This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Remote Client Full Tunnel VPN with SRX5308 and Shrew Soft - Some Websites Don't Load
Hi everyone,
I've really been scratching my head on this one. Any help would be greatly appreciated.
Remote users need to access remote servers through the office, which is whitelisted for access. Since the remote servers are dynamic IPs (AWS), I'm trying to send all remote traffic through the office while we investiage better solutions. SSL VPN is not an option due to compatibility issues with modern browsers and OSes.
I have configured an IPSEC VPN for remote users. It connects, but only some websites load. Others will time out. DNS does not seem to be the issue, as a ping will resolve the IP (and some sites load). I thought it might be related to fragmentation, but my tests (ping with different packet sizes) indicate the MTU should be 1500.
Shrew Soft Client: Policy - Obtain Topology Automatically or Tunnel All
Testing/Troubleshooting
Mode Config
Connects, but local traffic only.
IP Ranges of Servers
I backtracked the ranges the servers could use, but it was the same results as tunneling all (page times out)
Netgear VPN client
Internet traffic didn't flow when I tried to set the range for the entire Internet (if I remember correctly).
L2TP (MSCHAPv2) with built-in Windows 10 client
PSK, but blank
Computers that have previously been on the internal network behind the SRX5308 will connect.
Computers that have not been on the internal network behind the SRX5308 get an error
"The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer."
Error 789 in event logs
Certifcate
Did some research, but it seemed complicated. Will likely research further.
I know I'm close, since some websites do load when connected. I'm leaning towards it still being a fragmentation/MTU issue, but I can only change that in Shrew Soft with using Mode Config. I have not tested changing the MTU on the SRX5308 yet.
This is the first time I've attempted a full tunnel this way. I'm open to any suggestions for getting this working, except for PPTP due to security concerns and SSL due to compatibility.
Re: Remote Client Full Tunnel VPN with SRX5308 and Shrew Soft - Some Websites Don't Load
Dropping the computer's MTU down to 1380 resolved this. I ended up going back up to about 1400. Might be able to go a little higher, but the sites I needed to load were fine at 1400.
Re: Remote Client Full Tunnel VPN with SRX5308 and Shrew Soft - Some Websites Don't Load
Dropping the computer's MTU down to 1380 resolved this. I ended up going back up to about 1400. Might be able to go a little higher, but the sites I needed to load were fine at 1400.
Re: Remote Client Full Tunnel VPN with SRX5308 and Shrew Soft - Some Websites Don't Load
Hi MattMS,
Thanks for sharing the solution you did to resolve the problem. 🙂
I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
