Hi Kevin, The identifier Information (fvs_remote.com and fvs_local.com) are actual values to be used, not need to resolve this address.
Check your phase1 parameter (ISAKMP) Regards, On Wed, Nov 17, 2010 at 6:25 PM, <[email protected]> wrote: > Thank you Alexis. I went through the VPN Wizard again and followed the > steps at the link you provided. I then > rebooted my router to make sure it was starting with the proper > configuration. Now it appears that my router is no > longer flagging the ISAKMP packets as suspicious and tossing them (which is > good). In fact it looks like my router > is actually trying to process the packets now. But it is having trouble > with what it is seeing, based on its own > internal logs (below)...and a response is not being sent back to the Shrew > client. > > My question now is, according to the link you provided, I was to set > the Identifier information fields to > fvs_remote.com and fvs_local.com. Are these just examples or are they the > actual values to be used? Should these > not resolve to real addresses? As can be seen below the FQDN of > fvs_remote.com is being sent by the Shrew client in > the ISAKMP packet. The Netgear then complains about not having a > connection. Is this because this address does not > resolve? > > By the way, the Shrew client is on a network behind a router so is NAT. > > Anyway, below is the log from my Netgear. On the Shrew side I only see > the ISAKMP packets being sent out every > 5 seconds without any response coming back. > > Wed, 11/17/2010 10:44:22 - TekSavvy IKE:Trying Dynamic IP Searching > Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Receive Packet address:0x1396850 > from 216.254.149.98 > Wed, 11/17/2010 10:44:28 - TekSavvy IKE:Peer Initialized IKE Aggressive > Mode > Wed, 11/17/2010 10:44:28 - TekSavvy IKE:RX << AM_I1 : 216.254.149.98 > Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:New State index:6, sno:7 > Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Agg. Decoded Peer's ID Type is > ID_FQDN > Wed, 11/17/2010 10:44:28 - TekSavvy IPsec:Value=66 76 73 5f 72 65 6d 6f 74 > 65 2e 63 6f 6d > Wed, 11/17/2010 10:44:28 - TekSavvy IKE:agg_inI1_outR1() connection not > found 206.248.160.8[500]-216.254.149.98[500] > > Thanks for any help you can provide. > > -----------------------------------~~~~~~~----------------------------- > Doing what you love is Freedom. | o o | Kevin Pickard > Loving what you do is Happiness. | ^ | [email protected] > ------------------------------^^^-----------^^^------------------------ > > > On Mon 10/11/15 10:31 AM , Alexis La Goutte [email protected]: > > Hi Kevin, > > > > There is a VPN wizard in your FVS318v1 ? > > > > Because use VPN Wizard and information in this blog > > > http://blog.igut.fr/post/2009/02/07/Client-VPN-IPSec-Shrew-avec-Routeur-VPN > > -NETGEAR[1] > > And it should work ! > > > > Regards, > > > > On Mon, Nov 15, 2010 at 2:05 PM, Kevin Pickard wrote: > > Thanks for the response Alexis. So have you managed to > > get a FVS318v1 to work? Do you know what configuration I should use? > > As I said in my initial post, my attempts at configuring > > it have failed (see below). > > At 03:59 AM 2010-11-15, Alexis La Goutte wrote: > > >Hi Kevin, > > > > > >Yes, it work but you should not use the Xauth & ModeConfig (no > > available in FVS318v1) > > > > > >Regards, > > > > > > > > >On Sat, Nov 13, 2010 at 11:19 PM, Kevin Pickard wrote: > > > I take it no-one else has any experience with this? > > Andreas was the only one to respond but his FVS318 appears to be a > > newer version and is completely different from mine. I have the older > > v1 hardware (FVS318v1). Anyone? > > >At 16:59:21 2010-10-26, wrote: > > >>Message: 2 > > >>Date: Tue, 26 Oct 2010 16:59:21 +0200 > > >>From: > > >>Subject: Re: [vpn-help] Netgear FVS318 > > >>To: > > >>Message-ID: > > >>Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"; > > >> DelSp="Yes" > > >> > > >>Zitat von : > > >> > > >>> Hello. Does anyone know if the Shrew client will work > > with the > > >>> Netgear FVS318 router? > > >>> > > >>> I have scanned the archives and I have found references > > to the > > >>> FVG318 but nothing specific about the FVS318. I have seen > > references > > >>> to needing Mode and Xauth enabled to get the FVS318 to work but > > >>> neither of those options exist on the FVS318 (that I can find). > > So I > > >>> think those people are confusing the FVS318 with another model. > > >>> > > >>> Has anyone been able to get the Netgear FVS318 (V1 > > hardware > > >>> running V2.4 firmware) to work with the Shrew client? > > >>> > > >>> My initial attempts at trying various configurations > > have only > > >>> resulted in security warnings on my FVS318 indicating that UDP > > >>> packets (from the Shrew Client) are being tossed because they > > >>> contain 'Suspicious UDP Data'. I have configured to use > > PSK. On the > > >>> client > > >>> side, via Wireshark, I only see the ISAKMP packet being sent out > > >>> (this is the one being tossed by the FVS318) at 5 second > > intervals. > > >>> The > > >>> Shrew client itself shows "bringing up tunnel ...", then > > eventually > > >>> followed by "negotiation timout [sic] occurred" after the ISAKMP > > >>> packet has been sent 4 times. > > >> > > >>Only some guess: > > >>If the netgear has some form of firewall you maybe need to allow > > >>inbound UDP port 500 and if using UDP encapsulation port 4500 as > > well > > >>to get the tunnel up. > > >> > > >>Regards > > >> > > >>Andreas > > >> > > >> > > >>-------------- next part -------------- > > >>A non-text attachment was scrubbed... > > >>Name: smime.p7s > > >>Type: application/pkcs7-signature > > >>Size: 6046 bytes > > >>Desc: S/MIME Cryptographic Signature > > >>URL: > > >> > > >>------------------------------ > > >> > > >>_______________________________________________ > > >>vpn-help mailing list > > >> > > >>http://lists.shrew.net/mailman/listinfo/vpn-help [19] > > >> > > >> > > >>End of vpn-help Digest, Vol 49, Issue 25 > > >>**************************************** > > > > >-----------------------------------~~~~~~~----------------------------- > > > Doing what you love is Freedom. | o o | Kevin Pickard > > > Loving what you do is Happiness. | ^ | > > > > >------------------------------^^^-----------^^^------------------------ > > >_______________________________________________ > > >vpn-help mailing list > > > > > >http://lists.shrew.net/mailman/listinfo/vpn-help [24] > > > > -----------------------------------~~~~~~~----------------------------- > > Doing what you love is Freedom. | o o | Kevin Pickard > > Loving what you do is Happiness. | ^ | > > > > ------------------------------^^^-----------^^^------------------------ > > > > > > Links: > > ------ > > [1] > > > http://blog.igut.fr/post/2009/02/07/Client-VPN-IPSec-Shrew-avec-Routeur-VPN > > -NETGEAR[15] > > > http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/6b0c93e4/att > > achment-0001.bin[16] > > > http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/6b0c93e4/att > > achment-0001.bin[19] http://lists.shrew.net/mailman/listinfo/vpn-help > > [24] http://lists.shrew.net/mailman/listinfo/vpn-help > > > > > >
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
