On 03/05/2012 02:43 PM, Gary Schrock wrote:
Ok, this one is kinda puzzling us. We've run into a situation using
the mac build for 2.1.7 where we can connect to our vpn when we're
connected over wireless, but not when it's connected via a wired
connection. We're using the same config file on both pc's and mac's,
and have had no problems at all with the pc's, and as I said, when
using a wireless connection it's working fine on the mac. But we've
now tried three different mac machines, and all of them work on
wireless, and not on wired using the same config.
What seems to happen is that we'll get a connection, and to the
"Tunnel enabled" part, but then either as soon as we try to send
traffic across, or 15 seconds after we've connected, we get network
unavailable, and it drops. On the wired mac, it seems unable to
establish the phase 2 portion (on all other setups, when we try
sending traffic across, our juniper firewall logs the phase 2
connection established). We get no error messages on the firewall
side with the wired mac, just never any evidence that it attempts to
establish the phase 2. All the logs on the firewall up to that point
are identical across all our configs.
So, anyone have any thoughts on what we're missing about what's
different with the wired connection on a Mac?
If you suspect phase2 is failing, the iked debug from Shrew can help
determine that (note that you may have to hunt around to find where
iked.log is on the Mac):
http://www.shrew.net/support/wiki/BugReportVpnUnix
However, I suspect the problem may be something else and Phase2 is just
a symptom. In the iked.log, we'll probably find the the phase2
negotiation packets time out because something is eating the responses
before they get back to the client.
That said, I've almost no experience with Macs, so I can't really help
more than that.
BTW, are the IP spaces used by the wired Mac and wireless Mac the same?
Is one NATted when the other isn't?
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
