[vpn-help] Netgear FVS124G & Shrew
kvpn at live.com
Thu Apr 12 20:37:30 CDT 2012
On 04/12/2012 12:38 AM, Paul Saxelby wrote:
> The connection closes down almost straight away, and when I look in the
> debug log, in phase 1, there's a message saying Got vpn_local.com,
> Expected vpn_remote.com.
> In the router I have local fqdn as vpn_local.com, and remote fqdn as
> vpn_remote.com. In the Shrew client I have local fqdn as vpn_remote.com
> and remote as vpn_local.com.
> As far as I can tell from the examples I have seen this is the correct
> What's really confusing me is that if I swap the fqdns around in the
> client I get the opposite message, i.e 'Got vpn_remote.com, Expected
> Why does swapping them round result in the opposite message instead of
> letting me through to the next config error (there're bound to be more)?
> Unfortunately I've not been able to find a 'walkthrough' on connecting
> Shrew to an FVS124g anywhere.
For a walkthrough, I assume you've looked at the HowTo on thew Shrew.net
support page. You must have, since the link to the debug instructions
is on that page too.
I'm just guessing here, but I'm going to suggest that perhaps you've got
some other negotiation option mismatch and that the error you're getting
isn't actually the problem, it's just the message that pops out. Kind
of like Windows' error messages that don't actually match the problem...
Or simply the VPN gateway doesn't handle identifiers properly.
Maybe the gateway is expecting a User-FQDN, which is structured like an
email address user at domain.com (as opposed to a FQDN host.domain.com)?
Another option is to tell Shrew to use an IP Address (optionally 'Use a
discovered remote host address') for the Remote Identity if the remote
insists on parroting the client identifier back to Shrew.
More information about the vpn-help