[vpn-help] What is the different between windows and Mac version for shrew VPN?

Jinyan Huang jhuang.tongji at gmail.com
Fri Jan 13 21:37:45 CST 2012


Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer to
obtain some packet. But no hints for me.

On Fri, Jan 13, 2012 at 10:31 PM, Roper, Andrew <aroper at bcsvoicedata.com> wrote:
> Jinyan,
>
> I think you are going to need to obtain some packet captures to see what is happen with the packets that leave the Windows and Mac clients. This should help to determine the difference in the datagrams that may help you determine what the root cause is and then make the necessary adjustments. I'm suspecting that it's an MTU issue and this would be apparent in the packet captures.
>
> -Andrew
>
> -----Original Message-----
> From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan Huang
> Sent: Thursday, January 12, 2012 10:38 PM
> To: Kevin VPN
> Cc: vpn-help at lists.shrew.net
> Subject: Re: [vpn-help] What is the different between windows and Mac version for shrew VPN?
>
> Dear Kevin,
>
> Thank you for your suggestions. I have try them, but it still not works. The problem is the same.
>
> I am sure it is because the network problem. For the Mac version, in France, it is OK. But in China, it does not. For windows, both are OK.
> I do not know how to fix this problem.
>
> When I install a windows virtual box on Mac, it is OK on that windows.
>
> Thank you.
>
> On Thu, Jan 12, 2012 at 10:20 AM, Kevin VPN <kvpn at live.com> wrote:
>> On 01/05/2012 10:41 PM, Jinyan Huang wrote:
>>>
>>>
>>> On Fri, Jan 6, 2012 at 10:52 AM, Kevin VPN<kvpn at live.com>  wrote:
>>>>
>>>> On 01/02/2012 05:30 AM, Jinyan Huang wrote:
>>>>>
>>>>>
>>>>> Dear Kevin,
>>>>>
>>>>> I have strange problem for shrew VPN. When I am in France, the vpn
>>>>> on Mac and windows worked very well. But when I return to China,
>>>>> only VPN on window is working. The VPN for Mac does not work. I got
>>>>> this error message. Shrew vpn mac version is Ver 2.2.0.
>>>>>
>>>>> negotiation timout occurred
>>>>> tunnel disabled
>>>>> detached from key daemon
>>>>>
>>>>> I have try these twice. So I am sure for this. In China, only
>>>>> windows version is fine. In France, both version is OK.
>>>>>
>>>>> Maybe China blocked some port? What is the different between
>>>>> windows and Mac version for shrew VPN?
>>>>>
>>>>
>>>> Hi Jinyan,
>>>>
>>>> I'm not sure what differences might come into play.  Obviously they
>>>> are different in some ways being on different OSes using different
>>>> dependency components, but I would think that the actual packets
>>>> going back and forth (which is what a network filter would see)
>>>> would be pretty similar.
>>>>
>>>> Can you provide us with iked.log trace outputs from the Mac and
>>>> Windows machines so we can compare?  Maybe one is trying to do NAT-T
>>>> and the other isn't?
>>>>
>>>> What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
>>>
>>>
>>>  Dear Kevin,
>>>
>>> The attachments are windows and Mac iked log files.
>>>
>>> With windows, it works. With Mac, it does not work.
>>>
>>> For windows version, it sometimes does not work. But if I switched
>>> "Auto Configuration" between "ike config pull" and "ike config push",
>>> it will fix this problem.
>>>
>>> Shrew version:
>>>     windows:2.1.7
>>>     mac:2.2.0
>>>
>>
>> Hi Jinyan,
>>
>> First, you shouldn't have to switch between push and pull configuration.
>>  Pull is what the gateway is configured for, so you should be able to
>> leave it always on pull.
>>
>> From the log files, I can't really see a difference between Windows
>> and Mac, other than of course Windows succeeds and Mac does not.  The
>> Mac client never gets any response of any kind from the gateway,
>> although the destination port (500) should be open to the gateway because Windows works.
>>
>> Something that might have an effect is maximum packet size (MTU).
>> Maybe Windows is splitting packets into smaller pieces than Mac is and
>> that's why they're getting through.  Try playing with the MTU, IKE
>> Fragmentation and the Maximum packet size in the Shrew config to see
>> if that makes a difference.
>>
>> Have you checked to ensure the Mac box can ping or connect to the gateway?
>>  Can it otherwise connect to the Internet?
>>
>> Another thing would be to assign the same IP to the Mac box as Windows uses.
>>  In your logs, the Mac was using IP 192.168.1.101 and Windows was
>> using 192.168.1.103.  You could try giving the Mac IP 103 (after
>> disconnecting the Windows machine of course).
>>
>> _______________________________________________
>> vpn-help mailing list
>> vpn-help at lists.shrew.net
>> http://lists.shrew.net/mailman/listinfo/vpn-help
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help



More information about the vpn-help mailing list