On 08/01/2011 04:54 PM, Mario Russo wrote:
Adding some new information in case it sparks any ideas.
Recap:
From my home network (WRT54G home router):
ShrewSoft 2.17 VPN client connects OK via a Windows 7 VM (Fusion) running on my
macbook pro.
ShrewSoft 2.2 VPN client on Mac OS (Snow Leopard) receives the “session
terminated by gateway” (I’ve noticed that others seem to have trouble with this
when dealing with Cisco equipment.
Update:
From the wifi network at the public library:
ShrewSoft 2.17 VPN client on Windows 7 VM connects OK.
ShrewSoft 2.2 VPN client on Mac OS connects OK!
I went to the public library for a couple hours this morning and decided to try
it out from there. And it works!
So I have no idea what kind of hardware / network structure they’re running,
but I could successfully connect and access internal machines.
Now that I’m back home I’ve tried several times again with the same results:
“session terminated by gateway.”
Because my Windows VM can connect OK I’m tempted to think it is not a
configuration issue with my home router. But, at the advice of another post in
the archive I explicitly opened up ports 500,4500 for TCP/UDP on my home
router. Still no luck.
Thanks for reading,
Mario
________________________________
Date: Fri, 29 Jul 2011 15:24:42 -0500
To: "[email protected]"<[email protected]>
Subject: [vpn-help] Debugging tunnel issues on Mac OS VPN Client
Hello,
I’ve been doing some testing of the Mac VPN client following a few posts in the
archives. I believe I installed the stack correctly, but I’m running into issues
establishing& maintaining a tunnel.
Background:
I just started working with a client that uses the Shrew VPN client on windows
machines with a Cisco solution. To test connectivity I installed the Shrew windows
client (2.1.7) on a Windows 7 VM and I’m able to connect& authenticate using
the .PCF file they provided.
The problem is that most members of my development team (including myself) use
Macs. After installing the stack on my Mac and attempting to connect, the
session is terminated by the gateway after about 30 seconds. During the ~30
seconds it appears that I’m connected (I get the confirmation / help desk
message from the host), but I’m not able to ping any resources on the network.
I noticed that the VPN trace utility isn’t available in the Mac version, so I’m
not sure how much extra information I can provide. The trace from the Access
Manager is included below.
If anyone has any insight about how to proceed I’d love to hear it.
Thanks for your time,
Mario
Platform:
----------------------------------------------
Mac OX 10.6.7
qt 4.7.1
tuntap 20090913
ShrewSoft VPN Mac client 2.2.0
ACCESS MANAGER LOGS:
----------------------------------------------
Windows Client (successful):
----------------------------------------------
config loaded for site '******.pcf'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled
----------------------------------------------
Mac Client (not successful):
----------------------------------------------
config loaded for site '*****'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled
~30 seconds
session terminated by gateway
tunnel disabled
detached from key daemon
Hi Mario,
I'm wondering if perhaps you have a problem with overlapping subnets
when you are connecting from home.
For instance, if your corporate network uses the same private addresses
internally as your local network at home does, that would cause a
conflict that could break the VPN. Most Linksys routers default to
using network 192.168.1.x mask 255.255.255.0, but perhaps the public
library uses a different set of addresses. You could try changing your
Linksys to use a different IP subnet.
My theories as to the reason it works from the Windows Fusion instance
is that often VM software defines a local subnet within the hardware
that does not overlap with the IP network used by the host OS. The
guest OS uses this other network so that there is not actually a
conflict anymore.
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
