Orbi WiFi 7 RBE973
Reply

Re: VPN quit working FVS318n

Creyno
Aspirant

VPN quit working FVS318n

My netgear FVS318n VPN just quit working has worked fine for years now it just will not connect here is the log from my shrewsoft client

 

 

17/06/01 09:56:31 ## : IKE Daemon, ver 2.2.2
17/06/01 09:56:31 ## : Copyright 2013 Shrew Soft Inc.
17/06/01 09:56:31 ## : This product linked OpenSSL 1.0.1c 10 May 2012
17/06/01 09:56:31 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'
17/06/01 09:56:31 ii : rebuilding vnet device list ...
17/06/01 09:56:31 ii : device ROOT\VNET\0000 disabled
17/06/01 09:56:31 ii : network process thread begin ...
17/06/01 09:56:31 ii : pfkey process thread begin ...
17/06/01 09:56:31 ii : ipc server process thread begin ...
17/06/01 09:56:31 !! : unable to connect to pfkey interface
17/06/03 09:50:37 ii : ipc client process thread begin ...
17/06/03 09:50:37 <A : peer config add message
17/06/03 09:50:37 <A : proposal config message
17/06/03 09:50:37 <A : proposal config message
17/06/03 09:50:37 <A : client config message
17/06/03 09:50:37 <A : xauth username message
17/06/03 09:50:37 <A : xauth password message
17/06/03 09:50:37 <A : local id 'client.domain.com' message
17/06/03 09:50:37 <A : preshared key message
17/06/03 09:50:37 <A : remote resource message
17/06/03 09:50:37 <A : peer tunnel enable message
17/06/03 09:50:37 DB : peer ref increment ( ref count = 1, obj count = 0 )
17/06/03 09:50:37 DB : peer added ( obj count = 1 )
17/06/03 09:50:37 ii : local address 10.0.0.41 selected for peer
17/06/03 09:50:37 DB : peer ref increment ( ref count = 2, obj count = 1 )
17/06/03 09:50:37 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
17/06/03 09:50:37 DB : tunnel added ( obj count = 1 )
17/06/03 09:50:37 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
17/06/03 09:50:37 DB : new phase1 ( ISAKMP initiator )
17/06/03 09:50:37 DB : exchange type is aggressive
17/06/03 09:50:37 DB : 10.0.0.41:500 <-> 96.89.16.233:500
17/06/03 09:50:37 DB : 7f7f678beed86b70:0000000000000000
17/06/03 09:50:37 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
17/06/03 09:50:37 DB : phase1 added ( obj count = 1 )
17/06/03 09:50:37 >> : security association payload
17/06/03 09:50:37 >> : - proposal #1 payload
17/06/03 09:50:37 >> : -- transform #1 payload
17/06/03 09:50:37 >> : -- transform #2 payload
17/06/03 09:50:37 >> : -- transform #3 payload
17/06/03 09:50:37 >> : -- transform #4 payload
17/06/03 09:50:37 >> : -- transform #5 payload
17/06/03 09:50:37 >> : -- transform #6 payload
17/06/03 09:50:37 >> : -- transform #7 payload
17/06/03 09:50:37 >> : -- transform #8 payload
17/06/03 09:50:37 >> : -- transform #9 payload
17/06/03 09:50:37 >> : -- transform #10 payload
17/06/03 09:50:37 >> : -- transform #11 payload
17/06/03 09:50:37 >> : -- transform #12 payload
17/06/03 09:50:37 >> : -- transform #13 payload
17/06/03 09:50:37 >> : -- transform #14 payload
17/06/03 09:50:37 >> : -- transform #15 payload
17/06/03 09:50:37 >> : -- transform #16 payload
17/06/03 09:50:37 >> : -- transform #17 payload
17/06/03 09:50:37 >> : -- transform #18 payload
17/06/03 09:50:37 >> : key exchange payload
17/06/03 09:50:37 >> : nonce payload
17/06/03 09:50:37 >> : identification payload
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local supports XAUTH
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local supports nat-t ( draft v00 )
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local supports nat-t ( draft v01 )
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local supports nat-t ( draft v02 )
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local supports nat-t ( draft v03 )
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local supports nat-t ( rfc )
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local supports FRAGMENTATION
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local supports DPDv1
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local is SHREW SOFT compatible
