Discussion:
[vpn-help] What is the different between windows and Mac version for shrew VPN?
Kevin VPN
2012-01-06 02:52:16 UTC
Permalink
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn on
Mac and windows worked very well. But when I return to China, only VPN
on window is working. The VPN for Mac does not work. I got this error
message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only windows
version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between windows
and Mac version for shrew VPN?
Hi Jinyan,

I'm not sure what differences might come into play. Obviously they are
different in some ways being on different OSes using different
dependency components, but I would think that the actual packets going
back and forth (which is what a network filter would see) would be
pretty similar.

Can you provide us with iked.log trace outputs from the Mac and Windows
machines so we can compare? Maybe one is trying to do NAT-T and the
other isn't?

What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Kevin VPN
2012-01-12 02:20:04 UTC
Permalink
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn on
Mac and windows worked very well. But when I return to China, only VPN
on window is working. The VPN for Mac does not work. I got this error
message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only windows
version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between windows
and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. Obviously they are
different in some ways being on different OSes using different dependency
components, but I would think that the actual packets going back and forth
(which is what a network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and Windows
machines so we can compare? Maybe one is trying to do NAT-T and the other
isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
windows:2.1.7
mac:2.2.0
Hi Jinyan,

First, you shouldn't have to switch between push and pull configuration.
Pull is what the gateway is configured for, so you should be able to
leave it always on pull.

From the log files, I can't really see a difference between Windows and
Mac, other than of course Windows succeeds and Mac does not. The Mac
client never gets any response of any kind from the gateway, although
the destination port (500) should be open to the gateway because Windows
works.

Something that might have an effect is maximum packet size (MTU). Maybe
Windows is splitting packets into smaller pieces than Mac is and that's
why they're getting through. Try playing with the MTU, IKE
Fragmentation and the Maximum packet size in the Shrew config to see if
that makes a difference.

Have you checked to ensure the Mac box can ping or connect to the
gateway? Can it otherwise connect to the Internet?

Another thing would be to assign the same IP to the Mac box as Windows
uses. In your logs, the Mac was using IP 192.168.1.101 and Windows was
using 192.168.1.103. You could try giving the Mac IP 103 (after
disconnecting the Windows machine of course).
Jinyan Huang
2012-01-13 03:37:34 UTC
Permalink
Dear Kevin,

Thank you for your suggestions. I have try them, but it still not
works. The problem is the same.

I am sure it is because the network problem. For the Mac version, in
France, it is OK. But in China, it does not. For windows, both are OK.
I do not know how to fix this problem.

When I install a windows virtual box on Mac, it is OK on that windows.

Thank you.
Post by Kevin VPN
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn on
Mac and windows worked very well. But when I return to China, only VPN
on window is working. The VPN for Mac does not work. I got this error
message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only windows
version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between windows
and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. ?Obviously they are
different in some ways being on different OSes using different dependency
components, but I would think that the actual packets going back and forth
(which is what a network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and Windows
machines so we can compare? ?Maybe one is trying to do NAT-T and the
other
isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
?Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
? ? windows:2.1.7
? ? mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull configuration.
?Pull is what the gateway is configured for, so you should be able to leave
it always on pull.
From the log files, I can't really see a difference between Windows and Mac,
other than of course Windows succeeds and Mac does not. ?The Mac client
never gets any response of any kind from the gateway, although the
destination port (500) should be open to the gateway because Windows works.
Something that might have an effect is maximum packet size (MTU). ?Maybe
Windows is splitting packets into smaller pieces than Mac is and that's why
they're getting through. ?Try playing with the MTU, IKE Fragmentation and
the Maximum packet size in the Shrew config to see if that makes a
difference.
Have you checked to ensure the Mac box can ping or connect to the gateway?
?Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as Windows uses.
?In your logs, the Mac was using IP 192.168.1.101 and Windows was using
192.168.1.103. ?You could try giving the Mac IP 103 (after disconnecting the
Windows machine of course).
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
Roper, Andrew
2012-01-13 14:31:11 UTC
Permalink
Jinyan,

I think you are going to need to obtain some packet captures to see what is happen with the packets that leave the Windows and Mac clients. This should help to determine the difference in the datagrams that may help you determine what the root cause is and then make the necessary adjustments. I'm suspecting that it's an MTU issue and this would be apparent in the packet captures.

-Andrew

-----Original Message-----
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan Huang
Sent: Thursday, January 12, 2012 10:38 PM
To: Kevin VPN
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] What is the different between windows and Mac version for shrew VPN?

Dear Kevin,

Thank you for your suggestions. I have try them, but it still not works. The problem is the same.

