[vpn-help] Windows 7 client 2.2.2 and NetGear DGND4000 router
alberto.lupetto at libero.it
alberto.lupetto at libero.it
Wed Jul 30 03:10:59 CDT 2014
Dear all,
I need help to connect a VPN Client (Windows 7, client ver. 2.2.2) with a
NetGear DGND4000 router.
I have configured both NetGear DGND4000 router and VPN Client following the
guide:
https://www.shrew.net/support/Howto_Netgear
Below the mail you will find the VPN policy configured on NetGear DGND4000,
VPN client configuration, VPN client log and the router log.
Any idea how to solve the issue?
Lupetto
# -------------------------------------------------------
# NetGear DGND4000 router configuration
# -------------------------------------------------------
Address Data:
Dynamic IP
Local LAN:
Start IP 192.168.3.0
SubnetMask 255.255.255.0
Remote LAN:
Start IP 192.168.1.0
SubnetMask 255.255.255.0
IKE
Direction: Responder only
Exchange mode: Main Mode
DH Group: Auto
Local ID Type: WAN IP Address
Remote ID Type: Fully Qualified Domain Name: lupetto
Parameter
Encryption Algorithm: 3DES
Authentication Algorithm: Auto
Pre-shared Key: ****************
SA Life Time: 3600
Enable PFS: Off
# -------------------------------------------------------
# VPN client configuration
# -------------------------------------------------------
- General Tab
Host Name or IP Address = Netgear WAN Internet IP address.
Auto Configuration mode = ike config pull.
- Phase 1 Tab
The Exchange Type is set to normal (aggressive not abailable on the
router) DH Exchange = group 2
- Authentication Tab
Authentication Method = Mutual PSK
Local Identity parameters = Fully Qualified Domain Name with a FQDN
String 'lupetto'
Remote Identity parameters = IP Address
Use a discovered remote host address to match the IKE Policy Local
Identity value.
- Credentials Tab
Credentials Pre Shared Key is defined as "*******************" to match
the Netgear IKE Policy Pre-shared key value.
- Policy Tab
IPsec Policy information manually configured when communicating with
Netgear gateways.
# -------------------------------------------------------
# VPN trace utility
# -------------------------------------------------------
14/07/29 17:19:14 ## : IKE Daemon, ver 2.2.2
14/07/29 17:19:14 ## : Copyright 2013 Shrew Soft Inc.
14/07/29 17:19:14 ## : This product linked OpenSSL 1.0.1c 10 May 2012
14/07/29 17:19:14 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
14/07/29 17:19:14 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-decrypt.cap'
14/07/29 17:19:14 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-encrypt.cap'
14/07/29 17:19:14 ii : rebuilding vnet device list ...
14/07/29 17:19:14 ii : device ROOT\VNET\0000 disabled
14/07/29 17:19:14 ii : pfkey process thread begin ...
14/07/29 17:19:14 ii : network process thread begin ...
14/07/29 17:19:14 ii : ipc server process thread begin ...
14/07/29 17:19:29 ii : ipc client process thread begin ...
14/07/29 17:19:29 <A : peer config add message
14/07/29 17:19:29 <A : proposal config message
14/07/29 17:19:29 <A : proposal config message
14/07/29 17:19:29 <A : client config message
14/07/29 17:19:29 <A : local id 'lupetto' message
14/07/29 17:19:29 <A : preshared key message
14/07/29 17:19:29 <A : remote resource message
14/07/29 17:19:29 <A : peer tunnel enable message
14/07/29 17:19:29 DB : peer added ( obj count = 1 )
14/07/29 17:19:29 ii : local address 192.168.1.65 selected for peer
14/07/29 17:19:29 DB : tunnel added ( obj count = 1 )
14/07/29 17:19:29 DB : new phase1 ( ISAKMP initiator )
14/07/29 17:19:29 DB : exchange type is identity protect
14/07/29 17:19:29 DB : 192.168.1.65:500 <-> <DGND4000 router IP>:500
14/07/29 17:19:29 DB : 2ae2dfbb51009338:0000000000000000
14/07/29 17:19:29 DB : phase1 added ( obj count = 1 )
14/07/29 17:19:29 >> : security association payload
14/07/29 17:19:29 >> : - proposal #1 payload
14/07/29 17:19:29 >> : -- transform #1 payload
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports nat-t ( draft v00 )
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports nat-t ( draft v01 )
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports nat-t ( draft v02 )
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports nat-t ( draft v03 )
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports nat-t ( rfc )
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports FRAGMENTATION
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local supports DPDv1
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local is SHREW SOFT compatible
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local is NETSCREEN compatible
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local is SIDEWINDER compatible
14/07/29 17:19:29 >> : vendor id payload
14/07/29 17:19:29 ii : local is CISCO UNITY compatible
14/07/29 17:19:29 >= : cookies 2ae2dfbb51009338:0000000000000000
14/07/29 17:19:29 >= : message 00000000
14/07/29 17:19:29 -> : send IKE packet 192.168.1.65:500 -> <DGND4000 router
IP>:500 ( 360 bytes )
14/07/29 17:19:29 DB : phase1 resend event scheduled ( ref count = 2 )
14/07/29 17:19:29 <- : recv IKE packet <DGND4000 router IP> -> 192.168.1.65:
500 ( 40 bytes )
14/07/29 17:19:29 DB : phase1 found
14/07/29 17:19:29 ii : processing informational packet ( 40 bytes )
14/07/29 17:19:29 =< : cookies 2ae2dfbb51009338:6bf1dff16c98c971
14/07/29 17:19:29 =< : message 00000000
14/07/29 17:19:29 << : notification payload
14/07/29 17:19:29 ii : received peer NO-PROPOSAL-CHOSEN notification
14/07/29 17:19:29 ii : - <DGND4000 router IP>:500 -> 192.168.1.65:500
14/07/29 17:19:29 ii : - isakmp spi = none
14/07/29 17:19:29 ii : - data size 0
14/07/29 17:19:31 <A : peer tunnel disable message
# -------------------------------------------------------
# VPN NetGear DGND4000 log
# -------------------------------------------------------
2014-07-29 14:16:21 [=== Receive IKE PHASE 1 Main Mode (192.168.1.65) ===]
2014-07-29 14:16:21 ****** RECEIVE PACKET PAYLOADS (SA,VID,VID,VID,VID,VID,VID,
VID,VID,VID,VID)******
2014-07-29 14:16:21 ****** SENDING NOTIFICATION (NO_PROPOSAL_CHOSEN) ******
More information about the vpn-help
mailing list