[vpn-help] (no subject)

Kevin VPN kvpn at live.com
Thu Feb 2 21:09:54 CST 2012


On 02/02/2012 09:17 AM, Matthias Paust wrote:
> Problem:
>
> The VPN client is connected to my gateway (tunnel enabled) but no
> access to the remote network is possible. We are using FortiGate 80c
> (fw v4.0,build0511,120110 (MR3 Patch 4)) and ShrewSoft VPN Client
> 2.1.7 for Windows.
>
> The problems occurred after updating the firewall to the new version.
> With fw version v4.0,build0328,110718 (MR2 Patch 8) there was no
> problem.
>
> Attached debug logs.
>

Hi Matthias,

In general, everything looks good.  Phase1 & Phase2 negotiations, and
DHCP over IPSec configuration completes:

12/02/02 12:06:36 ii : phase1 sa established
12/02/02 12:06:36 ii : phase2 sa established
12/02/02 12:06:40 ii : reading DHCP reply options
12/02/02 12:06:40 ii : - message type = ack ( 192.168.123.53 )

 From the looks of the policies, the VPN clients get an IP in the 
192.168.0.0/16 private range and your internal network is in the 
10.0.0.0/8 range.  This means there is no overlap between the VPN 
clients and private hosts, which is good.

However, this is received about 1.5 minutes after the connection is 
established, then Shrew tears the connection down.

12/02/02 12:08:25 !! : message type is invalid ( 0 )

I would look at the Fortigate logs to see if it decided to kill the 
connection for some reason.




More information about the vpn-help mailing list