I am sure it is because the network problem. For the Mac version, in France, it is OK. But in China, it does not. For windows, both are OK.
I do not know how to fix this problem.

When I install a windows virtual box on Mac, it is OK on that windows.

Thank you.
Post by Kevin VPN
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn
on Mac and windows worked very well. But when I return to China,
only VPN on window is working. The VPN for Mac does not work. I got
this error message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only
windows version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between
windows and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. ?Obviously they
are different in some ways being on different OSes using different
dependency components, but I would think that the actual packets
going back and forth (which is what a network filter would see)
would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and
Windows machines so we can compare? ?Maybe one is trying to do NAT-T
and the other isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
?Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
? ? windows:2.1.7
? ? mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull configuration.
?Pull is what the gateway is configured for, so you should be able to
leave it always on pull.
From the log files, I can't really see a difference between Windows
and Mac, other than of course Windows succeeds and Mac does not. ?The
Mac client never gets any response of any kind from the gateway,
although the destination port (500) should be open to the gateway because Windows works.
Something that might have an effect is maximum packet size (MTU). ?
Maybe Windows is splitting packets into smaller pieces than Mac is and
that's why they're getting through. ?Try playing with the MTU, IKE
Fragmentation and the Maximum packet size in the Shrew config to see
if that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the gateway?
?Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as Windows uses.
?In your logs, the Mac was using IP 192.168.1.101 and Windows was
using 192.168.1.103. ?You could try giving the Mac IP 103 (after
disconnecting the Windows machine of course).
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
Jinyan Huang
2012-01-14 03:37:45 UTC
Permalink
Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer to
obtain some packet. But no hints for me.
Post by Kevin VPN
Jinyan,
I think you are going to need to obtain some packet captures to see what is happen with the packets that leave the Windows and Mac clients. This should help to determine the difference in the datagrams that may help you determine what the root cause is and then make the necessary adjustments. I'm suspecting that it's an MTU issue and this would be apparent in the packet captures.
-Andrew
-----Original Message-----
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan Huang
Sent: Thursday, January 12, 2012 10:38 PM
To: Kevin VPN
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] What is the different between windows and Mac version for shrew VPN?
Dear Kevin,
Thank you for your suggestions. I have try them, but it still not works. The problem is the same.
I am sure it is because the network problem. For the Mac version, in France, it is OK. But in China, it does not. For windows, both are OK.
I do not know how to fix this problem.
When I install a windows virtual box on Mac, it is OK on that windows.
Thank you.
Post by Kevin VPN
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn
on Mac and windows worked very well. But when I return to China,
only VPN on window is working. The VPN for Mac does not work. I got
this error message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only
windows version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between
windows and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. ?Obviously they
are different in some ways being on different OSes using different
dependency components, but I would think that the actual packets
going back and forth (which is what a network filter would see)
would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and
Windows machines so we can compare? ?Maybe one is trying to do NAT-T
and the other isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
?Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
? ? windows:2.1.7
? ? mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull configuration.
?Pull is what the gateway is configured for, so you should be able to
leave it always on pull.
From the log files, I can't really see a difference between Windows
and Mac, other than of course Windows succeeds and Mac does not. ?The
Mac client never gets any response of any kind from the gateway,
although the destination port (500) should be open to the gateway because Windows works.
Something that might have an effect is maximum packet size (MTU).
Maybe Windows is splitting packets into smaller pieces than Mac is and
that's why they're getting through. ?Try playing with the MTU, IKE
Fragmentation and the Maximum packet size in the Shrew config to see
if that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the gateway?
?Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as Windows uses.
?In your logs, the Mac was using IP 192.168.1.101 and Windows was
using 192.168.1.103. ?You could try giving the Mac IP 103 (after
disconnecting the Windows machine of course).
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
Kevin VPN
2012-01-16 02:58:14 UTC
Permalink
Post by Jinyan Huang
Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer
to obtain some packet. But no hints for me.
On Fri, Jan 13, 2012 at 10:31 PM, Roper,
Post by Kevin VPN
Jinyan,
I think you are going to need to obtain some packet captures to see
what is happen with the packets that leave the Windows and Mac
clients. This should help to determine the difference in the
datagrams that may help you determine what the root cause is and
then make the necessary adjustments. I'm suspecting that it's an
MTU issue and this would be apparent in the packet captures.
-Andrew
-----Original Message----- From: vpn-help-bounces at lists.shrew.net
[mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan
vpn-help at lists.shrew.net Subject: Re: [vpn-help] What is the
different between windows and Mac version for shrew VPN?
Dear Kevin,
Thank you for your suggestions. I have try them, but it still not
works. The problem is the same.
I am sure it is because the network problem. For the Mac version,
in France, it is OK. But in China, it does not. For windows, both
are OK. I do not know how to fix this problem.
When I install a windows virtual box on Mac, it is OK on that
windows.
Thank you.
Post by Kevin VPN
On Fri, Jan 6, 2012 at 10:52 AM, Kevin VPN<kvpn at live.com>
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France,
the vpn on Mac and windows worked very well. But when I
return to China, only VPN on window is working. The VPN for
Mac does not work. I got this error message. Shrew vpn mac
version is Ver 2.2.0.
negotiation timout occurred tunnel disabled detached from
key daemon
I have try these twice. So I am sure for this. In China,
only windows version is fine. In France, both version is
OK.
Maybe China blocked some port? What is the different
between windows and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play.
Obviously they are different in some ways being on different
OSes using different dependency components, but I would think
that the actual packets going back and forth (which is what a
network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac
and Windows machines so we can compare? Maybe one is trying
to do NAT-T and the other isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I
switched "Auto Configuration" between "ike config pull" and
"ike config push", it will fix this problem.
Shrew version: windows:2.1.7 mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull
configuration. Pull is what the gateway is configured for, so you
should be able to leave it always on pull.
From the log files, I can't really see a difference between
Windows and Mac, other than of course Windows succeeds and Mac
does not. The Mac client never gets any response of any kind
from the gateway, although the destination port (500) should be
open to the gateway because Windows works.
Something that might have an effect is maximum packet size
(MTU). Maybe Windows is splitting packets into smaller pieces
than Mac is and that's why they're getting through. Try playing
with the MTU, IKE Fragmentation and the Maximum packet size in
the Shrew config to see if that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the
gateway? Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as
Windows uses. In your logs, the Mac was using IP 192.168.1.101
and Windows was using 192.168.1.103. You could try giving the
Mac IP 103 (after disconnecting the Windows machine of course).
Hi Jinyan,

