[vpn-help] "initiator port values should only float once per session"

Larry Moore lmoore at starwon.com.au
Thu Jun 6 18:11:53 CDT 2019 

On 5/06/2019 6:07 PM, dpremorel wrote:
>
> Hi !
>
> I'm having an issue with running the VPN client on some of my machines...
>
> The VPN server is an ISP router with an integrated VPN server that's 
> apparently only compatible with Shrew (Orange Livebox pro fibre v4, if 
> that's any help).
>
> I'm trying to access the server from 3 different off-site networks.
>
> The VPN client is v2.2.2 for Windows on all machines.
>
> On network 1 : PC1 running Win7 with ethernet connection to ISP 2 
> router : works flawlessly
>
> On network 1 : Laptop1 running Win10 with wifi connection to ISP 2 
> router : works flawlessly
>
> On network 2 : Laptop1 on wifi to ISP 2 different site/router : works 
> flawlessly
>
> On network 2 : PC2 running Win7 with ethernet connection to router : 
> doesn't work !
>
> On network 3 : Laptop2 running Win7 on wifi, same ISP as server, 
> different site: doesn't work !
>
> The debug logs differences between the machines that work and those 
> which don't start just before the message "initiator port values 
> should only float once per session". Apparently, after NAT traversal, 
> IKE packet is sent on the correct port (4500), but received on the 
> original port (500).
>
> Since i have one machine with successful connection to the VPN and one 
> that fails on the same network (2), I assume it has to do with an 
> obsure (to me) configuration of Windows 7.
>
> Thanks a million in advance for any help.
>
> David
>
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help

Hi David,

Assuming the two computer on network 2 connect via the same port on the 
LAN side of your router and their configurations are identical other 
than user or device specific information, perhaps the issue may simply 
be that Shrew VPN isn't working properly on the Windows-7 computer.

I recall (many years ago now) having a problem with Shrew VPN on my 
Windows-7 computer but can't be certain if it failed to install or 
simply didn't work when trying to establish a connection.

What I needed to do was to create/update a registry entry for 
MaxNumFilters and set it to a suitable value, currently set to 16 
(decimal). Have a look at this page for guidance 
(http://www.chicagotech.net/VPN/maxfilters.htm). IIRC, I removed Shrew 
VPN software, created MaxNumFilters entry and rebooted before 
re-installing Shrew VPN.

I have had experience where a router will have an IPEC ALG enabled and 
it can't be turned off. The ALG will change the IPSEC connections source 
port so it appear as coming from port 500 instead of the actual port 
used by NAT. I've not found a way to get Shrew VPN working with one of 
these routers which messes with the source port of the IPSEC connection.

Larry.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20190607/6610ddab/attachment.html>

More information about the vpn-help mailing list