NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
FVS336Gv3 PPTP VPN for macOS Sierra
Hi Netgear community, One of our sites has a NETGEAR ProSafe™ Gigabit Dual WAN SSL VPN Firewall FVS336Gv3 which has PPTP Server enabled and setup with working users for Windows OS, there is 1 use...
L2TP/IPsec is different from IPsec only. They do have different credentials in order for the tunnel to be connected. You may use the client that I have attached on my previous reply and also for the MAC VPN mode config is attached from my previous reply also.
Please do check the hyperlinks. Thank you!
Regards,
Hi JohnCarloV/all,
Thank you for your patience. I still have this issue with the MacOS user. I followed the guides you supplied links for. The end user said his Mac connected on the VPN but disconnected almost immediately. Unfortunately he could not give me any error messages/logs. There is going to be several users that will be using IPsec method (due to be on latest MacOS) so I would prefer to try and get a generic/3rd party VPN application working. I tried to install and test the single VPN Lite application on to my local machine (Windows 10) but there is no trial option and I do not want to use up the license.
I have managed to get Shrew VPN to connect but I am not able to route any traffic externally/internally or ping any IPs on any of the ranges configured on the firewall/network. However DNS servers have been picked up and I have DNS resolution. I do get assigned the first IP in the range for the IPsec VPN upon the VPN connecting.
Here is the Shrew connection log:
config loaded for site '89.x.x.x'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled
FVS336Gv3 IPsec VPN Logs:
Wed Aug 23 11:46:08 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: 10.0.3.100 IP address has been released by remote peer.
Wed Aug 23 11:46:08 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: KA remove: 89.x.x.x[4500]->88.x.x.x[4500]
Wed Aug 23 11:46:08 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: ISAKMP-SA deleted for 89.x.x.x[4500]-88.x.x.x[4500] with spi:4fbb712c913a6dfd:26f9c9c5f4003681
Wed Aug 23 11:46:07 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: XAuthUser gledsleyips Logged Out from IP Address 88.x.x.x
Wed Aug 23 11:46:07 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=4fbb712c913a6dfd:26f9c9c5f4003681.
Wed Aug 23 11:46:07 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: XAuthUser gledsleyips Logged Out from IP Address 88.x.x.x
Wed Aug 23 11:46:07 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=830496086(0x31805d56).
Wed Aug 23 11:46:07 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'.
Wed Aug 23 11:46:07 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Deleting generated policy for 88.x.x.x[0]
Wed Aug 23 11:45:38 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 89.x.x.x->88.x.x.x with spi=830496086(0x31805d56)
Wed Aug 23 11:45:38 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 88.x.x.x->89.x.x.x with spi=197506703(0xbc5b68f)
Wed Aug 23 11:45:37 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Adjusting peer's encmode 3(3)->Tunnel(1)
Wed Aug 23 11:45:37 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: No policy found, generating the policy : 10.0.3.100/32[0] 0.0.0.0/0[0] proto=any dir=in
Wed Aug 23 11:45:37 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Using IPsec SA configuration: anonymous
Wed Aug 23 11:45:37 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Responding to new phase 2 negotiation: 89.x.x.x[0]<=>88.x.x.x[0]
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] ERROR: Ignored attribute 28680
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] ERROR: Ignored attribute 28677
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] ERROR: Cannot open "/etc/motd"
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] WARNING: Ignored attribute 28678
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] ERROR: Ignored attribute 28674
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] WARNING: Ignored attribute 5
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: 10.0.3.100 IP address is assigned to remote peer 88.x.x.x[4500]
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received attribute type "ISAKMP_CFG_REQUEST" from 88.x.x.x[4500]
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] ERROR: Cannot record event: event queue overflow
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: XAuthUser gledsleyips Logged In from IP Address 88.x.x.x
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Login succeeded for user "gledsleyips"
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received attribute type "ISAKMP_CFG_REPLY" from 88.x.x.x[4500]
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: ISAKMP-SA established for 89.x.x.x[4500]-88.x.x.x[4500] with spi:4fbb712c913a6dfd:26f9c9c5f4003681
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Sending Xauth request to 88.x.x.x[4500]
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: KA list add: 89.x.x.x[4500]->88.x.x.x[4500]
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Floating ports for NAT-T with peer 88.x.x.x[4500]
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: NAT detected: PEER
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: NAT-D payload does not match for 88.x.x.x[500]
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: NAT-D payload matches for 89.x.x.x[500]
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: For 88.x.x.x[500], Selected NAT-T version: RFC 3947
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received unknown Vendor ID
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received unknown Vendor ID
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received unknown Vendor ID
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received Vendor ID: DPD
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received Vendor ID: DPD
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received unknown Vendor ID
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received Vendor ID: RFC 3947
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received unknown Vendor ID
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received unknown Vendor ID
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received unknown Vendor ID
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Beginning Identity Protection mode.
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Received request for new phase 1 negotiation: 89.x.x.x[500]<=>88.x.x.x[500]
Wed Aug 23 11:45:36 2017 (GMT +0100): [FVS336GV3] [IKE] INFO: Anonymous configuration selected for 88.x.x.x[500].
Please advise.
Thanks.
You may still use the license key to any windows computer that you have and it is very easy to setup. Once installed, it will sync on our database so that it will not be used by another user at the same time. Unless you uninstall the client and install it to another PC. There should be no problem on using those license keys.
As I checked the logs, it seems that there might be a problem with the credentials, showing that the IDs that you used are not the same. Even the policy is not being acknowledged by the firewall itself. The best way that you can use here is the IPSec from MAC itself not the 3rd party application. It will be better if you will start from scratch rather than using your previous configuration. Recreating those policies may resolve your issue.
Regards,
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