You could try forcing the MTU to be smaller than 1380 to see if that
makes a difference.

If you've a packet capture, feel free to post it and we'll look at it.
Matthew Grooms
2012-02-15 00:29:17 UTC
Permalink
Post by Jinyan Huang
Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer
to obtain some packet. But no hints for me.
This is an interesting problem, especially since you stated that the OSX
host worked in France but not in China. I'm sure you have thought of
these, but I'll ask the questions anyway ...

1) Is this the same OSX laptop you used in both france and China?
2) Is this the same wired or wireless adapter used in both locations?
3) Have you tried connecting to the VPN using a different carrier?

Without seeing the packet dump output, it's difficult to make a good
guess as to what the problem may be.

-Matthew
Matthew Grooms
2012-02-15 00:29:17 UTC
Permalink
Post by Jinyan Huang
Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer
to obtain some packet. But no hints for me.
This is an interesting problem, especially since you stated that the OSX
host worked in France but not in China. I'm sure you have thought of
these, but I'll ask the questions anyway ...

1) Is this the same OSX laptop you used in both france and China?
2) Is this the same wired or wireless adapter used in both locations?
3) Have you tried connecting to the VPN using a different carrier?

Without seeing the packet dump output, it's difficult to make a good
guess as to what the problem may be.

-Matthew
Matthew Grooms
2012-02-15 00:29:17 UTC
Permalink
Post by Jinyan Huang
Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer
to obtain some packet. But no hints for me.
This is an interesting problem, especially since you stated that the OSX
host worked in France but not in China. I'm sure you have thought of
these, but I'll ask the questions anyway ...

1) Is this the same OSX laptop you used in both france and China?
2) Is this the same wired or wireless adapter used in both locations?
3) Have you tried connecting to the VPN using a different carrier?

Without seeing the packet dump output, it's difficult to make a good
guess as to what the problem may be.

