[vpn-help] Failure to bring up tunnel with Windows 8 through NAT

Chris Swinehart chris at mesotech.com
Mon Aug 26 12:13:36 CDT 2013 

Jim,

We found a workaround. We had been using the WiFi connection on the DIR-825.
The Win 8 computer works when using a wired connection, but not with the
WiFi. We'll just use the wired connection in the future on this computer. 

Interestingly enough, when I tried my Win 7 laptop on my Belkin router with
a wired connection it _didn't_ work. So it only works with a WiFi
connection. I'm starting to think maybe it has to do with the adapter
settings or something. I am using a USB-Ethernet adapter and verified that
the adapter did have the Shrew Filter enabled.

I don't understand the problem at this point, but we do have useable
workarounds. Thank you very much for all of the help.

Best regards,

Chris Swinehart

Mesotech International Inc.
4531 Harlin Drive
Sacramento, CA 95826
916-368-2020 (Voice)
916-368-2030 (Fax)
http://www.mesotech.com


-----Original Message-----
From: Jim Harle [mailto:vpn at technicolor.com] 
Sent: Friday, August 23, 2013 16:36
To: Chris Swinehart
Cc: vpn-help at lists.shrew.net
Subject: RE: [vpn-help] Failure to bring up tunnel with Windows 8 through
NAT

Indeed that will be good to know; and yes, some weird interaction with the
Win8 laptop.  How "newly installed" is the latter, and is there anyting
"special" about it?  I can certainly try putting Windows 8 on a laptop and
testing it the same way you are...I haven't used Windows 8 on other
computers besides my desktop PC, and a couple of family laptops (which I
don't have handy).

-----Original Message-----
From: Chris Swinehart [mailto:chris at mesotech.com]
Sent: Friday, August 23, 2013 5:15 PM
To: Harle Jim
Cc: vpn-help at lists.shrew.net
Subject: RE: [vpn-help] Failure to bring up tunnel with Windows 8 through
NAT

Jim,

Good idea - I'll try bypassing the DIR-825 and going directly to the cable
modem. The DIR-825 does connect directly to a cable modem with nothing in
between. That should at least narrow down the problem.

If it has to do with the internet connection, I think it will have to be
some interaction between that and the Win8 client because with everything
else held constant (same internet connection, same router, same Shrew client
version and config, etc.) it works on the Win 7 device. 

Thanks,

Chris Swinehart

Mesotech International Inc.
4531 Harlin Drive
Sacramento, CA 95826
916-368-2020 (Voice)
916-368-2030 (Fax)
http://www.mesotech.com


-----Original Message-----
From: Jim Harle [mailto:vpn at technicolor.com]
Sent: Friday, August 23, 2013 11:47
To: Chris Swinehart
Cc: vpn-help at lists.shrew.net
Subject: RE: [vpn-help] Failure to bring up tunnel with Windows 8 through
NAT

Hey Chris,

Is it possible for you to test the Win8 laptop "directly," bypassing the
DIR-825?  And does the latter connect directly to the Internet [cable modem,
etc], or is there yet another device in-between?

I happen to have a DIR-825 at my house, hardware version A1, firmware
version 1.13NA.  It doesn't "terminate" my Internet though; I have an
appliance firewall connected to a Motorola cable modem, and the DIR-825 is
behind that firewall.  The 2.2.2 Shrew client on my Win8 x64 desktop PC
works fine from behind that DIR-825, and I can try it later with that
connected to the cable modem (removing the appliance firewall).  My VPN
gateway is a Cisco ASA 5520.

Your NAT settings are default, and I'm quite sure the iPhone wifi hotspot is
a NAT.  So perhaps this all boils down to something with the Internet
connection itself...not necessarily the devices?

-----Original Message-----
From: Chris Swinehart [mailto:chris at mesotech.com]
Sent: Friday, August 23, 2013 11:26 AM
To: Harle Jim
Cc: vpn-help at lists.shrew.net
Subject: RE: [vpn-help] Failure to bring up tunnel with Windows 8 through
NAT

Jim,

Thanks for the reply. Here are the models that I'm dealing with:

VPN Server: Cisco RV042

Routers tested: - Old Belkin router without VPN passthrough feature (Win7
laptop works with this, haven't tested Win8 laptop)
		- D-Link DIR-825 router with VPN passthrough enabled (Two
Win7 laptops work,
Win8 laptop doesn't)

Both Win7 and Win8 clients work with an iPhone WiFi hotspot.

I've tried the same configuration on two Win7 laptops, same configuration,
they both work. Win 8 laptop doesn't. I followed your instructions: rebooted
the router then tried connecting with the Win 8 computer, it failed. I
immediately tried connecting with the Win 7 client and worked.

Here are the NAT traversal settings in the shrew client:
NAT Traversal: enable
NAT Traversal Port: 4500
Keep-alive packet rate: 15 secs
IKE Fragmentation: disable

I've also tried running the client in Win7 compatibility mode, both the
installer and the access manager itself, with no change in behavior.

Any more thoughts or suggestions?

Thanks,

Chris Swinehart

Mesotech International Inc.
4531 Harlin Drive
Sacramento, CA 95826
916-368-2020 (Voice)
916-368-2030 (Fax)
http://www.mesotech.com


-----Original Message-----
From: Jim Harle [mailto:vpn at technicolor.com]
Sent: Thursday, August 22, 2013 10:40
To: Chris Swinehart
Cc: vpn-help at lists.shrew.net
Subject: RE: [vpn-help] Failure to bring up tunnel with Windows 8 through
NAT

This doesn't sound like a NAT issue per se...the cell phone could be acting
as a NAT device depending on how you connect to it (such as via wifi).

Have you tried other NAT'd locations besides the router you speak of?

Can you provide the NAT traversal settings being used in the Shrew VPN
profile?

What is the model of the router that you are testing with, and does it have
"vpn passthrough" enabled on it?  Have you tried connecting the Windows 8
client first (after a router reboot) or does it still fail, and the Windows
7 client works when trying to connect it 2nd?

Just my thoughts,

Jim

-----Original Message-----
From: vpn-help-bounces at lists.shrew.net
[mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Chris Swinehart
Sent: Thursday, August 22, 2013 10:04 AM
To: vpn-help at lists.shrew.net
Subject: [vpn-help] Failure to bring up tunnel with Windows 8 through NAT

I wasn't able to find any other reports of known issues with connecting to a
VPN behind NAT with Windows 8 and v2.2.2, so here is the description of my
situation:

1. I am using the same imported configuration file on both a Win 7 and Win 8
laptop.
2. Both the Win 7 and Win 8 laptops can connect to my VPN server without
going through NAT (connected via a cell phone hotspot).
3. When trying to access the VPN through a router, only the Win 7 laptop can
finish bringing up the tunnel. The connection process on the Win 8 computer
pauses and the tunnel never comes up. I tested this using the exact same
router with the exact same router configuration.

This leads me to believe that the problem lies somewhere on the Win 8
computer. Any ideas or further troubleshooting steps I can take?

Thank you,

Chris Swinehart

Mesotech International Inc.
4531 Harlin Drive
Sacramento, CA 95826
916-368-2020 (Voice)
916-368-2030 (Fax)
http://www.mesotech.com


_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
https://lists.shrew.net/mailman/listinfo/vpn-help

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6576 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130826/efc08a1a/attachment.bin>

More information about the vpn-help mailing list