[vpn-help] VPN Tunnel does not pass traffic

[Kevin VPN]

On 07/02/2013 09:01 AM, Häcker, Tobias A. wrote:
> I have the same issue. The peer is a bintec (Teldat) Router.
>
> I have observed the following:
>
> Client is a real hardware – no issues with Win XP or Win 7 with 2.1.x or 2.2.x
>
> Client is virtualized on ESXi 4.x or 5.x:
> * 2.1.x works with network adaptor type E1000 (XP or 7)
> * 2.1.x does not work with network adaptor VMXNET2 or VMXNET3 (XP or 7).
> * 2.2.0 does not work on either E1000 or VMXNET2 or VMXNET3 running Win 7 32 Bit (XP not tested).
>
> So basically I assume there is some interference between the virtualization layer on the network. E1000 simulates “real” hardware.
> What exactly the difference is between 2.1.x and 2.2.x I don’t know actually.
>

Hi Tobias,

One of the big differences between 2.1.x and 2.2.x is support for more 
Phase 2 algorithms.  The negotiations for selecting an algorithm set 
often results in a packet that is too large and has to be fragmented. 
Many firewalls do not like fragmented packets and drop them, which 
results in a failure of the Phase 2 negotiation in the VPN.

You can try this to see if this is your problem:

On the Phase 2 configuration tab, change the Transform Algorithm and 
HMAC Algorithm from "Auto" to a specific value (based on your VPN 
gateway's settings).  This will make the Phase 2 packets smaller so they 
do not get fragmented.