-Matthew

Kevin VPN
2012-01-16 02:58:14 UTC
Permalink
Post by Jinyan Huang
Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer
to obtain some packet. But no hints for me.
On Fri, Jan 13, 2012 at 10:31 PM, Roper,
Post by Kevin VPN
Jinyan,
I think you are going to need to obtain some packet captures to see
what is happen with the packets that leave the Windows and Mac
clients. This should help to determine the difference in the
datagrams that may help you determine what the root cause is and
then make the necessary adjustments. I'm suspecting that it's an
MTU issue and this would be apparent in the packet captures.
-Andrew
-----Original Message----- From: vpn-help-bounces at lists.shrew.net
[mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan
vpn-help at lists.shrew.net Subject: Re: [vpn-help] What is the
different between windows and Mac version for shrew VPN?
Dear Kevin,
Thank you for your suggestions. I have try them, but it still not
works. The problem is the same.
I am sure it is because the network problem. For the Mac version,
in France, it is OK. But in China, it does not. For windows, both
are OK. I do not know how to fix this problem.
When I install a windows virtual box on Mac, it is OK on that
windows.
Thank you.
Post by Kevin VPN
On Fri, Jan 6, 2012 at 10:52 AM, Kevin VPN<kvpn at live.com>
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France,
the vpn on Mac and windows worked very well. But when I
return to China, only VPN on window is working. The VPN for
Mac does not work. I got this error message. Shrew vpn mac
version is Ver 2.2.0.
negotiation timout occurred tunnel disabled detached from
key daemon
I have try these twice. So I am sure for this. In China,
only windows version is fine. In France, both version is
OK.
Maybe China blocked some port? What is the different
between windows and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play.
Obviously they are different in some ways being on different
OSes using different dependency components, but I would think
that the actual packets going back and forth (which is what a
network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac
and Windows machines so we can compare? Maybe one is trying
to do NAT-T and the other isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I
switched "Auto Configuration" between "ike config pull" and
"ike config push", it will fix this problem.
Shrew version: windows:2.1.7 mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull
configuration. Pull is what the gateway is configured for, so you
should be able to leave it always on pull.
From the log files, I can't really see a difference between
Windows and Mac, other than of course Windows succeeds and Mac
does not. The Mac client never gets any response of any kind
from the gateway, although the destination port (500) should be
open to the gateway because Windows works.
Something that might have an effect is maximum packet size
(MTU). Maybe Windows is splitting packets into smaller pieces
than Mac is and that's why they're getting through. Try playing
with the MTU, IKE Fragmentation and the Maximum packet size in
the Shrew config to see if that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the
gateway? Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as
Windows uses. In your logs, the Mac was using IP 192.168.1.101
and Windows was using 192.168.1.103. You could try giving the
Mac IP 103 (after disconnecting the Windows machine of course).
Hi Jinyan,

You could try forcing the MTU to be smaller than 1380 to see if that
makes a difference.

If you've a packet capture, feel free to post it and we'll look at it.
Kevin VPN
2012-01-16 02:58:14 UTC
Permalink
Post by Jinyan Huang
Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer
to obtain some packet. But no hints for me.
On Fri, Jan 13, 2012 at 10:31 PM, Roper,
Post by Kevin VPN
Jinyan,
I think you are going to need to obtain some packet captures to see
what is happen with the packets that leave the Windows and Mac
clients. This should help to determine the difference in the
datagrams that may help you determine what the root cause is and
then make the necessary adjustments. I'm suspecting that it's an
MTU issue and this would be apparent in the packet captures.
-Andrew
-----Original Message----- From: vpn-help-bounces at lists.shrew.net
[mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan
vpn-help at lists.shrew.net Subject: Re: [vpn-help] What is the
different between windows and Mac version for shrew VPN?
Dear Kevin,
Thank you for your suggestions. I have try them, but it still not
works. The problem is the same.
I am sure it is because the network problem. For the Mac version,
in France, it is OK. But in China, it does not. For windows, both
are OK. I do not know how to fix this problem.
When I install a windows virtual box on Mac, it is OK on that
windows.
Thank you.
Post by Kevin VPN
On Fri, Jan 6, 2012 at 10:52 AM, Kevin VPN<kvpn at live.com>
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France,
the vpn on Mac and windows worked very well. But when I
return to China, only VPN on window is working. The VPN for
Mac does not work. I got this error message. Shrew vpn mac
version is Ver 2.2.0.
negotiation timout occurred tunnel disabled detached from
key daemon
I have try these twice. So I am sure for this. In China,
only windows version is fine. In France, both version is
OK.
Maybe China blocked some port? What is the different
between windows and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play.
Obviously they are different in some ways being on different
OSes using different dependency components, but I would think
that the actual packets going back and forth (which is what a
network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac
and Windows machines so we can compare? Maybe one is trying
to do NAT-T and the other isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I
switched "Auto Configuration" between "ike config pull" and
"ike config push", it will fix this problem.
Shrew version: windows:2.1.7 mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull
configuration. Pull is what the gateway is configured for, so you
should be able to leave it always on pull.
From the log files, I can't really see a difference between
Windows and Mac, other than of course Windows succeeds and Mac
does not. The Mac client never gets any response of any kind
from the gateway, although the destination port (500) should be
open to the gateway because Windows works.
Something that might have an effect is maximum packet size
(MTU). Maybe Windows is splitting packets into smaller pieces
than Mac is and that's why they're getting through. Try playing
with the MTU, IKE Fragmentation and the Maximum packet size in
the Shrew config to see if that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the
gateway? Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as
Windows uses. In your logs, the Mac was using IP 192.168.1.101
and Windows was using 192.168.1.103. You could try giving the
Mac IP 103 (after disconnecting the Windows machine of course).
Hi Jinyan,

You could try forcing the MTU to be smaller than 1380 to see if that
makes a difference.

