[vpn-help] Netgear FVS124G & Shrew

Kevin VPN kvpn at live.com
Thu Apr 12 20:37:30 CDT 2012

On 04/12/2012 12:38 AM, Paul Saxelby wrote:
> The connection closes down almost straight away, and when I look in the
> debug log, in phase 1, there's a message saying Got vpn_local.com,
> Expected vpn_remote.com.
> In the router I have local fqdn as vpn_local.com, and remote fqdn as
> vpn_remote.com. In the Shrew client I have local fqdn as vpn_remote.com
> and remote as vpn_local.com.
> As far as I can tell from the examples I have seen this is the correct
> setup.
> What's really confusing me is that if I swap the fqdns around in the
> client I get the opposite message, i.e 'Got vpn_remote.com, Expected
> vpn_local.com'.
> ???
> Why does swapping them round result in the opposite message instead of
> letting me through to the next config error (there're bound to be more)?
> Unfortunately I've not been able to find a 'walkthrough' on connecting
> Shrew to an FVS124g anywhere.

Hi Paul,

For a walkthrough, I assume you've looked at the HowTo on thew Shrew.net 
support page.  You must have, since the link to the debug instructions 
is on that page too.

I'm just guessing here, but I'm going to suggest that perhaps you've got 
some other negotiation option mismatch and that the error you're getting 
isn't actually the problem, it's just the message that pops out.  Kind 
of like Windows' error messages that don't actually match the problem... 
  Or simply the VPN gateway doesn't handle identifiers properly.

Maybe the gateway is expecting a User-FQDN, which is structured like an 
email address user at domain.com (as opposed to a FQDN host.domain.com)?

Another option is to tell Shrew to use an IP Address (optionally 'Use a 
discovered remote host address') for the Remote Identity if the remote 
insists on parroting the client identifier back to Shrew.

More information about the vpn-help mailing list