Dear all, I need help to connect a VPN Client (Windows 7, client ver. 2.2.2) with a NetGear DGND4000 router.
I have configured both NetGear DGND4000 router and VPN Client following the guide: https://www.shrew.net/support/Howto_Netgear Below the mail you will find the VPN policy configured on NetGear DGND4000, VPN client configuration, VPN client log and the router log. Any idea how to solve the issue? Lupetto # ------------------------------------------------------- # NetGear DGND4000 router configuration # ------------------------------------------------------- Address Data: Dynamic IP Local LAN: Start IP 192.168.3.0 SubnetMask 255.255.255.0 Remote LAN: Start IP 192.168.1.0 SubnetMask 255.255.255.0 IKE Direction: Responder only Exchange mode: Main Mode DH Group: Auto Local ID Type: WAN IP Address Remote ID Type: Fully Qualified Domain Name: lupetto Parameter Encryption Algorithm: 3DES Authentication Algorithm: Auto Pre-shared Key: **************** SA Life Time: 3600 Enable PFS: Off # ------------------------------------------------------- # VPN client configuration # ------------------------------------------------------- - General Tab Host Name or IP Address = Netgear WAN Internet IP address. Auto Configuration mode = ike config pull. - Phase 1 Tab The Exchange Type is set to normal (aggressive not abailable on the router) DH Exchange = group 2 - Authentication Tab Authentication Method = Mutual PSK Local Identity parameters = Fully Qualified Domain Name with a FQDN String 'lupetto' Remote Identity parameters = IP Address Use a discovered remote host address to match the IKE Policy Local Identity value. - Credentials Tab Credentials Pre Shared Key is defined as "*******************" to match the Netgear IKE Policy Pre-shared key value. - Policy Tab IPsec Policy information manually configured when communicating with Netgear gateways. # ------------------------------------------------------- # VPN trace utility # ------------------------------------------------------- 14/07/29 17:19:14 ## : IKE Daemon, ver 2.2.2 14/07/29 17:19:14 ## : Copyright 2013 Shrew Soft Inc. 14/07/29 17:19:14 ## : This product linked OpenSSL 1.0.1c 10 May 2012 14/07/29 17:19:14 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log' 14/07/29 17:19:14 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-decrypt.cap' 14/07/29 17:19:14 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-encrypt.cap' 14/07/29 17:19:14 ii : rebuilding vnet device list ... 14/07/29 17:19:14 ii : device ROOT\VNET\0000 disabled 14/07/29 17:19:14 ii : pfkey process thread begin ... 14/07/29 17:19:14 ii : network process thread begin ... 14/07/29 17:19:14 ii : ipc server process thread begin ... 14/07/29 17:19:29 ii : ipc client process thread begin ... 14/07/29 17:19:29 <A : peer config add message 14/07/29 17:19:29 <A : proposal config message 14/07/29 17:19:29 <A : proposal config message 14/07/29 17:19:29 <A : client config message 14/07/29 17:19:29 <A : local id 'lupetto' message 14/07/29 17:19:29 <A : preshared key message 14/07/29 17:19:29 <A : remote resource message 14/07/29 17:19:29 <A : peer tunnel enable message 14/07/29 17:19:29 DB : peer added ( obj count = 1 ) 14/07/29 17:19:29 ii : local address 192.168.1.65 selected for peer 14/07/29 17:19:29 DB : tunnel added ( obj count = 1 ) 14/07/29 17:19:29 DB : new phase1 ( ISAKMP initiator ) 14/07/29 17:19:29 DB : exchange type is identity protect 14/07/29 17:19:29 DB : 192.168.1.65:500 <-> <DGND4000 router IP>:500 14/07/29 17:19:29 DB : 2ae2dfbb51009338:0000000000000000 14/07/29 17:19:29 DB : phase1 added ( obj count = 1 ) 14/07/29 17:19:29 >> : security association payload 14/07/29 17:19:29 >> : - proposal #1 payload 14/07/29 17:19:29 >> : -- transform #1 payload 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local supports nat-t ( draft v00 ) 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local supports nat-t ( draft v01 ) 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local supports nat-t ( draft v02 ) 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local supports nat-t ( draft v03 ) 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local supports nat-t ( rfc ) 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local supports FRAGMENTATION 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local supports DPDv1 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local is SHREW SOFT compatible 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local is NETSCREEN compatible 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local is SIDEWINDER compatible 14/07/29 17:19:29 >> : vendor id payload 14/07/29 17:19:29 ii : local is CISCO UNITY compatible 14/07/29 17:19:29 >= : cookies 2ae2dfbb51009338:0000000000000000 14/07/29 17:19:29 >= : message 00000000 14/07/29 17:19:29 -> : send IKE packet 192.168.1.65:500 -> <DGND4000 router IP>:500 ( 360 bytes ) 14/07/29 17:19:29 DB : phase1 resend event scheduled ( ref count = 2 ) 14/07/29 17:19:29 <- : recv IKE packet <DGND4000 router IP> -> 192.168.1.65: 500 ( 40 bytes ) 14/07/29 17:19:29 DB : phase1 found 14/07/29 17:19:29 ii : processing informational packet ( 40 bytes ) 14/07/29 17:19:29 =< : cookies 2ae2dfbb51009338:6bf1dff16c98c971 14/07/29 17:19:29 =< : message 00000000 14/07/29 17:19:29 << : notification payload 14/07/29 17:19:29 ii : received peer NO-PROPOSAL-CHOSEN notification 14/07/29 17:19:29 ii : - <DGND4000 router IP>:500 -> 192.168.1.65:500 14/07/29 17:19:29 ii : - isakmp spi = none 14/07/29 17:19:29 ii : - data size 0 14/07/29 17:19:31 <A : peer tunnel disable message # ------------------------------------------------------- # VPN NetGear DGND4000 log # ------------------------------------------------------- 2014-07-29 14:16:21 [=== Receive IKE PHASE 1 Main Mode (192.168.1.65) ===] 2014-07-29 14:16:21 ****** RECEIVE PACKET PAYLOADS (SA,VID,VID,VID,VID,VID,VID, VID,VID,VID,VID)****** 2014-07-29 14:16:21 ****** SENDING NOTIFICATION (NO_PROPOSAL_CHOSEN) ****** _______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