If you've a packet capture, feel free to post it and we'll look at it.
Jinyan Huang
2012-01-14 03:37:45 UTC
Permalink
Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer to
obtain some packet. But no hints for me.
Post by Kevin VPN
Jinyan,
I think you are going to need to obtain some packet captures to see what is happen with the packets that leave the Windows and Mac clients. This should help to determine the difference in the datagrams that may help you determine what the root cause is and then make the necessary adjustments. I'm suspecting that it's an MTU issue and this would be apparent in the packet captures.
-Andrew
-----Original Message-----
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan Huang
Sent: Thursday, January 12, 2012 10:38 PM
To: Kevin VPN
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] What is the different between windows and Mac version for shrew VPN?
Dear Kevin,
Thank you for your suggestions. I have try them, but it still not works. The problem is the same.
I am sure it is because the network problem. For the Mac version, in France, it is OK. But in China, it does not. For windows, both are OK.
I do not know how to fix this problem.
When I install a windows virtual box on Mac, it is OK on that windows.
Thank you.
Post by Kevin VPN
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn
on Mac and windows worked very well. But when I return to China,
only VPN on window is working. The VPN for Mac does not work. I got
this error message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only
windows version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between
windows and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. ?Obviously they
are different in some ways being on different OSes using different
dependency components, but I would think that the actual packets
going back and forth (which is what a network filter would see)
would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and
Windows machines so we can compare? ?Maybe one is trying to do NAT-T
and the other isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
?Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
? ? windows:2.1.7
? ? mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull configuration.
?Pull is what the gateway is configured for, so you should be able to
leave it always on pull.
From the log files, I can't really see a difference between Windows
and Mac, other than of course Windows succeeds and Mac does not. ?The
Mac client never gets any response of any kind from the gateway,
although the destination port (500) should be open to the gateway because Windows works.
Something that might have an effect is maximum packet size (MTU).
Maybe Windows is splitting packets into smaller pieces than Mac is and
that's why they're getting through. ?Try playing with the MTU, IKE
Fragmentation and the Maximum packet size in the Shrew config to see
if that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the gateway?
?Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as Windows uses.
?In your logs, the Mac was using IP 192.168.1.101 and Windows was
using 192.168.1.103. ?You could try giving the Mac IP 103 (after
disconnecting the Windows machine of course).
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
Jinyan Huang
2012-01-14 03:37:45 UTC
Permalink
Both windows and Mac, I set MUT to 1380. I used CocoapacketAnalyzer to
obtain some packet. But no hints for me.
Post by Kevin VPN
Jinyan,
I think you are going to need to obtain some packet captures to see what is happen with the packets that leave the Windows and Mac clients. This should help to determine the difference in the datagrams that may help you determine what the root cause is and then make the necessary adjustments. I'm suspecting that it's an MTU issue and this would be apparent in the packet captures.
-Andrew
-----Original Message-----
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan Huang
Sent: Thursday, January 12, 2012 10:38 PM
To: Kevin VPN
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] What is the different between windows and Mac version for shrew VPN?
Dear Kevin,
Thank you for your suggestions. I have try them, but it still not works. The problem is the same.
I am sure it is because the network problem. For the Mac version, in France, it is OK. But in China, it does not. For windows, both are OK.
I do not know how to fix this problem.
When I install a windows virtual box on Mac, it is OK on that windows.
Thank you.
Post by Kevin VPN
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn
on Mac and windows worked very well. But when I return to China,
only VPN on window is working. The VPN for Mac does not work. I got
this error message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only
windows version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between
windows and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. ?Obviously they
are different in some ways being on different OSes using different
dependency components, but I would think that the actual packets
going back and forth (which is what a network filter would see)
would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and
Windows machines so we can compare? ?Maybe one is trying to do NAT-T
and the other isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
?Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
? ? windows:2.1.7
? ? mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull configuration.
?Pull is what the gateway is configured for, so you should be able to
leave it always on pull.
From the log files, I can't really see a difference between Windows
and Mac, other than of course Windows succeeds and Mac does not. ?The
Mac client never gets any response of any kind from the gateway,
although the destination port (500) should be open to the gateway because Windows works.
Something that might have an effect is maximum packet size (MTU).
Maybe Windows is splitting packets into smaller pieces than Mac is and
that's why they're getting through. ?Try playing with the MTU, IKE
Fragmentation and the Maximum packet size in the Shrew config to see
if that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the gateway?
?Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as Windows uses.
?In your logs, the Mac was using IP 192.168.1.101 and Windows was
using 192.168.1.103. ?You could try giving the Mac IP 103 (after
disconnecting the Windows machine of course).
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
Roper, Andrew
2012-01-13 14:31:11 UTC
Permalink
Jinyan,