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local is NETSCREEN compatible
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local is SIDEWINDER compatible
17/06/03 09:50:37 >> : vendor id payload
17/06/03 09:50:37 ii : local is CISCO UNITY compatible
17/06/03 09:50:37 >= : cookies 7f7f678beed86b70:0000000000000000
17/06/03 09:50:37 >= : message 00000000
17/06/03 09:50:37 -> : send IKE packet 10.0.0.41:500 -> 96.89.16.233:500 ( 1213 bytes )
17/06/03 09:50:37 DB : phase1 resend event scheduled ( ref count = 2 )
17/06/03 09:50:37 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
17/06/03 09:50:42 -> : resend 1 phase1 packet(s) [0/2] 10.0.0.41:500 -> 96.89.16.233:500
17/06/03 09:50:47 -> : resend 1 phase1 packet(s) [1/2] 10.0.0.41:500 -> 96.89.16.233:500
17/06/03 09:50:52 -> : resend 1 phase1 packet(s) [2/2] 10.0.0.41:500 -> 96.89.16.233:500
17/06/03 09:50:57 ii : resend limit exceeded for phase1 exchange
17/06/03 09:50:57 ii : phase1 removal before expire time
17/06/03 09:50:57 DB : phase1 deleted ( obj count = 0 )
17/06/03 09:50:57 DB : tunnel ref decrement ( ref count = 1, obj count = 1 )
17/06/03 09:50:57 DB : policy not found
17/06/03 09:50:57 DB : policy not found
17/06/03 09:50:57 DB : policy not found
17/06/03 09:50:57 DB : policy not found
17/06/03 09:50:57 DB : policy not found
17/06/03 09:50:57 DB : policy not found
17/06/03 09:50:57 DB : removing tunnel config references
17/06/03 09:50:57 DB : removing tunnel phase2 references
17/06/03 09:50:57 DB : removing tunnel phase1 references
17/06/03 09:50:57 DB : tunnel deleted ( obj count = 0 )
17/06/03 09:50:57 DB : peer ref decrement ( ref count = 1, obj count = 1 )
17/06/03 09:50:57 DB : removing all peer tunnel references
17/06/03 09:50:57 DB : peer deleted ( obj count = 0 )
17/06/03 09:50:57 ii : ipc client process thread exit ...
17/06/03 11:04:43 ii : ipc client process thread begin ...
17/06/03 11:04:43 <A : peer config add message
17/06/03 11:04:43 <A : proposal config message
17/06/03 11:04:43 <A : proposal config message
17/06/03 11:04:43 <A : client config message
17/06/03 11:04:43 <A : xauth username message
17/06/03 11:04:43 <A : xauth password message
17/06/03 11:04:43 <A : local id 'client.domain.com' message
17/06/03 11:04:43 <A : preshared key message
17/06/03 11:04:43 <A : remote resource message
17/06/03 11:04:43 <A : peer tunnel enable message
17/06/03 11:04:43 DB : peer ref increment ( ref count = 1, obj count = 0 )
17/06/03 11:04:43 DB : peer added ( obj count = 1 )
17/06/03 11:04:43 ii : local address 10.0.0.41 selected for peer
17/06/03 11:04:43 DB : peer ref increment ( ref count = 2, obj count = 1 )
17/06/03 11:04:43 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
17/06/03 11:04:43 DB : tunnel added ( obj count = 1 )
17/06/03 11:04:43 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
17/06/03 11:04:43 DB : new phase1 ( ISAKMP initiator )
17/06/03 11:04:43 DB : exchange type is aggressive
17/06/03 11:04:43 DB : 10.0.0.41:500 <-> 96.89.16.233:500
17/06/03 11:04:43 DB : 384ec52629080fd4:0000000000000000
17/06/03 11:04:43 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
17/06/03 11:04:43 DB : phase1 added ( obj count = 1 )
17/06/03 11:04:43 >> : security association payload
17/06/03 11:04:43 >> : - proposal #1 payload
17/06/03 11:04:43 >> : -- transform #1 payload
17/06/03 11:04:43 >> : -- transform #2 payload
17/06/03 11:04:43 >> : -- transform #3 payload
17/06/03 11:04:43 >> : -- transform #4 payload
17/06/03 11:04:43 >> : -- transform #5 payload
17/06/03 11:04:43 >> : -- transform #6 payload
17/06/03 11:04:43 >> : -- transform #7 payload
17/06/03 11:04:43 >> : -- transform #8 payload
17/06/03 11:04:43 >> : -- transform #9 payload
17/06/03 11:04:43 >> : -- transform #10 payload
17/06/03 11:04:43 >> : -- transform #11 payload
17/06/03 11:04:43 >> : -- transform #12 payload
17/06/03 11:04:43 >> : -- transform #13 payload
17/06/03 11:04:43 >> : -- transform #14 payload
