On 5/06/2019 6:07 PM, dpremorel wrote:
Hi !
I'm having an issue with running the VPN client on some of my machines...
The VPN server is an ISP router with an integrated VPN server that's
apparently only compatible with Shrew (Orange Livebox pro fibre v4, if
that's any help).
I'm trying to access the server from 3 different off-site networks.
The VPN client is v2.2.2 for Windows on all machines.
On network 1 : PC1 running Win7 with ethernet connection to ISP 2
router : works flawlessly
On network 1 : Laptop1 running Win10 with wifi connection to ISP 2
router : works flawlessly
On network 2 : Laptop1 on wifi to ISP 2 different site/router : works
flawlessly
On network 2 : PC2 running Win7 with ethernet connection to router :
doesn't work !
On network 3 : Laptop2 running Win7 on wifi, same ISP as server,
different site: doesn't work !
The debug logs differences between the machines that work and those
which don't start just before the message "initiator port values
should only float once per session". Apparently, after NAT traversal,
IKE packet is sent on the correct port (4500), but received on the
original port (500).
Since i have one machine with successful connection to the VPN and one
that fails on the same network (2), I assume it has to do with an
obsure (to me) configuration of Windows 7.
Thanks a million in advance for any help.
David
_______________________________________________
vpn-help mailing list
[email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
Hi David,
Assuming the two computer on network 2 connect via the same port on the
LAN side of your router and their configurations are identical other
than user or device specific information, perhaps the issue may simply
be that Shrew VPN isn't working properly on the Windows-7 computer.
I recall (many years ago now) having a problem with Shrew VPN on my
Windows-7 computer but can't be certain if it failed to install or
simply didn't work when trying to establish a connection.
What I needed to do was to create/update a registry entry for
MaxNumFilters and set it to a suitable value, currently set to 16
(decimal). Have a look at this page for guidance
(http://www.chicagotech.net/VPN/maxfilters.htm). IIRC, I removed Shrew
VPN software, created MaxNumFilters entry and rebooted before
re-installing Shrew VPN.
I have had experience where a router will have an IPEC ALG enabled and
it can't be turned off. The ALG will change the IPSEC connections source
port so it appear as coming from port 500 instead of the actual port
used by NAT. I've not found a way to get Shrew VPN working with one of
these routers which messes with the source port of the IPSEC connection.
Larry.
_______________________________________________
vpn-help mailing list
[email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