I think you are going to need to obtain some packet captures to see what is happen with the packets that leave the Windows and Mac clients. This should help to determine the difference in the datagrams that may help you determine what the root cause is and then make the necessary adjustments. I'm suspecting that it's an MTU issue and this would be apparent in the packet captures.

-Andrew

-----Original Message-----
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan Huang
Sent: Thursday, January 12, 2012 10:38 PM
To: Kevin VPN
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] What is the different between windows and Mac version for shrew VPN?

Dear Kevin,

Thank you for your suggestions. I have try them, but it still not works. The problem is the same.

I am sure it is because the network problem. For the Mac version, in France, it is OK. But in China, it does not. For windows, both are OK.
I do not know how to fix this problem.

When I install a windows virtual box on Mac, it is OK on that windows.

Thank you.
Post by Kevin VPN
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn
on Mac and windows worked very well. But when I return to China,
only VPN on window is working. The VPN for Mac does not work. I got
this error message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only
windows version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between
windows and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. ?Obviously they
are different in some ways being on different OSes using different
dependency components, but I would think that the actual packets
going back and forth (which is what a network filter would see)
would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and
Windows machines so we can compare? ?Maybe one is trying to do NAT-T
and the other isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
?Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
? ? windows:2.1.7
? ? mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull configuration.
?Pull is what the gateway is configured for, so you should be able to
leave it always on pull.
From the log files, I can't really see a difference between Windows
and Mac, other than of course Windows succeeds and Mac does not. ?The
Mac client never gets any response of any kind from the gateway,
although the destination port (500) should be open to the gateway because Windows works.
Something that might have an effect is maximum packet size (MTU). ?
Maybe Windows is splitting packets into smaller pieces than Mac is and
that's why they're getting through. ?Try playing with the MTU, IKE
Fragmentation and the Maximum packet size in the Shrew config to see
if that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the gateway?
?Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as Windows uses.
?In your logs, the Mac was using IP 192.168.1.101 and Windows was
using 192.168.1.103. ?You could try giving the Mac IP 103 (after
disconnecting the Windows machine of course).
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
Roper, Andrew
2012-01-13 14:31:11 UTC
Permalink
Jinyan,

I think you are going to need to obtain some packet captures to see what is happen with the packets that leave the Windows and Mac clients. This should help to determine the difference in the datagrams that may help you determine what the root cause is and then make the necessary adjustments. I'm suspecting that it's an MTU issue and this would be apparent in the packet captures.

-Andrew

-----Original Message-----
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jinyan Huang
Sent: Thursday, January 12, 2012 10:38 PM
To: Kevin VPN
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] What is the different between windows and Mac version for shrew VPN?

Dear Kevin,

Thank you for your suggestions. I have try them, but it still not works. The problem is the same.

I am sure it is because the network problem. For the Mac version, in France, it is OK. But in China, it does not. For windows, both are OK.
I do not know how to fix this problem.

When I install a windows virtual box on Mac, it is OK on that windows.

Thank you.
Post by Kevin VPN
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn
on Mac and windows worked very well. But when I return to China,
only VPN on window is working. The VPN for Mac does not work. I got
this error message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only
windows version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between
windows and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. ?Obviously they
are different in some ways being on different OSes using different
dependency components, but I would think that the actual packets
going back and forth (which is what a network filter would see)
would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and
Windows machines so we can compare? ?Maybe one is trying to do NAT-T
and the other isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
?Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
? ? windows:2.1.7
? ? mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull configuration.
?Pull is what the gateway is configured for, so you should be able to
leave it always on pull.
From the log files, I can't really see a difference between Windows
and Mac, other than of course Windows succeeds and Mac does not. ?The
Mac client never gets any response of any kind from the gateway,
although the destination port (500) should be open to the gateway because Windows works.
Something that might have an effect is maximum packet size (MTU). ?
Maybe Windows is splitting packets into smaller pieces than Mac is and
that's why they're getting through. ?Try playing with the MTU, IKE
Fragmentation and the Maximum packet size in the Shrew config to see
if that makes a difference.
Have you checked to ensure the Mac box can ping or connect to the gateway?
?Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as Windows uses.
?In your logs, the Mac was using IP 192.168.1.101 and Windows was
using 192.168.1.103. ?You could try giving the Mac IP 103 (after
disconnecting the Windows machine of course).
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
Jinyan Huang
2012-01-13 03:37:34 UTC
Permalink
Dear Kevin,

Thank you for your suggestions. I have try them, but it still not
works. The problem is the same.

