[vpn-help] Must I restart Windows for ShrewSoft to work?

Kevin VPN kvpn at live.com
Tue May 15 19:45:46 CDT 2012


On 05/11/2012 06:01 AM, lst_hoe02 at kwsoft.de wrote:
>
> Zitat von Samuel Williams <samw at stanfordalumni.org>:
>
>> I am using a Windows7 64-bit based laptop that rotates between a direct
>> Ethernet connection on-site at an office, and a DLINK DIR-655 Wireless
>> connection from home. If I attempt to connect the VPN without shutting
>> down/restarting I can get the tunnel enabled, but none of the networked
>> devices are accessible. If I restart, the tunnel enables and everything
>> works dandily.
>>
>>
>>
>> Any idea what?s going on here and how to resolve it? I?m guessing it?s
>> something wrong with the phase2 setup, but I?m sufficiently naïve about
>> this that I don?t know where to start. If an error log is needed to
>> narrow things down, any pointers for generating said log would be much
>> appreciated!
>>
>
> VPN is sensitive to changing IP Adresses but in theory the VPN endpoint
> should reestablish the connection. But if you suspend your Laptop
> ShrewSoft does not even know that something have changed and try to use
> the old tunnel/SA which might be expired already or refused by the
> remote because of address change.
>

Hi Samuel,

Andreas is correct, I've observed too that Shrew does not always react 
well to network topology changes, especially if the VPN is active at the 
time the topology changes.

While I'm not sure why Shrew has issues, an easy way to restart it 
without having to restart Windows is to restart the ShrewSoft services. 
  You can do this through Control Panel -> System and Security -> 
Administrative Tools -> Services.  I *think* the key one is the IPSEC 
Daemon, but I usually also restart the IKE Daemon.

Another way to do it, and happily this is also the tool that will let 
you generate an error log, is to use the Trace Utility.  Instructions on 
using the Trace Utility to generate a log are available here:
http://www.shrew.net/support/wiki/BugReportVpnWindows

The Trace Utility has convenient buttons to restart the IKE Service, DNS 
Service and IPSEC Service (which correspond to the daemons in the 
Administrative Tools -> Services applet).



More information about the vpn-help mailing list