[vpn-help] What is the different between windows and Mac version for shrew VPN?

Thu Jan 12 21:37:34 CST 2012

Dear Kevin,

Thank you for your suggestions. I have try them, but it still not
works. The problem is the same.

I am sure it is because the network problem. For the Mac version, in
France, it is OK. But in China, it does not. For windows, both are OK.
I do not know how to fix this problem.

When I install a windows virtual box on Mac, it is OK on that windows.

Thank you.

On Thu, Jan 12, 2012 at 10:20 AM, Kevin VPN <kvpn at live.com> wrote:
> On 01/05/2012 10:41 PM, Jinyan Huang wrote:
>>
>>
>> On Fri, Jan 6, 2012 at 10:52 AM, Kevin VPN<kvpn at live.com>  wrote:
>>>
>>> On 01/02/2012 05:30 AM, Jinyan Huang wrote:
>>>>
>>>>
>>>> Dear Kevin,
>>>>
>>>> I have strange problem for shrew VPN. When I am in France, the vpn on
>>>> Mac and windows worked very well. But when I return to China, only VPN
>>>> on window is working. The VPN for Mac does not work. I got this error
>>>> message. Shrew vpn mac version is Ver 2.2.0.
>>>>
>>>> negotiation timout occurred
>>>> tunnel disabled
>>>> detached from key daemon
>>>>
>>>> I have try these twice. So I am sure for this. In China, only windows
>>>> version is fine. In France, both version is OK.
>>>>
>>>> Maybe China blocked some port? What is the different between windows
>>>> and Mac version for shrew VPN?
>>>>
>>>
>>> Hi Jinyan,
>>>
>>> I'm not sure what differences might come into play.  Obviously they are
>>> different in some ways being on different OSes using different dependency
>>> components, but I would think that the actual packets going back and
>>> forth
>>> (which is what a network filter would see) would be pretty similar.
>>>
>>> Can you provide us with iked.log trace outputs from the Mac and Windows
>>> machines so we can compare?  Maybe one is trying to do NAT-T and the
>>> other
>>> isn't?
>>>
>>> What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
>>
>>
>>  Dear Kevin,
>>
>> The attachments are windows and Mac iked log files.
>>
>> With windows, it works. With Mac, it does not work.
>>
>> For windows version, it sometimes does not work. But if I switched
>> "Auto Configuration" between "ike config pull" and "ike config push",
>> it will fix this problem.
>>
>> Shrew version:
>>     windows:2.1.7
>>     mac:2.2.0
>>
>
> Hi Jinyan,
>
> First, you shouldn't have to switch between push and pull configuration.
>  Pull is what the gateway is configured for, so you should be able to leave
> it always on pull.
>
> From the log files, I can't really see a difference between Windows and Mac,
> other than of course Windows succeeds and Mac does not.  The Mac client
> never gets any response of any kind from the gateway, although the
> destination port (500) should be open to the gateway because Windows works.
>
> Something that might have an effect is maximum packet size (MTU).  Maybe
> Windows is splitting packets into smaller pieces than Mac is and that's why
> they're getting through.  Try playing with the MTU, IKE Fragmentation and
> the Maximum packet size in the Shrew config to see if that makes a
> difference.
>
> Have you checked to ensure the Mac box can ping or connect to the gateway?
>  Can it otherwise connect to the Internet?
>
> Another thing would be to assign the same IP to the Mac box as Windows uses.
>  In your logs, the Mac was using IP 192.168.1.101 and Windows was using
> 192.168.1.103.  You could try giving the Mac IP 103 (after disconnecting the
> Windows machine of course).
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help