<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="State"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="country-region"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="Street"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="address"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:monospace;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:385615686;
mso-list-type:hybrid;
mso-list-template-ids:2024671686 613185468 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Different Netgear router versions have
different bugs, and their tech support seem to alibi their way out of them
rather than fix them. I am currently in an escalation about certain of
these bugs for the FVS336G with Netgear in <st1:State w:st="on">California</st1:State>
after having been run around by local support in <st1:country-region w:st="on"><st1:place
w:st="on">Germany</st1:place></st1:country-region> and on the forum. Now
California are ignoring me – if they don’t react soon, I’m
going to return the darn thing and put up negative product evaluations on the
French, German and English IT equipment buyers sites. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>That being said, I *<b><span
style='font-weight:bold'>am</span></b>* able to connect and ping with Shrew 2.1.5-RC4
running on both Windows XP 32 and 64 bit. Since the 336 and the 3205 seem
to be similar (apart from the fact that the 336 doesn’t have a WAP), my
experience may also be useful for you. Following is a list of issues I
found in getting things (sort of) working, and what I did to get around them. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<ol style='margin-top:0in' start=1 type=1>
<li class=MsoNormal style='color:navy;mso-list:l0 level1 lfo1'><font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial'>One
must not use IP config pull Auto Configuration in Shrewsoft – Netgear
sends a message that Shrew doesn’t understand. I don’t
know who’s at fault here. Instead, Auto Configuraiton must be
disabled<o:p></o:p></span></font></li>
<li class=MsoNormal style='color:navy;mso-list:l0 level1 lfo1'><font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial'>This
means one must not use any Mode Config on the FVS336G. Instead, one
must use a linked IKE and VPN policy.<o:p></o:p></span></font></li>
<li class=MsoNormal style='color:navy;mso-list:l0 level1 lfo1'><font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial'>This
means of course one must explicitly specify the remote virtual IP address
in every installation of the Shrewsoft client for each individual user.
I find this enormously inconvenient – I’d really like
the Shrewsoft client to be able to work with Mode Config.<o:p></o:p></span></font></li>
<li class=MsoNormal style='color:navy;mso-list:l0 level1 lfo1'><font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial'>The
manually assigned virtual IP addresses must be on a different Class C subnet
than that used for your LAN. Netgear say this is part of the IPSec
specification, but I’ll be darned if I can find it there. I
think instead that Netgear have simply built a dead body or two into there
software architecture, and have obliged users to walk around it while holding
their nose ever since. I don’t understand this, as I can’t
imagine it would be hard to fix. This limitation is not a part of
the SSL-VPN that was the reason I bought the 336, for example. However,
in order move on, you have to play by their unpublished rules. <o:p></o:p></span></font></li>
<li class=MsoNormal style='color:navy;mso-list:l0 level1 lfo1'><font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial'>Note
that even though your virtual IP address is part of a different subnet,
you must specify the local IP traffic selector subnet mask to cover just
your LAN addresses, not that of the subnet on which the virtual IP
addresses of the VPN clients are located as well. Don’t worry,
for the most part, traffic still routes between the two subnets.<o:p></o:p></span></font></li>
<li class=MsoNormal style='color:navy;mso-list:l0 level1 lfo1'><font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial'>By
the way, under such a configuration, I use FQDNs for both remote and local
client identification in the IKE policy. I also simply work
with a shared key for testing so far, but I have tried setting up
username/password authentication as well. I seem to remember it
working. <o:p></o:p></span></font></li>
<li class=MsoNormal style='color:navy;mso-list:l0 level1 lfo1'><font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial'>Very
important: you must set up Remote IP Traffic Selection to be ‘any’.
