[vpn-help] Shrewsoft VPN Client not working properly after standby

Gerd Röthig gerd.roethig at gmail.com
Mon Jul 29 03:45:59 CDT 2013


Hello all,

I experienced similar problems with previous versions of Shrew Soft VPN client as well. Example: 2.1.7.

This seems to be due to the fact that on notebooks, the physical network connection is dropped in order to save energy when they enter the Standby mode. Shrew Soft VPN Client, unfortunately, does not detect this connection loss and seems to think that the network connection was not interrupted.
This is, by the way, not limited to the standby mode. You can reproduce a similar behavior by simply pulling the Ethernet plug out of the network card if you're on a wired network.
 
However, once the physical network connection gets lost, usually the VPN tunnel is dropped as well (which makes some sense). 
That means: After the network connection was interrupted, the client should act as if the VPN connection was terminated. Which, unfortunately, means that there should be some way to detect such losses in network connectivity in Shrew Soft VPN client.

One possible solution could by some kind of "keep-alive" mechanism where the client periodically checks if the VPN gateway is still reachable. This would also prevent issues with some network drivers and firewalls which drop connections or switch to energy-saving modus if they do not detect an active connection.

As for the solution with stopping the Shrew Soft daemons: I also use such an approach here but mainly for other reasons.

In order to automate VPN connection and termination of the VPN connection, I have set the "Shrew Soft IKE daemon" and the "Shrew Soft IPSEC daemon" to Manual start using a script like this (to be run as administrator):

@echo off
set SERVICES=HKLM\SYSTEM\CurrentControlSet\Services\

for %%i in (iked ipsecd) do (
   reg add %SERVICES%%%i /v Start /t REG_DWORD /d 00000003 /f
)

Thus, these services are not started every time the computer is started but will only run if called explicitly.

For establishing a VPN connection, I then use a script like this:

@echo off
net start "ShrewSoft IKE Daemon"
net start "ShrewSoft IPSEC Daemon"

start "VPN" "%ProgramFiles%\ShrewSoft\VPN Client\ipsecc.exe" -r MyConfig -u MyName

To terminate the VPN, another script reverses these steps:

@echo off
taskkill /T /F /IM "ipsecc.exe"

net stop "ShrewSoft IKE Daemon"
net stop "ShrewSoft IPSEC Daemon"

These scripts, of course, can be amended to mount/unmount network drives, start/stop particular programs and so on.

Kind regards,

Gerd

-----Original Message-----
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Nikolaos Milas
Sent: Monday, July 29, 2013 9:27 AM
To: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] Shrewsoft VPN Client not working properly after standby

On 28/7/2013 8:01 μμ, Jim Harle wrote:

> I don't have a solution for your scenario, but a suggestion and a question.  First the question - when your physical Ethernet connection is dropped, how much time passes before you attempt the disconnect/reconnect?  It would indeed be odd if the Shrew client never ("never" meaning more than, say, a minute) timed out with a message like "the gateway is not responding."

First, thanks for your reply. Second, I tested and it does terminate 
after a minute or so. So, things are not so odd after all.

> Now the suggestion - when your laptop gets into the state of "vpn-connects-but-doesn't-pass-traffic," here is a faster thing to try instead of rebooting:
> 1) Disconnect the VPN client
> 2) Open Control Panel --> System and Security --> Administrative Tools --> Services (right-click the bottom-left Start Screen icon to get to Control Panel in the first place)
> 3) Stop both the "ShrewSoft IKE Daemon" and "ShrewSoft IPSEC Daemon" services
> 4) Verify both services have stopped (F5 to refresh view)
> 5) Start both of the above services
> 6) Retry the VPN connection
>
> My experience has been that the "ShrewSoft IKE Daemon" will take a long time to stop, and Windows will complain that it couldn't stop the service, yet it does still stop.  Once in a blue moon, my PC will get into the state where the Shrew VPN will connect and pass traffic, but the VPN disconnects a short time after (~ 30 seconds).  Restarting the Shrew services clears this up.

That did the trick! Thanks! Now I can fix things without rebooting.

I hope, however, Shrewsoft sometime fixes VPN Client so that the VPN 
does not "hang" like this. Are they aware of this behavior? I hope they 
keep an eye at this maillist.

> And lastly, if you're using Windows 8 without a Start Menu replacement like Start8, best of luck to you...but that's for a different discussion thread.  :-)

I've read that M$ are planning an SP (or something like that) for Win 8 
probably later this year (see e.g.: 
http://www.zdnet.com/windows-8-1-the-return-of-the-start-button-7000016535/), 
which will add the Start Menu. So, I am waiting for the moment; it's not 
(very) terrible.

Best regards,
Nick
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
https://lists.shrew.net/mailman/listinfo/vpn-help




More information about the vpn-help mailing list