I am sure it is because the network problem. For the Mac version, in
France, it is OK. But in China, it does not. For windows, both are OK.
I do not know how to fix this problem.

When I install a windows virtual box on Mac, it is OK on that windows.

Thank you.
Post by Kevin VPN
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn on
Mac and windows worked very well. But when I return to China, only VPN
on window is working. The VPN for Mac does not work. I got this error
message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only windows
version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between windows
and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. ?Obviously they are
different in some ways being on different OSes using different dependency
components, but I would think that the actual packets going back and forth
(which is what a network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and Windows
machines so we can compare? ?Maybe one is trying to do NAT-T and the
other
isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
?Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
? ? windows:2.1.7
? ? mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull configuration.
?Pull is what the gateway is configured for, so you should be able to leave
it always on pull.
From the log files, I can't really see a difference between Windows and Mac,
other than of course Windows succeeds and Mac does not. ?The Mac client
never gets any response of any kind from the gateway, although the
destination port (500) should be open to the gateway because Windows works.
Something that might have an effect is maximum packet size (MTU). ?Maybe
Windows is splitting packets into smaller pieces than Mac is and that's why
they're getting through. ?Try playing with the MTU, IKE Fragmentation and
the Maximum packet size in the Shrew config to see if that makes a
difference.
Have you checked to ensure the Mac box can ping or connect to the gateway?
?Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as Windows uses.
?In your logs, the Mac was using IP 192.168.1.101 and Windows was using
192.168.1.103. ?You could try giving the Mac IP 103 (after disconnecting the
Windows machine of course).
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
Jinyan Huang
2012-01-13 03:37:34 UTC
Permalink
Dear Kevin,

Thank you for your suggestions. I have try them, but it still not
works. The problem is the same.

I am sure it is because the network problem. For the Mac version, in
France, it is OK. But in China, it does not. For windows, both are OK.
I do not know how to fix this problem.

When I install a windows virtual box on Mac, it is OK on that windows.

Thank you.
Post by Kevin VPN
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn on
Mac and windows worked very well. But when I return to China, only VPN
on window is working. The VPN for Mac does not work. I got this error
message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only windows
version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between windows
and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. ?Obviously they are
different in some ways being on different OSes using different dependency
components, but I would think that the actual packets going back and forth
(which is what a network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and Windows
machines so we can compare? ?Maybe one is trying to do NAT-T and the
other
isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
?Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
? ? windows:2.1.7
? ? mac:2.2.0
Hi Jinyan,
First, you shouldn't have to switch between push and pull configuration.
?Pull is what the gateway is configured for, so you should be able to leave
it always on pull.
From the log files, I can't really see a difference between Windows and Mac,
other than of course Windows succeeds and Mac does not. ?The Mac client
never gets any response of any kind from the gateway, although the
destination port (500) should be open to the gateway because Windows works.
Something that might have an effect is maximum packet size (MTU). ?Maybe
Windows is splitting packets into smaller pieces than Mac is and that's why
they're getting through. ?Try playing with the MTU, IKE Fragmentation and
the Maximum packet size in the Shrew config to see if that makes a
difference.
Have you checked to ensure the Mac box can ping or connect to the gateway?
?Can it otherwise connect to the Internet?
Another thing would be to assign the same IP to the Mac box as Windows uses.
?In your logs, the Mac was using IP 192.168.1.101 and Windows was using
192.168.1.103. ?You could try giving the Mac IP 103 (after disconnecting the
Windows machine of course).
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
Kevin VPN
2012-01-06 02:52:16 UTC
Permalink
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn on
Mac and windows worked very well. But when I return to China, only VPN
on window is working. The VPN for Mac does not work. I got this error
message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only windows
version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between windows
and Mac version for shrew VPN?
Hi Jinyan,

I'm not sure what differences might come into play. Obviously they are
different in some ways being on different OSes using different
dependency components, but I would think that the actual packets going
back and forth (which is what a network filter would see) would be
pretty similar.

