> 2. > > If I try to use the netgear example on the shrew website (ike config > pull), I get > > config message type is invalid for pull config” > > in the shrew trace log and > > [IKE] ISAKMP-SA established for WORKIP[4500]-REMOTEIP[4500] with > spi:2a66a846b45e6422:7b1231493b23d4cb_ > > [IKE] Sending Informational Exchange: notify payload[INITIAL-CONTACT]_ > > [IKE] Short payload_ > > in the netgear log. > > Not sure what needs to change on the client side to make it a valid config. >
I believe another user was experiencing problems with his netgear until they upgraded the firmware. Are you running the latest version? I updated to the latest firmware and YES it did help. I got a connection. But ready below for the dirt. Not exactly as in the example. > 3. > > If I change that mode to “Ike config push” and actually fill in all the > necessary info in the shrew client that was set to auto, it gets much > further, but then I get > > resend 1 phase2 packet(s) 192.168.50.132:4500 -> WORKIP:4500 > > in the shrew trace log. And > > No policy found: 192.168.2.5/32[0] 192.168.0.0/24[0] proto=any dir=in_ > 2010 Aug 18 04:16:57 [IKE] Failed to get proposal for > responder._ > > in the netgear log. Not sure if I am hosing everything with that > change. But I did get further. > > As always, any help is appreciated. I am running 2.1.6 with DPD turned > off on both ends. > You should definitely be using 'ike config pull' with netgear. They use the ipsec-tools based racoon daemon. If you still have problems after upgrading your firmware, try gathering some debug output and sending it to me directly. I'll have a look. As stated above, I got the VPN to connect and work. But not with 'ike config pull'. That still fails with an invalid config message in the shrew trace log. But if I take the exact same configuration and just change it to 'ike config push', it actually worked. Connected with an IP and able to see the internal network. Is there an issue with doing push? Doesn't make much sense to be since I didn't fill in the rest of the details (DNS, IP, etc). Nathan _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