17/06/03 11:04:43 >> : -- transform #15 payload
17/06/03 11:04:43 >> : -- transform #16 payload
17/06/03 11:04:43 >> : -- transform #17 payload
17/06/03 11:04:43 >> : -- transform #18 payload
17/06/03 11:04:43 >> : key exchange payload
17/06/03 11:04:43 >> : nonce payload
17/06/03 11:04:43 >> : identification payload
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local supports XAUTH
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local supports nat-t ( draft v00 )
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local supports nat-t ( draft v01 )
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local supports nat-t ( draft v02 )
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local supports nat-t ( draft v03 )
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local supports nat-t ( rfc )
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local supports FRAGMENTATION
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local supports DPDv1
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local is SHREW SOFT compatible
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local is NETSCREEN compatible
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local is SIDEWINDER compatible
17/06/03 11:04:43 >> : vendor id payload
17/06/03 11:04:43 ii : local is CISCO UNITY compatible
17/06/03 11:04:43 >= : cookies 384ec52629080fd4:0000000000000000
17/06/03 11:04:43 >= : message 00000000
17/06/03 11:04:43 -> : send IKE packet 10.0.0.41:500 -> 96.89.16.233:500 ( 1213 bytes )
17/06/03 11:04:43 DB : phase1 resend event scheduled ( ref count = 2 )
17/06/03 11:04:43 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
17/06/03 11:04:48 -> : resend 1 phase1 packet(s) [0/2] 10.0.0.41:500 -> 96.89.16.233:500
17/06/03 11:04:53 -> : resend 1 phase1 packet(s) [1/2] 10.0.0.41:500 -> 96.89.16.233:500
17/06/03 11:04:58 -> : resend 1 phase1 packet(s) [2/2] 10.0.0.41:500 -> 96.89.16.233:500
17/06/03 11:05:03 ii : resend limit exceeded for phase1 exchange
17/06/03 11:05:03 ii : phase1 removal before expire time
17/06/03 11:05:03 DB : phase1 deleted ( obj count = 0 )
17/06/03 11:05:03 DB : tunnel ref decrement ( ref count = 1, obj count = 1 )
17/06/03 11:05:03 DB : policy not found
17/06/03 11:05:03 DB : policy not found
17/06/03 11:05:03 DB : policy not found
17/06/03 11:05:03 DB : policy not found
17/06/03 11:05:03 DB : policy not found
17/06/03 11:05:03 DB : policy not found
17/06/03 11:05:03 DB : removing tunnel config references
17/06/03 11:05:03 DB : removing tunnel phase2 references
17/06/03 11:05:03 DB : removing tunnel phase1 references
17/06/03 11:05:03 DB : tunnel deleted ( obj count = 0 )
17/06/03 11:05:03 DB : peer ref decrement ( ref count = 1, obj count = 1 )
17/06/03 11:05:03 DB : removing all peer tunnel references
17/06/03 11:05:03 DB : peer deleted ( obj count = 0 )
17/06/03 11:05:03 ii : ipc client process thread exit ...
17/06/03 11:10:04 ii : ipc client process thread begin ...
17/06/03 11:10:04 <A : peer config add message
17/06/03 11:10:04 <A : proposal config message
17/06/03 11:10:04 <A : proposal config message
17/06/03 11:10:04 <A : client config message
17/06/03 11:10:04 <A : xauth username message
17/06/03 11:10:04 <A : xauth password message
17/06/03 11:10:04 <A : local id 'client.domain.com' message
17/06/03 11:10:04 <A : preshared key message
17/06/03 11:10:04 <A : remote resource message
17/06/03 11:10:04 <A : peer tunnel enable message
17/06/03 11:10:04 DB : peer ref increment ( ref count = 1, obj count = 0 )
17/06/03 11:10:04 DB : peer added ( obj count = 1 )
17/06/03 11:10:04 ii : local address 10.0.0.41 selected for peer
17/06/03 11:10:04 DB : peer ref increment ( ref count = 2, obj count = 1 )
17/06/03 11:10:04 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
17/06/03 11:10:04 DB : tunnel added ( obj count = 1 )
17/06/03 11:10:04 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
17/06/03 11:10:04 DB : new phase1 ( ISAKMP initiator )
