Daer all,
I've severaly VPN Clients with Shrew Client Software and everything works
without any problem except one VPN-Client. The VPN-configuration on the router
is for all the same except the PSK-Password.
My colleague has a strange behaviour with the Shrew VPN Client and a AVM Fritz
Router 7270 (latest firmware is installed). He has at home a AVM Fritz Router
7270 and tries to dial-in in our company via VPN with a notebook. If the
notebook is connected via network cable, everything works fine - no problems!
He can dial-in and access to the network, mails servers, web servers aso.
But if he is connected to the Wireless LAN he couldn't access to the VPN-Router
(LANCOM 1711+ latest firmware). He can ping the LANCOM VPN-Router and he can
access to all other internet services but if he try to make a VPN connection
the connection immediately fails with the message "negotiation timeout" and
"detach from the key daemon".
Addionally, now the strange behaviour: If my colleague uninstalls the Shrew VPN
Client, restarts the PC and reinstalls the client (and deactivates the
ShrewSoft DNS Proxy Daemon) without a restart the VPN connection works without
any problem. If he restarts the PC it doesn't work again. He can reproduce it
everytime!
Here some configuration data of the VPN client:
- Windows 7 - 64bit
- VPN Client: 2.1.5
- General Tab:
- Hostname: vpn.my-domain.de
- Port: 500
- Auto Configuration: ike config pull
- Address Method: Use a virtual adapter and assigned address
- MTU: 1380
- Obtain Automatically: Yes
- Client Tab:
- NAT Traversal: enable
- NAT Traversal Port: 4500
- Keep-alive packet rate: 15 sec
- IKE Fragmentation: enabled
- Maximum packet size: 540 Bytes
- Enable Dead Peer Detection: Yes
- Enable ISAKMP Failure Notifications: Yes
- Enable Client Login Banner: Yes
- Name Resolution Tab
- All items "Enabled" and "Obtain Automatically" is set
- Authentication Tab
- Method: Mutual PSK + XAuth
- Local Identity:
- Local Identifier: Key Identifier
- Key ID String: name of user
- Remote Identity:
- Local Identifier: Key Identifier
- Key ID String: name of user
- Credentials Tab:
- Pre Shared Key: value of PSK
- Phase 1 Tab
- Exchange Type: aggressive
- DH exchange: group 2
- Cipher Algorithm: auto
- Hash Algorithm: auto
- Key Life Time limit: 86400 Secs
- Key Life Data limit: 0 Kbytes
- Enable Check Point Compatible Vender ID: No
- Phase 2 Tab
- Transform Algorithm: auto
- HMAC Algorithm: auto
- PFS Exchange: group 2
- Compress Algorithm: disabled
- Key Life Time limit: 3600 Secs
- Key Life Data limit: 0 Kbytes
- Policy Tab
- Maintain Persistent Descurity Associations: No
- Obtain Topology Automatically or Tunnel All: Yes
At the moment I don't know where the problem is located. Is this problem a
router problem (with cable it works, with Wireless LAN not), or a client
problem (It runs with new installation and without any restart)? Has anybody a
idea for this problem(s)?
Kind regards
Rainer Budde
--
Rainer Budde
Software Engineering
RWH Industrieautomatisierung GmbH
Emsteker Strasse 14-16
D-49661 Cloppenburg
Fon: +49 (0) 4471 - 9293 -18
Fax: +49 (0) 4471 - 9293 -22
Mail: [email protected]
Geschäftsführer: Andreas Reuter, Amtsgericht Oldenburg, HRB 151141
-----------------------------------------------------------------------
This e-mail and any files transmitted with it are confidential and are intended
solely for the use of the individual or entity to whom they are addressed. This
communication represents the originator's personal views and opinions, which do
not necessarily reflect those of RWH Industrieautomatisierung GmbH or any of
its subsidiaries or affiliates. If you are not the original recipient or the
person responsible for delivering the e-mail to the intended recipient, be
advised that you have received this e-mail in error, and that any use,
dissemination, forwarding, printing or copying this e-mail is strictly
prohibited. If you receive this e-mail in error, please immediately notify
[email protected]
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
