[vpn-help] Windows 7 client 2.2.2 and NetGear DGND4000 router

alberto.lupetto at libero.it alberto.lupetto at libero.it
Wed Jul 30 03:10:59 CDT 2014 

Dear all,
I need help to connect a VPN Client (Windows 7, client ver. 2.2.2) with a 
NetGear DGND4000 router.

I have configured both NetGear DGND4000 router and VPN Client following the 
guide:
https://www.shrew.net/support/Howto_Netgear

Below the mail you will find the VPN policy configured on NetGear DGND4000, 
VPN client configuration, VPN client log and the router log.

Any idea how to solve the issue?
Lupetto

# -------------------------------------------------------
#  NetGear DGND4000 router configuration
# -------------------------------------------------------

Address Data:
        Dynamic IP
Local LAN:
	Start IP 192.168.3.0
	SubnetMask 255.255.255.0
Remote LAN:
	Start IP 192.168.1.0
	SubnetMask 255.255.255.0
IKE
	Direction: Responder only
	Exchange mode: Main Mode
	DH Group: Auto
	Local ID Type: WAN IP Address
	Remote ID Type: Fully Qualified Domain Name: lupetto
Parameter
	Encryption Algorithm: 3DES
	Authentication Algorithm: Auto
	Pre-shared Key: ****************
	SA Life Time: 3600
	Enable PFS: Off

# -------------------------------------------------------
#  VPN client configuration
# -------------------------------------------------------

- General Tab
     Host Name or IP Address = Netgear WAN Internet IP address.
     Auto Configuration mode = ike config pull.
- Phase 1 Tab
     The Exchange Type is set to normal (aggressive not abailable on the 
router) DH Exchange = group 2
- Authentication Tab
     Authentication Method = Mutual PSK
     Local Identity parameters = Fully Qualified Domain Name with a FQDN 
String 'lupetto'
     Remote Identity parameters = IP Address
     Use a discovered remote host address to match the IKE Policy Local 
Identity value.
- Credentials Tab
     Credentials Pre Shared Key is defined as "*******************" to match 
the Netgear IKE Policy Pre-shared key value.
- Policy Tab
     IPsec Policy information manually configured when communicating with 
Netgear gateways.

# -------------------------------------------------------
#  VPN trace utility
# -------------------------------------------------------

14/07/29 17:19:14 ## : IKE Daemon, ver 2.2.2
14/07/29 17:19:14 ## : Copyright 2013 Shrew Soft Inc.
14/07/29 17:19:14 ## : This product linked OpenSSL 1.0.1c 10 May 2012
14/07/29 17:19:14 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client\debug\iked.log'
14/07/29 17:19:14 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client/debug/dump-ike-decrypt.cap'
14/07/29 17:19:14 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client/debug/dump-ike-encrypt.cap'
14/07/29 17:19:14 ii : rebuilding vnet device list ...
14/07/29 17:19:14 ii : device ROOT\VNET\0000 disabled
14/07/29 17:19:14 ii : pfkey process thread begin ...
14/07/29 17:19:14 ii : network process thread begin ...
14/07/29 17:19:14 ii : ipc server process thread begin ...
14/07/29 17:19:29 ii : ipc client process thread begin ...
14/07/29 17:19:29 <A : peer config add message
14/07/29 17:19:29 <A : proposal config message
14/07/29 17:19:29 <A : proposal config message
14/07/29 17:19:29 <A : client config message
14/07/29 17:19:29 <A : local id 'lupetto' message
14/07/29 17:19:29 <A : preshared key message
14/07/29 17:19:29 <A : remote resource message
14/07/29 17:19:29 <A : peer tunnel enable message
14/07/29 17:19:29 DB : peer added ( obj count = 1 )
14/07/29 17:19:29 ii : local address 192.168.1.65 selected for peer
14/07/29 17:19:29 DB : tunnel added ( obj count = 1 )
14/07/29 17:19:29 DB : new phase1 ( ISAKMP initiator )
14/07/29 17:19:29 DB : exchange type is identity protect
14/07/29 17:19:29 DB : 192.168.1.65:500 <-> <DGND4000 router IP>:500
14/07/29 17:19:29 DB : 2ae2dfbb51009338:0000000000000000
14/07/29 17:19:29 DB : phase1 added ( obj count = 1 )
14/07/29 17:19:29 >> : security association payload
14/07/29 17:19:29 >> : - proposal #1 payload
14/07/29 17:19:29 >> : -- transform #1 payload
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports nat-t ( draft v00 )
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports nat-t ( draft v01 )
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports nat-t ( draft v02 )
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports nat-t ( draft v03 )
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports nat-t ( rfc )
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports FRAGMENTATION
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports DPDv1
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local is SHREW SOFT compatible
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local is NETSCREEN compatible
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local is SIDEWINDER compatible
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local is CISCO UNITY compatible
14/07/29 17:19:29 >= : cookies 2ae2dfbb51009338:0000000000000000
14/07/29 17:19:29 >= : message 00000000
14/07/29 17:19:29 -> : send IKE packet 192.168.1.65:500 -> <DGND4000 router 
IP>:500 ( 360 bytes )
14/07/29 17:19:29 DB : phase1 resend event scheduled ( ref count = 2 )
14/07/29 17:19:29 <- : recv IKE packet <DGND4000 router IP> -> 192.168.1.65:
500 ( 40 bytes )
14/07/29 17:19:29 DB : phase1 found
14/07/29 17:19:29 ii : processing informational packet ( 40 bytes )
14/07/29 17:19:29 =< : cookies 2ae2dfbb51009338:6bf1dff16c98c971
14/07/29 17:19:29 =< : message 00000000
14/07/29 17:19:29 << : notification payload
14/07/29 17:19:29 ii : received peer NO-PROPOSAL-CHOSEN notification
14/07/29 17:19:29 ii : - <DGND4000 router IP>:500 -> 192.168.1.65:500
14/07/29 17:19:29 ii : - isakmp spi = none
14/07/29 17:19:29 ii : - data size 0
14/07/29 17:19:31 <A : peer tunnel disable message

# -------------------------------------------------------
#  VPN NetGear DGND4000 log
# -------------------------------------------------------

2014-07-29 14:16:21 [=== Receive IKE PHASE 1 Main Mode (192.168.1.65) ===]
2014-07-29 14:16:21 ****** RECEIVE PACKET PAYLOADS (SA,VID,VID,VID,VID,VID,VID,
VID,VID,VID,VID)******
2014-07-29 14:16:21 ****** SENDING NOTIFICATION (NO_PROPOSAL_CHOSEN) ******

More information about the vpn-help mailing list