On 08/01/2013 12:10 PM, Drew Majewski wrote:
Hello,
To add to this issue..I downgraded the Shrew client to 2.1.7, upgraded
Juniper to 6.3.0r14.0, and phase 2 passes just fine. I get the original
error about phase 2 failing but then it comes up just fine. If I go back
and install the later version of Shrew then it's back to the same issue as
before and the tunnel never comes up. So from what I can tell this is an
issue with Shrew 2.2.x versions passing phase 2 traffic.
I have no problem using version 2.1.7 but this will be a problem for users
who are running Windows 8. Are you able to advise on any kind of solution
for this?
Hi Drew,
This sounds like a fragmentation issue in the Phase2 negotiation
packets. Shrew 2.1.7 has fewer Phase2 options, so has smaller packets
during negotiation. Shrew 2.2.x has more and frequently generates
packets that are too large which then need to be fragmented on the
network. When the network has device that discards fragmented packets
(firewalls like to do this) it causes Phase2 negotiations in Shrew 2.2.x
to fail.
To solve this, find out what settings are used in the Phase2
negotiation, then hardcode them into the Shrew Site configuration Phase
2 tab.
You can find the required Phase2 settings either by checking the gateway
or generate a debug log from Shrew 2.1.7 that succeeds with Phase 2. If
you can't read the debug, post it here and we'll let you know what
settings are required.
Debug report instructions:
https://www.shrew.net/support/VPN_Bug_Report_Windows
_______________________________________________
vpn-help mailing list
[email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