17/06/03 11:10:04 DB : exchange type is aggressive
17/06/03 11:10:04 DB : 10.0.0.41:500 <-> 96.89.16.233:500
17/06/03 11:10:04 DB : 81a9d03273d8c6f9:0000000000000000
17/06/03 11:10:04 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
17/06/03 11:10:04 DB : phase1 added ( obj count = 1 )
17/06/03 11:10:04 >> : security association payload
17/06/03 11:10:04 >> : - proposal #1 payload
17/06/03 11:10:04 >> : -- transform #1 payload
17/06/03 11:10:04 >> : -- transform #2 payload
17/06/03 11:10:04 >> : -- transform #3 payload
17/06/03 11:10:04 >> : -- transform #4 payload
17/06/03 11:10:04 >> : -- transform #5 payload
17/06/03 11:10:04 >> : -- transform #6 payload
17/06/03 11:10:04 >> : -- transform #7 payload
17/06/03 11:10:04 >> : -- transform #8 payload
17/06/03 11:10:04 >> : -- transform #9 payload
17/06/03 11:10:04 >> : -- transform #10 payload
17/06/03 11:10:04 >> : -- transform #11 payload
17/06/03 11:10:04 >> : -- transform #12 payload
17/06/03 11:10:04 >> : -- transform #13 payload
17/06/03 11:10:04 >> : -- transform #14 payload
17/06/03 11:10:04 >> : -- transform #15 payload
17/06/03 11:10:04 >> : -- transform #16 payload
17/06/03 11:10:04 >> : -- transform #17 payload
17/06/03 11:10:04 >> : -- transform #18 payload
17/06/03 11:10:04 >> : key exchange payload
17/06/03 11:10:04 >> : nonce payload
17/06/03 11:10:04 >> : identification payload
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local supports XAUTH
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local supports nat-t ( draft v00 )
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local supports nat-t ( draft v01 )
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local supports nat-t ( draft v02 )
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local supports nat-t ( draft v03 )
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local supports nat-t ( rfc )
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local supports FRAGMENTATION
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local supports DPDv1
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local is SHREW SOFT compatible
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local is NETSCREEN compatible
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local is SIDEWINDER compatible
17/06/03 11:10:04 >> : vendor id payload
17/06/03 11:10:04 ii : local is CISCO UNITY compatible
17/06/03 11:10:04 >= : cookies 81a9d03273d8c6f9:0000000000000000
17/06/03 11:10:04 >= : message 00000000
17/06/03 11:10:04 -> : send IKE packet 10.0.0.41:500 -> 96.89.16.233:500 ( 1213 bytes )
17/06/03 11:10:04 DB : phase1 resend event scheduled ( ref count = 2 )
17/06/03 11:10:04 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
17/06/03 11:10:09 -> : resend 1 phase1 packet(s) [0/2] 10.0.0.41:500 -> 96.89.16.233:500
17/06/03 11:10:14 -> : resend 1 phase1 packet(s) [1/2] 10.0.0.41:500 -> 96.89.16.233:500
17/06/03 11:10:19 -> : resend 1 phase1 packet(s) [2/2] 10.0.0.41:500 -> 96.89.16.233:500
17/06/03 11:10:24 ii : resend limit exceeded for phase1 exchange
17/06/03 11:10:24 ii : phase1 removal before expire time
17/06/03 11:10:24 DB : phase1 deleted ( obj count = 0 )
17/06/03 11:10:24 DB : tunnel ref decrement ( ref count = 1, obj count = 1 )
17/06/03 11:10:24 DB : policy not found
17/06/03 11:10:24 DB : policy not found
17/06/03 11:10:24 DB : policy not found
17/06/03 11:10:24 DB : policy not found
17/06/03 11:10:24 DB : policy not found
17/06/03 11:10:24 DB : policy not found
17/06/03 11:10:24 DB : removing tunnel config references
17/06/03 11:10:24 DB : removing tunnel phase2 references
17/06/03 11:10:24 DB : removing tunnel phase1 references
17/06/03 11:10:24 DB : tunnel deleted ( obj count = 0 )
17/06/03 11:10:24 DB : peer ref decrement ( ref count = 1, obj count = 1 )
17/06/03 11:10:24 DB : removing all peer tunnel references
17/06/03 11:10:24 DB : peer deleted ( obj count = 0 )
17/06/03 11:10:24 ii : ipc client process thread exit ...

