[vpn-help] Problems connecting Windows7 over Broadband

kerrbenok frank.stuetzle at online.de
Fri Jan 24 19:01:50 CST 2014


> >
> > -----Original Message----- From: vpn-help-bounces at ...
> > [mailto:vpn-help-bounces at ...] On Behalf Of Mach Rainer
> > Sent: Monday, February 20, 2012 5:16 PM To:
> > 'vpn-help at ...' Subject: [vpn-help] Problems connecting
> > Windows7 over Broadband
> >
> > Hi!
> >
> > I installed the Shrew Soft Client (first 2.1.7 stable and now
> > 2.2.0-b2) on my Windows 7 64 Bit Laptop and configured it to connect
> > to a PFSense 2.0.1 Firewall. It works fine when the laptop is
> > connected via LAN or via WLAN (WLAN=802.11a/b). But when the laptop
> > is connected via Mobile Broadband (with a SIM Card from a mobile
> > phone provider) the Shrew Soft Client gets connected, but I can't get
> > any traffic through the tunnel (e.g. ping). I tried it with different
> > mobile provider, no change. And I tried it also with different Mobile
> > Broadband Adapters (one is internal in my Laptop and I got 2 mobile
> > USB Adapters) -it does also not work.
> >
> > But when I put the SIM Card to my IPhone and use tethering (WLAN
> > between Laptop and IPhone) the VPN works! So I think the problem is
> > not the provider.
> >
> > In the archive of the mailing list I found the suggestion to disable
> > a virtual Adapter, but there is no unused virtual adapter (and this
> > should be fixed in 2.2.0)
> >
> > Do you have any suggestions?
> >
> > regards, rainer
> >
> 
> Hi Rainer,
> 
> The error you see suggests a gateway end configuration issue.
> 
> Further to what Andrew said, I'd compare the log entries for successful
> connections from LAN/WLAN/tether to see what is different.  It is 
> possible that the provider uses different IP space for the WWAN 
> connections than it does the others, so you might need to add a 
> configuration for that.
> 
> Also, we've had other people on the list complain that they can't get 
> Shrew to work over WWAN, but I can't recall any follow-ups from them 
> indicating if they ever got it to work.
> 



Hi Rainer,

had exactly the same issue!
I could solve it with his information:
https://sites.google.com/a/vorkbaard.nl/dekapitein/tech-1/how-to-set-
up-ipsec-tunneling-in-pfsense-2-0-release-for-road-warriors

Basically it is to change the Phase 1 settings in the Mobile Tunnel in the
pfSense.
There are 3 steps mainly that did it for me:
-setting Policy Generation to Unique
-setting Proposal Checking to Strict
-setting NAT Traversal to Force

The rest of the changes in Shrew VPN weren't necessary for me, that was:
-I DIDN'T set NAT to "force-rfc" in Shrew connection but let it "enable"
-I DIDN'T set the Policy Generation to "Unique" but let it to "auto".

Everything went fine, hope it does for you!

kerrbenok



More information about the vpn-help mailing list