did you have a modecfg record configured? This is required for automatic
client configuration.
More information about the vpn-help
mailing list