Re: [vpn-help] Windows negotiation timout, works in VM on same PC though

Mon, 26 Sep 2011 18:55:35 -0700 

On 09/26/2011 01:52 PM, [email protected] wrote:

I'm running Shrew on Windows 2003 with the VPN server running on a
FritzBox 7230. Problem is that I always get the error "negotiation
timout
occurred" when trying to connect. However with the same configuration
I'm
able to connect just fine from a Win XP VM running on the same PC.



Hi Lars,

WinServer2003 is not listed as a supported OS for Shrew (only Windows
2000/XP/Vista/Win7) in the documentation - so it may not be supposed to
work at all: http://www.shrew.net/software


I had the opportunity to test a 2003 VM by now (had to find the install
disk first) and it's working there as well. So while not officially
supported it works.


Sometimes Shrew can be affected by other VPNs installed on a machine.
Do you have any other VPN clients installed on the WinServer2003 OS?
Have you maybe got WinServer setup to terminate IPSec/L2TP VPNs from
clients?


I had other VPN clients but uninstalled them. Can't spot a driver or stuff
that's left over from any of them, even checked registry.


If you can, check the log output on the VPN gateway to see if the
request from the WinSvr2003 machine is even reaching the gateway. Post
any relevant info from there to see if that helps us in any way.


Sadly Fritzbox doesn't provide that useful logging. There's nothing at all
in there for the unsuccesful connections, for the successful ones there's
"connected" and "disconnected: timeout".



Hi Lars,
I don't really have any expertize here, but obviously your VM test shows that it is possible to get it to work. Figuring out what is different between the Win2003 host and the VM is key.
Out of curiosity, what kind of networking did you setup on the Win2003 VM? Bridged or NAT? If bridged, I would be curious to see if it still works if you change it to NAT.
One theory I have is that there is something on the Win2003 host that is intercepting the VPN packets coming back before the Shrew process can get to them. Is it possible for you to take a Wireshark packet capture from the network somewhere between the Win2003 host and the Fritzbox? A packet capture could tell us if 1) the packets are being sent to the Fritzbox and 2) if the Fritzbox sends anything back. 
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help

Reply via email to