[vpn-help] Mobile Broadband Connection

kevin vpn klmlk at hotmail.com
Tue Mar 8 22:09:40 CST 2011 

On Tue, 08 Mar 2011 11:12:38 -0500
Judy Leach <jleach at texadasoftware.com> wrote:

> Hi Kevin,
> 
> I installed the beta 2.2.0 and was still unable to connect; received
> the negotiation time out message. Attached is the iked.log file. I
> have edited out the IP addresses for my broadband connection and the
> VPN server I am trying to connect to. I was able to have a look at
> the logs on the server and it seems that the connection attempt does
> not reach the server at all.
> 

On Tue, 01 Mar 2011 10:41:33 -0500
Judy Leach <jleach at texadasoftware.com> wrote:

> Hi all,
> 
> I am running Windows 7 64-bit and have installed Shrew Soft 2.1.7. I
> can connect fine when wired into my router. When I connect to the
> internet using my broadband internet stick (on a Canadian provider's
> network) I get a "negotiation time out" and Shrew does not connect.
> The VPN server is a linux server running Open Swan and there is no
> evidence in the logs that the connection is attempted. The Shrew Soft
> Lightweight Filter does show in the properties of the broadband
> adapter. I have checked with the mobile internet provider, and they
> claim not to be blocking vpn connections. This seems to be true as I
> can connect to a different vpn server using the Windows VPN client.

Hi Judy, 

The iked.log confirms that there is no communication between the VPN
gateway and Shrew itself.

I want to go back to your original message.  In it, you mention the
following:

1. Shrew works to connect to the Openswan VPN gateway when wired into
your router. 
2. Shrew does not work to the Openswan VPN gateway when
using the broadband stick. 
3. Built-in Windows VPN client works to a different VPN server than
the Openswan VPN gateway using the broadband stick.

Point 1 indicates that you have a working Shrew configuration.  That's
a good start.  Point 3 tells us that the provider's network does not
block Windows-based VPNs, but built-in Windows-based VPNs are not the
same pure IPSec-based VPN that Shrew uses.  Windows VPNs are usually
PPTP- or L2TP-based.  The key point is that they use different
protocols and ports.  

Point 2 suggests that the provider may be blocking pure IPSec VPNs.
You can try specifically asking if pure IPSec VPNs that use IP protocol
50, udp port 500 or udp port 4500 are supported on the broadband
sticks.

Another more technical way to confirm that it is the provider that is
blocking the traffic is to use a Wireshark capture.  Install Wireshark
on your laptop, then start a capture of traffic on the broadband
internet adapter.  When you try to establish a connection using Shrew,
you should see connection attempts on port UDP 500 between your laptop
and the Openswan gateway IP address.  If the only packets you see have
a source IP of your laptop and there's none with a source of the
gateway, that suggests that the provider is dropping traffic.

If you're unsure of what you see, you can mail the capture directly to
my email and I'll look at it so that you don't have to post it
publically.

More information about the vpn-help mailing list