Hi Kevin,<div><br></div><div>The identifier Information (<a href="http://fvs_remote.com">fvs_remote.com</a> and <a href="http://fvs_local.com">fvs_local.com</a>) are actual values to be used, not need to resolve this address.</div>
<div><br></div>Check your phase1 parameter (ISAKMP)<div><br></div><div><br><div>Regards,<br><br><div class="gmail_quote">On Wed, Nov 17, 2010 at 6:25 PM, <span dir="ltr"><<a href="mailto:kpickard@simplyc.com">kpickard@simplyc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> Thank you Alexis. I went through the VPN Wizard again and followed the steps at the link you provided. I then<br>
rebooted my router to make sure it was starting with the proper configuration. Now it appears that my router is no<br>
longer flagging the ISAKMP packets as suspicious and tossing them (which is good). In fact it looks like my router<br>
is actually trying to process the packets now. But it is having trouble with what it is seeing, based on its own<br>
internal logs (below)...and a response is not being sent back to the Shrew client.<br>
<br>
My question now is, according to the link you provided, I was to set the Identifier information fields to<br>
<a href="http://fvs_remote.com" target="_blank">fvs_remote.com</a> and <a href="http://fvs_local.com" target="_blank">fvs_local.com</a>. Are these just examples or are they the actual values to be used? Should these<br>
not resolve to real addresses? As can be seen below the FQDN of <a href="http://fvs_remote.com" target="_blank">fvs_remote.com</a> is being sent by the Shrew client in<br>
the ISAKMP packet. The Netgear then complains about not having a connection. Is this because this address does not<br>
resolve?<br>
<br>
By the way, the Shrew client is on a network behind a router so is NAT.<br>
<br>
Anyway, below is the log from my Netgear. On the Shrew side I only see the ISAKMP packets being sent out every<br>
5 seconds without any response coming back.<br>
<br>
Wed, 11/17/2010 10:44:22 - TekSavvy IKE:Trying Dynamic IP Searching<br>
Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Receive Packet address:0x1396850 from 216.254.149.98<br>
Wed, 11/17/2010 10:44:28 - TekSavvy IKE:Peer Initialized IKE Aggressive Mode<br>
Wed, 11/17/2010 10:44:28 - TekSavvy IKE:RX << AM_I1 : 216.254.149.98<br>
Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:New State index:6, sno:7<br>
Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Agg. Decoded Peer's ID Type is ID_FQDN<br>
Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Value=66 76 73 5f 72 65 6d 6f 74 65 2e 63 6f 6d<br>
Wed, 11/17/2010 10:44:28 - TekSavvy IKE:agg_inI1_outR1() connection not found 206.248.160.8[500]-216.254.149.98[500]<br>
<br>
Thanks for any help you can provide.<br>
<div class="im"><br>
-----------------------------------~~~~~~~-----------------------------<br>
Doing what you love is Freedom. | o o | Kevin Pickard<br>
Loving what you do is Happiness. | ^ | <a href="mailto:kpickard@simplyc.com">kpickard@simplyc.com</a><br>
------------------------------^^^-----------^^^------------------------<br>
<br>
<br>
</div>On Mon 10/11/15 10:31 AM , Alexis La Goutte <a href="mailto:alexis.lagoutte@gmail.com">alexis.lagoutte@gmail.com</a> sent:<br>
<div class="im">> Hi Kevin,<br>
><br>
> There is a VPN wizard in your FVS318v1 ?<br>
><br>
> Because use VPN Wizard and information in this blog<br>
> <a href="http://blog.igut.fr/post/2009/02/07/Client-VPN-IPSec-Shrew-avec-Routeur-VPN" target="_blank">http://blog.igut.fr/post/2009/02/07/Client-VPN-IPSec-Shrew-avec-Routeur-VPN</a><br>
</div>> -NETGEAR[1]<br>
<div class="im">> And it should work !<br>
><br>
> Regards,<br>
><br>
</div><div class="im">> On Mon, Nov 15, 2010 at 2:05 PM, Kevin Pickard wrote:<br>
> Thanks for the response Alexis. So have you managed to<br>
> get a FVS318v1 to work? Do you know what configuration I should use?<br>
> As I said in my initial post, my attempts at configuring<br>
> it have failed (see below).<br>
> At 03:59 AM 2010-11-15, Alexis La Goutte wrote:<br>
> >Hi Kevin,<br>
> ><br>
> >Yes, it work but you should not use the Xauth & ModeConfig (no<br>
> available in FVS318v1)<br>
> ><br>
> >Regards,<br>
> ><br>
> ><br>
</div><div class="im">> >On Sat, Nov 13, 2010 at 11:19 PM, Kevin Pickard wrote:<br>
> > I take it no-one else has any experience with this?<br>
> Andreas was the only one to respond but his FVS318 appears to be a<br>
> newer version and is completely different from mine. I have the older<br>
> v1 hardware (FVS318v1). Anyone?<br>
</div><div class="im">> >At 16:59:21 2010-10-26, wrote:<br>
