On Tue, 08 Mar 2011 11:12:38 -0500 Judy Leach <[email protected]> wrote:
> Hi Kevin, > > I installed the beta 2.2.0 and was still unable to connect; received > the negotiation time out message. Attached is the iked.log file. I > have edited out the IP addresses for my broadband connection and the > VPN server I am trying to connect to. I was able to have a look at > the logs on the server and it seems that the connection attempt does > not reach the server at all. > On Tue, 01 Mar 2011 10:41:33 -0500 Judy Leach <[email protected]> wrote: > Hi all, > > I am running Windows 7 64-bit and have installed Shrew Soft 2.1.7. I > can connect fine when wired into my router. When I connect to the > internet using my broadband internet stick (on a Canadian provider's > network) I get a "negotiation time out" and Shrew does not connect. > The VPN server is a linux server running Open Swan and there is no > evidence in the logs that the connection is attempted. The Shrew Soft > Lightweight Filter does show in the properties of the broadband > adapter. I have checked with the mobile internet provider, and they > claim not to be blocking vpn connections. This seems to be true as I > can connect to a different vpn server using the Windows VPN client. Hi Judy, The iked.log confirms that there is no communication between the VPN gateway and Shrew itself. I want to go back to your original message. In it, you mention the following: 1. Shrew works to connect to the Openswan VPN gateway when wired into your router. 2. Shrew does not work to the Openswan VPN gateway when using the broadband stick. 3. Built-in Windows VPN client works to a different VPN server than the Openswan VPN gateway using the broadband stick. Point 1 indicates that you have a working Shrew configuration. That's a good start. Point 3 tells us that the provider's network does not block Windows-based VPNs, but built-in Windows-based VPNs are not the same pure IPSec-based VPN that Shrew uses. Windows VPNs are usually PPTP- or L2TP-based. The key point is that they use different protocols and ports. Point 2 suggests that the provider may be blocking pure IPSec VPNs. You can try specifically asking if pure IPSec VPNs that use IP protocol 50, udp port 500 or udp port 4500 are supported on the broadband sticks. Another more technical way to confirm that it is the provider that is blocking the traffic is to use a Wireshark capture. Install Wireshark on your laptop, then start a capture of traffic on the broadband internet adapter. When you try to establish a connection using Shrew, you should see connection attempts on port UDP 500 between your laptop and the Openswan gateway IP address. If the only packets you see have a source IP of your laptop and there's none with a source of the gateway, that suggests that the provider is dropping traffic. If you're unsure of what you see, you can mail the capture directly to my email and I'll look at it so that you don't have to post it publically. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