This I find really disappointing, as it means I can’t enable
cross-subnet NetBIOS broadcasting on the Netgear router, as that requires
the Remote IP Traffic Selector to be a subnet. That means
that, even though I can ping everything on the LAN from the VPN client,
and the VPN client from the LAN, I can only SMB-browse Samba shares. Native
Windows shares don’t resolve, even with the passing of a WINS server
to the VPN client. This is most definitely a Netgear problem –
I’ve been able to reproduce it with the VPN client they supply. <o:p></o:p></span></font></li>
<li class=MsoNormal style='color:navy;mso-list:l0 level1 lfo1'><font size=2
color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial'>Note
that where there was a choice between MD5 and SHA-1 encryption algorithms,
I used MD5. I read this somewhere on the net from someone else
struggling to get his Netgear going, and tried it myself. I think
that rather the steps outlined above were the deciding factor in getting
things working, but in case there is a problem with SHA-1, I thought I’d
mention it here.<o:p></o:p></span></font></li>
</ol>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hope this helps you get started, and that
we can get some attention paid to how to solve the problems outlined above.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Charles<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
vpn-help-bounces@lists.shrew.net [mailto:vpn-help-bounces@lists.shrew.net] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Tom Lahey<br>
<b><span style='font-weight:bold'>Sent:</span></b> Monday, November 23, 2009
8:05 AM<br>
<b><span style='font-weight:bold'>To:</span></b> Stuart Hall<br>
<b><span style='font-weight:bold'>Cc:</span></b> vpn-help@lists.shrew.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [Vpn-help] Fwd:
Problem Report - NetGear SRXN3205</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>Thanks Stuart,<br>
<br>
I have installed 2.1.5-rc 4 and still have the same issue. <br>
I am able to connect to the Net Gear router. But still can not ping anything on
the remote network (192.168.42.0)<br>
<br>
I've tried the router itself (192.168.42.1) or a server on the inside
(192.168.42.5) with no success.<br>
<br>
This seems to be a similar issue being experienced by "Jack Allen" on
the list.<br>
<br>
Once connected I get Windows shows.....<br>
<br>
</span></font><font face=monospace><span style='font-family:monospace'>Ethernet
adapter Local Area Connection* 16:<br>
<br>
Connection-specific DNS Suffix . :<br>
Description . . . . . . . . . . . : Shrew Soft Virtual Adapter<br>
Physical Address. . . . . . . . . : AA-AA-AA-AA-AA-00<br>
DHCP Enabled. . . . . . . . . . . : No<br>
Autoconfiguration Enabled . . . . : Yes<br>
Link-local IPv6 Address . . . . . : fe80::bc3f:b1ef:4f2a:a5c6%33(Preferred)<br>
IPv4 Address. . . . . . . . . . . : 192.168.42.100(Preferred)<br>
Subnet Mask . . . . . . . . . . . : 255.255.255.0<br>
Default Gateway . . . . . . . . . :<br>
DNS Servers . . . . . . . . . . . : 192.168.42.5<br>
Primary WINS Server . . . . . . . : 192.168.42.5<br>
NetBIOS over Tcpip. . . . . . . . : Enabled<br>
<br>
And has a route.....<br>
C:\Users\tlahey>route print<br>
===========================================================================<br>
Interface List<br>
33 ...aa aa aa aa aa 00 ...... Shrew Soft Virtual Adapter<br>
14 ...00 24 33 89 c6 2c ...... Bluetooth Device (Personal Area Network)<br>
12 ...00 22 fb 69 78 b6 ...... Intel(R) WiFi Link 5100 AGN<br>
10 ...00 1d ba 68 87 6b ...... Intel(R) 82567LM Gigabit Network Connection<br>
1 ........................... Software Loopback Interface 1<br>
20 ...00 00 00 00 00 00 00 e0
isatap.{5A2CE871-92DB-4CBC-AC84-7A89C675168F}<br>
