Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer
to obtain some packet. But no hints for me.
Post by Kevin VPNJinyan,
I think you are going to need to obtain some packet captures to see
what is happen with the packets that leave the Windows and Mac
clients. This should help to determine the difference in the
datagrams that may help you determine what the root cause is and
then make the necessary adjustments. I'm suspecting that it's an
MTU issue and this would be apparent in the packet captures.
-Andrew
-----Original Message----- From: vpn-help-bounces at lists.shrew.net
[mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan
vpn-help at lists.shrew.net Subject: Re: [vpn-help] What is the
different between windows and Mac version for shrew VPN?
Dear Kevin,
Thank you for your suggestions. I have try them, but it still not
works. The problem is the same.
I am sure it is because the network problem. For the Mac version,
in France, it is OK. But in China, it does not. For windows, both
are OK. I do not know how to fix this problem.
When I install a windows virtual box on Mac, it is OK on that
windows.
Thank you.
Post by Kevin VPNOn Fri, Jan 6, 2012 at 10:52 AM, Kevin VPN<kvpn at live.com>
Post by Kevin VPNDear Kevin,
I have strange problem for shrew VPN. When I am in France,
the vpn on Mac and windows worked very well. But when I
return to China, only VPN on window is working. The VPN for
Mac does not work. I got this error message. Shrew vpn mac
version is Ver 2.2.0.
negotiation timout occurred tunnel disabled detached from
key daemon
I have try these twice. So I am sure for this. In China,
only windows version is fine. In France, both version is
OK.
Maybe China blocked some port? What is the different
between windows and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play.
Obviously they are different in some ways being on different
OSes using different dependency components, but I would think
that the actual packets going back and forth (which is what a
network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac
and Windows machines so we can compare? Maybe one is trying
to do NAT-T and the other isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I
switched "Auto Configuration" between "ike config pull" and
"ike config push", it will fix this problem.
Shrew version: windows:2.1.7 mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull
configuration. Pull is what the gateway is configured for, so you
should be able to leave it always on pull.
From the log files, I can't really see a difference between
Windows and Mac, other than of course Windows succeeds and Mac
does not. The Mac client never gets any response of any kind
from the gateway, although the destination port (500) should be
open to the gateway because Windows works.
Something that might have an effect is maximum packet size
(MTU). Maybe Windows is splitting packets into smaller pieces
than Mac is and that's why they're getting through. Try playing
with the MTU, IKE Fragmentation and the Maximum packet size in
the Shrew config to see if that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the
gateway? Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as
Windows uses. In your logs, the Mac was using IP 192.168.1.101
and Windows was using 192.168.1.103. You could try giving the
Mac IP 103 (after disconnecting the Windows machine of course).