[vpn-help] Windows negotiation timout, works in VM on same PC though

Kevin VPN kvpn at live.com
Mon Sep 26 20:54:24 CDT 2011


On 09/26/2011 01:52 PM, shrew.10.k3npiduse3ku at spamgourmet.com wrote:
>>> I'm running Shrew on Windows 2003 with the VPN server running on a
>>> FritzBox 7230. Problem is that I always get the error "negotiation
>>> timout
>>> occurred" when trying to connect. However with the same configuration
>>> I'm
>>> able to connect just fine from a Win XP VM running on the same PC.
>>>
>>
>> Hi Lars,
>>
>> WinServer2003 is not listed as a supported OS for Shrew (only Windows
>> 2000/XP/Vista/Win7) in the documentation - so it may not be supposed to
>> work at all: http://www.shrew.net/software
>
> I had the opportunity to test a 2003 VM by now (had to find the install
> disk first) and it's working there as well. So while not officially
> supported it works.
>
>> Sometimes Shrew can be affected by other VPNs installed on a machine.
>> Do you have any other VPN clients installed on the WinServer2003 OS?
>> Have you maybe got WinServer setup to terminate IPSec/L2TP VPNs from
>> clients?
>
> I had other VPN clients but uninstalled them. Can't spot a driver or stuff
> that's left over from any of them, even checked registry.
>
>> If you can, check the log output on the VPN gateway to see if the
>> request from the WinSvr2003 machine is even reaching the gateway. Post
>> any relevant info from there to see if that helps us in any way.
>
> Sadly Fritzbox doesn't provide that useful logging. There's nothing at all
> in there for the unsuccesful connections, for the successful ones there's
> "connected" and "disconnected: timeout".
>

Hi Lars,

I don't really have any expertize here, but obviously your VM test shows 
that it is possible to get it to work.  Figuring out what is different 
between the Win2003 host and the VM is key.

Out of curiosity, what kind of networking did you setup on the Win2003 
VM?  Bridged or NAT?  If bridged, I would be curious to see if it still 
works if you change it to NAT.

One theory I have is that there is something on the Win2003 host that is 
intercepting the VPN packets coming back before the Shrew process can 
get to them.  Is it possible for you to take a Wireshark packet capture 
from the network somewhere between the Win2003 host and the Fritzbox?  A 
packet capture could tell us if 1) the packets are being sent to the 
Fritzbox and 2) if the Fritzbox sends anything back.



More information about the vpn-help mailing list