> >>Message: 2<br>
> >>Date: Tue, 26 Oct 2010 16:59:21 +0200<br>
> >>From:<br>
</div><div class="im">> >>Subject: Re: [vpn-help] Netgear FVS318<br>
> >>To:<br>
</div>> >>Message-ID:<br>
<div class="im">> >>Content-Type: text/plain; charset="iso-8859-1"; Format="flowed";<br>
> >> DelSp="Yes"<br>
> >><br>
</div>> >>Zitat von :<br>
<div><div></div><div class="h5">> >><br>
> >>> Hello. Does anyone know if the Shrew client will work<br>
> with the<br>
> >>> Netgear FVS318 router?<br>
> >>><br>
> >>> I have scanned the archives and I have found references<br>
> to the<br>
> >>> FVG318 but nothing specific about the FVS318. I have seen<br>
> references<br>
> >>> to needing Mode and Xauth enabled to get the FVS318 to work but<br>
> >>> neither of those options exist on the FVS318 (that I can find).<br>
> So I<br>
> >>> think those people are confusing the FVS318 with another model.<br>
> >>><br>
> >>> Has anyone been able to get the Netgear FVS318 (V1<br>
> hardware<br>
> >>> running V2.4 firmware) to work with the Shrew client?<br>
> >>><br>
> >>> My initial attempts at trying various configurations<br>
> have only<br>
> >>> resulted in security warnings on my FVS318 indicating that UDP<br>
> >>> packets (from the Shrew Client) are being tossed because they<br>
> >>> contain 'Suspicious UDP Data'. I have configured to use<br>
> PSK. On the<br>
> >>> client<br>
> >>> side, via Wireshark, I only see the ISAKMP packet being sent out<br>
> >>> (this is the one being tossed by the FVS318) at 5 second<br>
> intervals.<br>
> >>> The<br>
> >>> Shrew client itself shows "bringing up tunnel ...", then<br>
> eventually<br>
> >>> followed by "negotiation timout [sic] occurred" after the ISAKMP<br>
> >>> packet has been sent 4 times.<br>
> >><br>
> >>Only some guess:<br>
> >>If the netgear has some form of firewall you maybe need to allow<br>
> >>inbound UDP port 500 and if using UDP encapsulation port 4500 as<br>
> well<br>
> >>to get the tunnel up.<br>
> >><br>
> >>Regards<br>
> >><br>
> >>Andreas<br>
> >><br>
> >><br>
> >>-------------- next part --------------<br>
> >>A non-text attachment was scrubbed...<br>
> >>Name: smime.p7s<br>
> >>Type: application/pkcs7-signature<br>
> >>Size: 6046 bytes<br>
> >>Desc: S/MIME Cryptographic Signature<br>
> >>URL:<br>
> >><br>
</div></div>> >>------------------------------<br>
> >><br>
> >>_______________________________________________<br>
> >>vpn-help mailing list<br>
> >><br>
> >><a href="http://lists.shrew.net/mailman/listinfo/vpn-help" target="_blank">http://lists.shrew.net/mailman/listinfo/vpn-help</a> [19]<br>
<div class="im">> >><br>
> >><br>
> >>End of vpn-help Digest, Vol 49, Issue 25<br>
> >>****************************************<br>
><br>
> >-----------------------------------~~~~~~~-----------------------------<br>
> > Doing what you love is Freedom. | o o | Kevin Pickard<br>
> > Loving what you do is Happiness. | ^ |<br>
><br>
</div>> >------------------------------^^^-----------^^^------------------------<br>
> >_______________________________________________<br>
> >vpn-help mailing list<br>
> ><br>
> ><a href="http://lists.shrew.net/mailman/listinfo/vpn-help" target="_blank">http://lists.shrew.net/mailman/listinfo/vpn-help</a> [24]<br>
<div class="im">><br>
> -----------------------------------~~~~~~~-----------------------------<br>
> Doing what you love is Freedom. | o o | Kevin Pickard<br>
> Loving what you do is Happiness. | ^ |<br>
><br>
</div>> ------------------------------^^^-----------^^^------------------------<br>
><br>
><br>
> Links:<br>
> ------<br>
> [1]<br>
<div class="im">> <a href="http://blog.igut.fr/post/2009/02/07/Client-VPN-IPSec-Shrew-avec-Routeur-VPN" target="_blank">http://blog.igut.fr/post/2009/02/07/Client-VPN-IPSec-Shrew-avec-Routeur-VPN</a><br>
</div>> -NETGEAR[15]<br>
<div class="im">> <a href="http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/6b0c93e4/att" target="_blank">http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/6b0c93e4/att</a><br>
</div>> achment-0001.bin[16]<br>
<div class="im">> <a href="http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/6b0c93e4/att" target="_blank">http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/6b0c93e4/att</a><br>
</div>> achment-0001.bin[19] <a href="http://lists.shrew.net/mailman/listinfo/vpn-help" target="_blank">http://lists.shrew.net/mailman/listinfo/vpn-help</a><br>
> [24] <a href="http://lists.shrew.net/mailman/listinfo/vpn-help" target="_blank">http://lists.shrew.net/mailman/listinfo/vpn-help</a><br>
><br>
><br>
<br>
</blockquote></div><br></div></div>