Can you provide us with iked.log trace outputs from the Mac and Windows
machines so we can compare? Maybe one is trying to do NAT-T and the
other isn't?

What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Kevin VPN
2012-01-12 02:20:04 UTC
Permalink
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn on
Mac and windows worked very well. But when I return to China, only VPN
on window is working. The VPN for Mac does not work. I got this error
message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only windows
version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between windows
and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. Obviously they are
different in some ways being on different OSes using different dependency
components, but I would think that the actual packets going back and forth
(which is what a network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and Windows
machines so we can compare? Maybe one is trying to do NAT-T and the other
isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
windows:2.1.7
mac:2.2.0
Hi Jinyan,

First, you shouldn't have to switch between push and pull configuration.
Pull is what the gateway is configured for, so you should be able to
leave it always on pull.

From the log files, I can't really see a difference between Windows and
Mac, other than of course Windows succeeds and Mac does not. The Mac
client never gets any response of any kind from the gateway, although
the destination port (500) should be open to the gateway because Windows
works.

Something that might have an effect is maximum packet size (MTU). Maybe
Windows is splitting packets into smaller pieces than Mac is and that's
why they're getting through. Try playing with the MTU, IKE
Fragmentation and the Maximum packet size in the Shrew config to see if
that makes a difference.

Have you checked to ensure the Mac box can ping or connect to the
gateway? Can it otherwise connect to the Internet?

Another thing would be to assign the same IP to the Mac box as Windows
uses. In your logs, the Mac was using IP 192.168.1.101 and Windows was
using 192.168.1.103. You could try giving the Mac IP 103 (after
disconnecting the Windows machine of course).
Kevin VPN
2012-01-06 02:52:16 UTC
Permalink
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn on
Mac and windows worked very well. But when I return to China, only VPN
on window is working. The VPN for Mac does not work. I got this error
message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only windows
version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between windows
and Mac version for shrew VPN?
Hi Jinyan,

I'm not sure what differences might come into play. Obviously they are
different in some ways being on different OSes using different
dependency components, but I would think that the actual packets going
back and forth (which is what a network filter would see) would be
pretty similar.

Can you provide us with iked.log trace outputs from the Mac and Windows
machines so we can compare? Maybe one is trying to do NAT-T and the
other isn't?

What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Kevin VPN
2012-01-12 02:20:04 UTC
Permalink
Post by Kevin VPN
Dear Kevin,
I have strange problem for shrew VPN. When I am in France, the vpn on
Mac and windows worked very well. But when I return to China, only VPN
on window is working. The VPN for Mac does not work. I got this error
message. Shrew vpn mac version is Ver 2.2.0.
negotiation timout occurred
tunnel disabled
detached from key daemon
I have try these twice. So I am sure for this. In China, only windows
version is fine. In France, both version is OK.
Maybe China blocked some port? What is the different between windows
and Mac version for shrew VPN?
Hi Jinyan,
I'm not sure what differences might come into play. Obviously they are
different in some ways being on different OSes using different dependency
components, but I would think that the actual packets going back and forth
(which is what a network filter would see) would be pretty similar.
Can you provide us with iked.log trace outputs from the Mac and Windows
machines so we can compare? Maybe one is trying to do NAT-T and the other
isn't?
What version is Shrew on the Windows machine (you mention Mac is 2.2.0)?
Dear Kevin,
The attachments are windows and Mac iked log files.
With windows, it works. With Mac, it does not work.
For windows version, it sometimes does not work. But if I switched
"Auto Configuration" between "ike config pull" and "ike config push",
it will fix this problem.
windows:2.1.7
mac:2.2.0
Hi Jinyan,

First, you shouldn't have to switch between push and pull configuration.
Pull is what the gateway is configured for, so you should be able to
leave it always on pull.

From the log files, I can't really see a difference between Windows and
Mac, other than of course Windows succeeds and Mac does not. The Mac
client never gets any response of any kind from the gateway, although
the destination port (500) should be open to the gateway because Windows
works.

Something that might have an effect is maximum packet size (MTU). Maybe
Windows is splitting packets into smaller pieces than Mac is and that's
why they're getting through. Try playing with the MTU, IKE
Fragmentation and the Maximum packet size in the Shrew config to see if
that makes a difference.

Have you checked to ensure the Mac box can ping or connect to the
gateway? Can it otherwise connect to the Internet?

Another thing would be to assign the same IP to the Mac box as Windows
uses. In your logs, the Mac was using IP 192.168.1.101 and Windows was
using 192.168.1.103. You could try giving the Mac IP 103 (after
disconnecting the Windows machine of course).
Loading...