35 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3<br>
17 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2<br>
22 ...02 00 54 55 4e 01 ...... Microsoft Tun Miniport Adapter<br>
36 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4<br>
===========================================================================<br>
<br>
<st1:Street w:st="on"><st1:address w:st="on">IPv4 Route</st1:address></st1:Street>
Table<br>
===========================================================================<br>
Active Routes:<br>
Network Destination Netmask
Gateway Interface Metric<br>
0.0.0.0
0.0.0.0 192.168.0.1 192.168.0.10
25<br>
127.0.0.0 255.0.0.0
On-link 127.0.0.1
306<br>
127.0.0.1 255.255.255.255
On-link 127.0.0.1 306<br>
127.255.255.255 255.255.255.255 On-link
127.0.0.1 306<br>
169.254.0.0 255.255.0.0
On-link 192.168.42.100 306<br>
169.254.255.255 255.255.255.255 On-link
192.168.42.100 286<br>
192.168.0.0 255.255.255.0
On-link 192.168.0.10 281<br>
192.168.0.10 255.255.255.255
On-link 192.168.0.10 281<br>
192.168.0.255 255.255.255.255
On-link 192.168.0.10 281<br>
192.168.42.0 255.255.255.0
On-link 192.168.42.100 31<br>
192.168.42.100 255.255.255.255 On-link
192.168.42.100 286<br>
192.168.42.255 255.255.255.255 On-link
192.168.42.100 286<br>
224.0.0.0 240.0.0.0
On-link 127.0.0.1
306<br>
224.0.0.0 240.0.0.0
On-link 192.168.0.10
281<br>
224.0.0.0 240.0.0.0
On-link 192.168.42.100
286<br>
255.255.255.255 255.255.255.255 On-link
127.0.0.1 306<br>
255.255.255.255 255.255.255.255 On-link
192.168.0.10 281<br>
255.255.255.255 255.255.255.255 On-link
192.168.42.100 286<br>
===========================================================================<br>
Persistent Routes:<br>
None<br>
<br>
<st1:Street w:st="on"><st1:address w:st="on">IPv6 Route</st1:address></st1:Street>
Table<br>
===========================================================================<br>
Active Routes:<br>
If Metric Network Destination Gateway<br>
22 18 ::/0
On-link<br>
1 306 ::1/128
On-link<br>
22 18 2001::/32
On-link<br>
22 266 2001:0:d5c7:a2d6:24e3:19e9:3f57:fff5/128<br>
On-link<br>
33 286 fe80::/64
On-link<br>
22 266 fe80::/64
On-link<br>
22 266 fe80::24e3:19e9:3f57:fff5/128<br>
On-link<br>
33 286 fe80::bc3f:b1ef:4f2a:a5c6/128<br>
On-link<br>
1 306 ff00::/8
On-link<br>
22 266 ff00::/8
On-link<br>
33 286 ff00::/8
On-link<br>
===========================================================================<br>
Persistent Routes:<br>
None<br>
<br>
</span></font><br>
<br>
<br>
<br>
<br>
2009/11/22 Stuart Hall <<a href="mailto:stuart@xxxx.org">stuart@xxxx.org</a>>:<br>
> Hi Tom,<br>
><br>
> I suspect the first suggestion will be to move to the latest RC<br>
> version as there have been a lot of improvements in this. Current<br>
> latest version is 2.1.5-rc-4.<br>
><br>
> Perhaps you could try this and let us know how you get on.<br>
><br>
> Regards,<br>
><br>
> Stuart H.<br>
><br>
> On Sat, Nov 21, 2009 at 9:03 AM, Tom Lahey <<a
href="mailto:tel@xxxx.com">tel@xxxx.com</a>> wrote:<br>
>> Using ShrewSoft: 2.1.4<br>
>> Router: Netgear SRXN3205<br>
>> Firmware:3.0.3-18<br>
>> Client OS: Window Vista Business SP 1 64-bit<br>
>><br>
>><br>
>> Problem:<br>
>> I have configured the VPN Client using the instructions provided on the
website.<br>
>> I am able to extablish a connection, however no traffic is routing<br>
>> from my client to the remote network.<br>
>> I am testing by connecting and then trying to ping a known server<br>
>> 192.168.42.5 (I am able to ping this server from the local network)<br>
>> I get "Request timed out"<br>
>><br>
>> Debug attached.<br>
>> Screen Shots of Netgear Config Attached.<br>
>><br>
>><br>
>> Your assistance is appreciated!<br>
>><br>
>> Tom<br>
>><br>
>> --<o:p></o:p></p>
</div>
</body>
</html>