[vpn-help] Shrewsoft Client Issues
Kevin VPN
kvpn at live.com
Wed Jul 18 21:23:53 CDT 2012
On 07/14/2012 09:06 PM, Liam wrote:
>
> I have followed and repeated your Netgear How To instructions to the
> letter (http://www.shrew.net/support/wiki/HowtoNetgear) to set up an
> IPSEC VPN and the initial connection works fine but when I connect to a
> network drive and start transferring files or use Windows remote desktop
> (RDP), those connections appear to work well initially but drop out
> every 60-80 seconds every time for around 20 seconds.
>
> The VPN remains up as I can continue pinging resources through the VPN
> the whole time and there are no VPN error messages that I can see. The
...
>
> Also, when Version 2.2.0 Beta is installed, it prompts users to update
> to version 2.1.7. This is not ideal given that the reason some users may
Hi Liam,
Interesting problem. My first thought is that perhaps there's a Key
Life Time limit or Data limit mismatch somewhere between the Netgear and
Shrew. Those terms are the ones used in the Shrew Site Configuration,
they may be different on the Netgear.
This mismatch would still allow the VPN to connect, but the side that
has the shorter/smaller limit would expire it's Phase 1 or 2 Security
Associations (wherever the mismatch is) and try to negotiate a new one,
however the other side would not be expecting a re-negotiation and
ignore the request.
If it's the Netgear with the shorter/smaller limits, that would explain
why Shrew does not report any errors - it still thinks its SAs are valid.
Try using the VPN Trace Utility and look at the Security Association
tab. If you see MATURE SAs, but only the outbound session's Transfered
count is increasing, that would be suggestive that the Netgear isn't
using the SA any longer.
Instructions for using the Trace Utility and generating a bug report
(which would be my next request) are found here:
http://www.shrew.net/support/wiki/BugReportVpnWindows
More information about the vpn-help
mailing list