<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 5/06/2019 6:07 PM, dpremorel wrote:<br>
</div>
<blockquote type="cite"
cite="mid:f2409a677cf58835ab31bd0c1161755f@finot-conq.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<p>Hi !</p>
<p>I'm having an issue with running the VPN client on some of my
machines...</p>
<p>The VPN server is an ISP router with an integrated VPN server
that's apparently only compatible with Shrew (Orange Livebox pro
fibre v4, if that's any help).</p>
<p>I'm trying to access the server from 3 different off-site
networks.</p>
<p>The VPN client is v2.2.2 for Windows on all machines.</p>
<p>On network 1 : PC1 running Win7 with ethernet connection to ISP
2 router : works flawlessly</p>
<p>On network 1 : Laptop1 running Win10 with wifi connection to
ISP 2 router : works flawlessly</p>
<p>On network 2 : Laptop1 on wifi to ISP 2 different site/router :
works flawlessly</p>
<p>On network 2 : PC2 running Win7 with ethernet connection to
router : doesn't work !</p>
<p>On network 3 : Laptop2 running Win7 on wifi, same ISP as
server, different site: doesn't work !</p>
<p>The debug logs differences between the machines that work and
those which don't start just before the message "initiator port
values should only float once per session". Apparently, after
NAT traversal, IKE packet is sent on the correct port (4500),
but received on the original port (500).</p>
<p>Since i have one machine with successful connection to the VPN
and one that fails on the same network (2), I assume it has to
do with an obsure (to me) configuration of Windows 7.</p>
<p>Thanks a million in advance for any help.</p>
<p>David</p>
<div> </div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
vpn-help mailing list
<a class="moz-txt-link-abbreviated" href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a>
<a class="moz-txt-link-freetext" href="https://lists.shrew.net/mailman/listinfo/vpn-help">https://lists.shrew.net/mailman/listinfo/vpn-help</a>
</pre>
</blockquote>
<br>
Hi David,<br>
<br>
Assuming the two computer on network 2 connect via the same port on
the LAN side of your router and their configurations are identical
other than user or device specific information, perhaps the issue
may simply be that Shrew VPN isn't working properly on the Windows-7
computer.<br>
<br>
I recall (many years ago now) having a problem with Shrew VPN on my
Windows-7 computer but can't be certain if it failed to install or
simply didn't work when trying to establish a connection.<br>
<br>
What I needed to do was to create/update a registry entry for
MaxNumFilters and set it to a suitable value, currently set to 16
(decimal). Have a look at this page for guidance
(<a class="moz-txt-link-freetext" href="http://www.chicagotech.net/VPN/maxfilters.htm">http://www.chicagotech.net/VPN/maxfilters.htm</a>). IIRC, I removed
Shrew VPN software, created MaxNumFilters entry and rebooted before
re-installing Shrew VPN.<br>
<br>
I have had experience where a router will have an IPEC ALG enabled
and it can't be turned off. The ALG will change the IPSEC
connections source port so it appear as coming from port 500 instead
of the actual port used by NAT. I've not found a way to get Shrew
VPN working with one of these routers which messes with the source
port of the IPSEC connection.<br>
<br>
Larry.<br>
</body>
</html>