On 01/05/2012 10:41 PM, Jinyan Huang wrote:
On Fri, Jan 6, 2012 at 10:52 AM, Kevin VPN<[email protected]> wrote:
On 01/02/2012 05:30 AM, Jinyan Huang wrote:
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn on
Mac and windows worked very well. But when I return to China, only VPN
on window is working. The VPN for Mac does not work. I got this error
message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only windows
version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between windows
and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. Obviously they are
different in some ways being on different OSes using different dependency
components, but I would think that the actual packets going back and forth
(which is what a network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and Windows
machines so we can compare? Maybe one is trying to do NAT-T and the other
isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
Shrew version:
windows:2.1.7
mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull configuration.
Pull is what the gateway is configured for, so you should be able to
leave it always on pull.
From the log files, I can't really see a difference between Windows and
Mac, other than of course Windows succeeds and Mac does not. The Mac
client never gets any response of any kind from the gateway, although
the destination port (500) should be open to the gateway because Windows
works.
Something that might have an effect is maximum packet size (MTU). Maybe
Windows is splitting packets into smaller pieces than Mac is and that's
why they're getting through. Try playing with the MTU, IKE
Fragmentation and the Maximum packet size in the Shrew config to see if
that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the
gateway? Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as Windows
uses. In your logs, the Mac was using IP 192.168.1.101 and Windows was
using 192.168.1.103. You could try giving the Mac IP 103 (after
disconnecting the Windows machine of course).
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