 

Here is the log from my Netgear Client

 

20170603 13:17:41:147 Reading configuration...
20170603 13:17:41:162 IKEv1 configuration detected
20170603 13:17:41:162 No IKEv2 configuration
20170603 13:17:41:162 No SSL configuration
20170603 13:17:41:207 [VPNCONF] TGBIKE_STARTED received
20170603 13:17:49:926 Default (SA Ikev1Gateway(1)-Ikev1Tunnel(1)-P2) is opening.
20170603 13:17:50:967 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170603 13:17:55:973 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170603 13:18:00:973 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170603 13:18:05:973 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170603 13:18:10:973 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170603 13:18:15:973 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170603 13:18:15:973 Default transport_send_messages: giving up on message 0163F2D0

 

Any Ideas?

Message 1 of 16
DaneA
NETGEAR Employee Retired

Re: VPN quit working FVS318n

Hi Creyno,

 

Welcome to the community! 🙂 

 

On the web-GUI of the FVS318N, kindly try to delete existing the IKE / VPN policies then re-create them using the VPN Wizard on the FVS318N.  Use the articles below as reference guide:

 

ProSAFE VPN Client: Client to Box Configuration

 

How To NETGEAR: Shrew Soft VPN Client

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 16
Creyno
Aspirant

Re: VPN quit working FVS318n

deleted polices and recreated them not connecting still here is the log from neatgear vpn client

 

 

