On 10/22/2011 02:17 PM, Johan Schröder wrote:
Hello there,
I've got a connection problem using the Shrewsoft VPN client and a
Netscreen 5GT using UMTS (surf stick, Vodafone Germany).
There is no connection problem in general (the VPN connection works
without problems using DSL with different PCs), only when the client
tries to establish a connection via UMTS (Vodafone Germany).
The client mailed me the log/trace of his Shrewsoft client. On the
Netscreen (VPN gateway) there is no entry in the log, so I assume that
the Shrewsoft client don't even reach the Netscreen. Does anybody can
help me with that, maybe with interpreting the following trace? Maybe
it's a problem with Vodafone blocking the needed ports? Thanks!
In the following trace, I replaced the client IP address with
xx.xx.xx.xx, the VPN Gateway IP address with yy.yy.yy.yy.
<snip>
11/10/21 12:43:32 -> : send IKE packet xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500 ( 1190 bytes )
11/10/21 12:43:32 DB : phase1 resend event scheduled ( ref count = 2 )
11/10/21 12:43:37 -> : resend 1 phase1 packet(s) xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500
11/10/21 12:43:42 -> : resend 1 phase1 packet(s) xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500
11/10/21 12:43:47 -> : resend 1 phase1 packet(s) xx.xx.xx.xx:500 ->
yy.yy.yy.yy:500
11/10/21 12:43:52 ii : resend limit exceeded for phase1 exchange
Hi Johan,
The trace shows that Shrew did not receive a response to the packet that
it sent to the gateway. Since you indicate that the gateway logs show
nothing, it does appear that the packets may be blocked.
There have been a few other posts on the list about people having
problems with UMTS connections, but as far as I know, there's not been
any resolution. This might mean that people have solved the problem and
not written back, but it also might mean they've given up.
Something that you might try is to play with the "Maximum packet size"
and/or MTU settings in the Shrew Site Configuration. Perhaps try
changing the Maximum packet size to much smaller values (default is 540
bytes) to see if that makes a difference.
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
