[vpn-help] Problems connecting Windows7 over Broadband

Thu Mar 1 20:31:09 CST 2012

On 02/21/2012 12:21 PM, Roper, Andrew wrote:
> Is the firewall setup for Aggressive mode negotiations for that
> particular tunnel?
>
> -Andrew
>
> -----Original Message----- From: Mach Rainer
> [mailto:Rainer.Mach at inco.at] Sent: Tuesday, February 21, 2012 11:39
> AM To: Roper, Andrew; 'vpn-help at lists.shrew.net' Subject: RE:
> Problems connecting Windows7 over Broadband
>
> Hi Andrew,
>
> no change. The LogFile on the FW says: Feb 21 17:35:24	racoon: ERROR:
> failed to begin ipsec sa negotication. Feb 21 17:35:24	racoon: ERROR:
> no configuration found for 178.115.x.y. (<-- that's the IP I got from
> the mobile provider) Feb 21 17:35:19	racoon: ERROR: failed to begin
> ipsec sa negotication. Feb 21 17:35:19	racoon: ERROR: no
> configuration found for 178.115.x.y. Feb 21 17:35:15	racoon: ERROR:
> failed to begin ipsec sa negotication. Feb 21 17:35:15	racoon: ERROR:
> no configuration found for 178.115.x.y. Feb 21 17:35:13	racoon:
> ERROR: failed to begin ipsec sa negotication. Feb 21 17:35:13	racoon:
> ERROR: no configuration found for 178.115.x.y. Feb 21 17:35:12
> racoon: INFO: begin Identity Protection mode.
>
> regards, rainer
>
> -----Original Message----- From: vpn-help-bounces at lists.shrew.net
> [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Roper, Andrew
> Sent: Tuesday, February 21, 2012 3:38 PM To: Mach Rainer;
> 'vpn-help at lists.shrew.net' Subject: Re: [vpn-help] Problems
> connecting Windows7 over Broadband
>
> Rainer,
>
> Try turning off NAT-T when using the WWAN connection.
>
> Regards, Andrew
>
> -----Original Message----- From: vpn-help-bounces at lists.shrew.net
> [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Mach Rainer
> Sent: Monday, February 20, 2012 5:16 PM To:
> 'vpn-help at lists.shrew.net' Subject: [vpn-help] Problems connecting
> Windows7 over Broadband
>
> Hi!
>
> I installed the Shrew Soft Client (first 2.1.7 stable and now
> 2.2.0-b2) on my Windows 7 64 Bit Laptop and configured it to connect
> to a PFSense 2.0.1 Firewall. It works fine when the laptop is
> connected via LAN or via WLAN (WLAN=802.11a/b). But when the laptop
> is connected via Mobile Broadband (with a SIM Card from a mobile
> phone provider) the Shrew Soft Client gets connected, but I can't get
> any traffic through the tunnel (e.g. ping). I tried it with different
> mobile provider, no change. And I tried it also with different Mobile
> Broadband Adapters (one is internal in my Laptop and I got 2 mobile
> USB Adapters) -it does also not work.
>
> But when I put the SIM Card to my IPhone and use tethering (WLAN
> between Laptop and IPhone) the VPN works! So I think the problem is
> not the provider.
>
> In the archive of the mailing list I found the suggestion to disable
> a virtual Adapter, but there is no unused virtual adapter (and this
> should be fixed in 2.2.0)
>
> Do you have any suggestions?
>
> regards, rainer
>

Hi Rainer,

The error you see suggests a gateway end configuration issue.

Further to what Andrew said, I'd compare the log entries for successful
connections from LAN/WLAN/tether to see what is different.  It is 
possible that the provider uses different IP space for the WWAN 
connections than it does the others, so you might need to add a 
configuration for that.

Also, we've had other people on the list complain that they can't get 
Shrew to work over WWAN, but I can't recall any follow-ups from them 
indicating if they ever got it to work.