20170606 18:00:25:858 Reading configuration...
20170606 18:00:25:878 IKEv1 configuration detected
20170606 18:00:25:878 No IKEv2 configuration
20170606 18:00:25:878 No SSL configuration
20170606 18:00:26:255 [VPNCONF] TGBIKE_STARTED received
20170606 18:00:47:854 Upgrading configuration...
20170606 18:00:47:854 Reading configuration...
20170606 18:00:47:864 IKEv1 configuration detected
20170606 18:00:47:864 No IKEv2 configuration
20170606 18:00:47:864 Default IKE daemon is removing SAs...
20170606 18:00:47:864 No SSL configuration
20170606 18:00:47:864 Default reinitializing daemon
20170606 18:00:48:149 Default (SA Ikev1Gateway(1)-Ikev1Tunnel(1)-P2) is opening.
20170606 18:00:49:205 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170606 18:00:54:215 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170606 18:00:59:225 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170606 18:01:04:237 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170606 18:01:09:247 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170606 18:01:14:252 Default (SA Ikev1Gateway(1)-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20170606 18:01:14:252 Default transport_send_messages: giving up on message 014E06F8

 

Here is the VPN log from Router

 

 

Tue Jun 06 18:01:46 2017 (GMT -0400): [FVS318N] [IKE] INFO: Adding IKE configuration with identifier "Warren"
Tue Jun 06 18:01:46 2017 (GMT -0400): [FVS318N] [IKE] INFO: Adding IPSec configuration with identifier "Warren"
Tue Jun 06 18:00:52 2017 (GMT -0400): [FVS318N] [IKE] INFO: IPSec configuration with identifier "modeConfig0" deleted sucessfully
Tue Jun 06 18:00:52 2017 (GMT -0400): [FVS318N] [IKE] WARNING: no phase2 found for "modeConfig0"
Tue Jun 06 18:00:52 2017 (GMT -0400): [FVS318N] [IKE] ERROR: Failed to Delete the IPSec configuration with identifier "modeConfig"
Tue Jun 06 18:00:52 2017 (GMT -0400): [FVS318N] [IKE] ERROR: sainfo identifier not found ("modeConfig")
Tue Jun 06 18:00:52 2017 (GMT -0400): [FVS318N] [IKE] INFO: ModeCfg configuration with identifier "modeConfig" deleted sucessfully
Tue Jun 06 18:00:52 2017 (GMT -0400): [FVS318N] [IKE] INFO: IKE configuration with identifier "vpnclient" deleted sucessfully
Tue Jun 06 18:00:52 2017 (GMT -0400): [FVS318N] [IKE] WARNING: no phase1 found for "vpnclient"
Tue Jun 06 18:00:42 2017 (GMT -0400): [FVS318N] [IKE] INFO: IKE configuration with identifier "Warren" deleted sucessfully
Tue Jun 06 18:00:42 2017 (GMT -0400): [FVS318N] [IKE] WARNING: no phase1 found for "Warren"
Tue Jun 06 18:00:42 2017 (GMT -0400): [FVS318N] [IKE] INFO: IPSec configuration with identifier "Warren" deleted sucessfully
Tue Jun 06 18:00:42 2017 (GMT -0400): [FVS318N] [IKE] WARNING: no phase2 found for "Warren"

Message 3 of 16
DaneA
NETGEAR Employee Retired

Re: VPN quit working FVS318n

@Creyno,

 

Since you have deleted the existing the IKE / VPN policies then re-create them using the VPN Wizard on the FVS318N and since you mentioned that you are using a NETGEAR VPN Client, did you also use the VPN Wizard on the NETGEAR VPN Client as per instructions indicated on this article?

 

Kindly post screenshots of the IKE and VPN policies from the FVS318N as well as the parameters set on the NETGEAR VPN Client to further isolate the problem.  

