[vpn-help] Shrewsoft Client Issues

[Kevin VPN]

On 07/14/2012 09:06 PM, Liam wrote:
>
> I have followed and repeated your Netgear How To instructions to the
> letter (http://www.shrew.net/support/wiki/HowtoNetgear) to set up an
> IPSEC VPN and the initial connection works fine but when I connect to a
> network drive and start transferring files or use Windows remote desktop
> (RDP), those connections appear to work well initially but drop out
> every 60-80 seconds every time for around 20 seconds.
>
> The VPN remains up as I can continue pinging resources through the VPN
> the whole time and there are no VPN error messages that I can see. The
...
>
> Also, when Version 2.2.0 Beta is installed, it prompts users to update
> to version 2.1.7. This is not ideal given that the reason some users may


Hi Liam,

Interesting problem.  My first thought is that perhaps there's a Key 
Life Time limit or Data limit mismatch somewhere between the Netgear and 
Shrew. Those terms are the ones used in the Shrew Site Configuration, 
they may be different on the Netgear.

This mismatch would still allow the VPN to connect, but the side that 
has the shorter/smaller limit would expire it's Phase 1 or 2 Security 
Associations (wherever the mismatch is) and try to negotiate a new one, 
however the other side would not be expecting a re-negotiation and 
ignore the request.

If it's the Netgear with the shorter/smaller limits, that would explain 
why Shrew does not report any errors - it still thinks its SAs are valid.

Try using the VPN Trace Utility and look at the Security Association 
tab.  If you see MATURE SAs, but only the outbound session's Transfered 
count is increasing, that would be suggestive that the Netgear isn't 
using the SA any longer.

Instructions for using the Trace Utility and generating a bug report 
(which would be my next request) are found here:
http://www.shrew.net/support/wiki/BugReportVpnWindows