Dear Kevin, Thank you for your suggestions. I have try them, but it still not works. The problem is the same.
I am sure it is because the network problem. For the Mac version, in France, it is OK. But in China, it does not. For windows, both are OK. I do not know how to fix this problem. When I install a windows virtual box on Mac, it is OK on that windows. Thank you. On Thu, Jan 12, 2012 at 10:20 AM, Kevin VPN <[email protected]> wrote: > On 01/05/2012 10:41 PM, Jinyan Huang wrote: >> >> >> On Fri, Jan 6, 2012 at 10:52 AM, Kevin VPN<[email protected]> wrote: >>> >>> On 01/02/2012 05:30 AM, Jinyan Huang wrote: >>>> >>>> >>>> Dear Kevin, >>>> >>>> I have strange problem for shrew VPN. When I am in France, the vpn on >>>> Mac and windows worked very well. But when I return to China, only VPN >>>> on window is working. The VPN for Mac does not work. I got this error >>>> message. Shrew vpn mac version is Ver 2.2.0. >>>> >>>> negotiation timout occurred >>>> tunnel disabled >>>> detached from key daemon >>>> >>>> I have try these twice. So I am sure for this. In China, only windows >>>> version is fine. In France, both version is OK. >>>> >>>> Maybe China blocked some port? What is the different between windows >>>> and Mac version for shrew VPN? >>>> >>> >>> Hi Jinyan, >>> >>> I'm not sure what differences might come into play. Obviously they are >>> different in some ways being on different OSes using different dependency >>> components, but I would think that the actual packets going back and >>> forth >>> (which is what a network filter would see) would be pretty similar. >>> >>> Can you provide us with iked.log trace outputs from the Mac and Windows >>> machines so we can compare? Maybe one is trying to do NAT-T and the >>> other >>> isn't? >>> >>> What version is Shrew on the Windows machine (you mention Mac is 2.2.0)? >> >> >> Dear Kevin, >> >> The attachments are windows and Mac iked log files. >> >> With windows, it works. With Mac, it does not work. >> >> For windows version, it sometimes does not work. But if I switched >> "Auto Configuration" between "ike config pull" and "ike config push", >> it will fix this problem. >> >> Shrew version: >> windows:2.1.7 >> mac:2.2.0 >> > > Hi Jinyan, > > First, you shouldn't have to switch between push and pull configuration. > Pull is what the gateway is configured for, so you should be able to leave > it always on pull. > > From the log files, I can't really see a difference between Windows and Mac, > other than of course Windows succeeds and Mac does not. The Mac client > never gets any response of any kind from the gateway, although the > destination port (500) should be open to the gateway because Windows works. > > Something that might have an effect is maximum packet size (MTU). Maybe > Windows is splitting packets into smaller pieces than Mac is and that's why > they're getting through. Try playing with the MTU, IKE Fragmentation and > the Maximum packet size in the Shrew config to see if that makes a > difference. > > Have you checked to ensure the Mac box can ping or connect to the gateway? > Can it otherwise connect to the Internet? > > Another thing would be to assign the same IP to the Mac box as Windows uses. > In your logs, the Mac was using IP 192.168.1.101 and Windows was using > 192.168.1.103. You could try giving the Mac IP 103 (after disconnecting the > Windows machine of course). > > _______________________________________________ > vpn-help mailing list > [email protected] > http://lists.shrew.net/mailman/listinfo/vpn-help _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