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 4 of 16
Creyno
Aspirant

Re: VPN quit working FVS318n

vpnpol.jpgikeadv.jpgikecon.jpgipsec.jpgikepol.jpg

Message 5 of 16
DaneA
NETGEAR Employee Retired

Re: VPN quit working FVS318n

@Creyno,

 

Based on the images you have posted, it seems that everything was configured properly but it does not pass Phase 1.  Here are my suggestions below:

 

a. Make sure that the WAN IP Address registered on the FVS318N is a Public IP Address.  

b.  Since the LAN IP Address of the FVS318N is 192.168.1.0, make sure that the LAN IP Address of the PC/laptop where the NETGEAR VPN Client software is installed should be on a different subnet such as 10.10.10.0 or 192.168.18.0.  

c. If ever there is an anti-virus or software firewall installed in the PC/laptop where the NETGEAR VPN Client software is installed, try to disable it for the meantime or uninstall it.  Then, check if you will be able to establish a VPN tunnel.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 6 of 16
DaneA
NETGEAR Employee Retired

Re: VPN quit working FVS318n

@Creyno,

 

I just want to follow-up on this.  Any updates?  We’d greatly appreciate your feedback.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 7 of 16
Creyno
Aspirant

Re: VPN quit working FVS318n

Called comcast and they tell me my public Static IP cannot be reached from outside the network i can ping it on the internal network?

Message 8 of 16

Re: VPN quit working FVS318n

Creyno, you wouldn't happen to have applied a firmware update recently, would you? I ask because we use Shrewsoft as well, and we are having significant trouble connecting to the VPN lately (I've recreated everything security & user wise...am about ready to reset everything to manufacturer's defaults and work from there...and the only thing that has changed is the firmware, which I upgraded...). Your VPN log output is virtually identical with mine (when using Shrewsoft).

 

When I use my Android's NCP VPN client, however, everything works fine (with the same settings it had several months ago, and with the settings I recreated the IPSec policy with today). So...the Shrewsoft client hasn't changed since July 1, 2013 (as per their webpage); there's always Microsoft...some AV companies...and then there's NetGear's latest firmware (and the last for my firewall, the SRX5308, which means buying something new, or flashing to an earlier firmware, should the fault be found here)...

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 9 of 16
Creyno
Aspirant

Re: VPN quit working FVS318n

yes there was a firmware update now that i think about it?

Message 10 of 16

Re: VPN quit working FVS318n

Does your Firewall come with dual BIOSs? Did you update both of them to the new one? If not, can you temporarily switch to the one with the older firmware, and see if the problem continues?

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 11 of 16
Creyno
Aspirant

Re: VPN quit working FVS318n

Not aware of duel BIOS do not think mine has it 

Message 12 of 16
Creyno
Aspirant

Re: VPN quit working FVS318n

Anymore suggestions?

Model: FVS318N|ProSafe Wireless N 8 port gigabit VPN firewall
Message 13 of 16
DaneA
NETGEAR Employee Retired

Re: VPN quit working FVS318n

@Creyno,

 

Kindly create a new IKE/VPN policy using the VPN Wizard then send me the following via private message and I will try to connect here on my end:

 

a. Public WAN IP Address registered on your FVS318N

b. Pre-shared key

c. Local IP Address of your FVS318N

d. Remote Identifier

e. Local Identifier

 

Kindly access the article below as reference guide:

 

Configure an IPv4 IPSec VPN Connection between the FVS318N and a Client - read pages 8-15 

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 14 of 16
DaneA
NETGEAR Employee Retired

Re: VPN quit working FVS318n

@Creyno,

 

I just want to follow-up on this.  We’d greatly appreciate your feedback.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 15 of 16
DaneA
NETGEAR Employee Retired

Re: VPN quit working FVS318n

@Creyno,

 

I got your private message and I tried to open the VPN tunnel but failed.  It won't pass Phase 1 as per the console logs of the ProSAFE VPN Client Professional software.

 

Is the Public WAN IP Address 96.x.x.x registered to your FVS318N?  Kindly access  the web-GUI of your FVS318N then go to Monitoring > Router Status.  Then on the WAN Information section, does it show the  96.x.x.x?   If ever it matches, I suggest you to open a chat or online case with NETGEAR Support at anytime for further assistance.  It would be best if you will allow the support expert to remotely access the settings of your FVS318N for troubleshooting.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 16 of 16
Discussion stats
  • 15 replies
  • 7357 views
  • 0 kudos
  • 3 in conversation
Announcements