NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
full tunnel
2 Topics
Remote Client Full Tunnel VPN with SRX5308 and Shrew Soft - Some Websites Don't Load
Hi everyone, I've really been scratching my head on this one. Any help would be greatly appreciated. Remote users need to access remote servers through the office, which is whitelisted for access. Since the remote servers are dynamic IPs (AWS), I'm trying to send all remote traffic through the office while we investiage better solutions. SSL VPN is not an option due to compatibility issues with modern browsers and OSes. I have configured an IPSEC VPN for remote users. It connects, but only some websites load. Others will time out. DNS does not seem to be the issue, as a ping will resolve the IP (and some sites load). I thought it might be related to fragmentation, but my tests (ping with different packet sizes) indicate the MTU should be 1500. Shrew Soft Client --VPN--> Office --Whitelist--> Remote Servers Info VPN policy Local IP: Any Shrew Soft Client: Policy - Obtain Topology Automatically or Tunnel All Testing/Troubleshooting Mode Config Connects, but local traffic only. IP Ranges of Servers I backtracked the ranges the servers could use, but it was the same results as tunneling all (page times out) Netgear VPN client Internet traffic didn't flow when I tried to set the range for the entire Internet (if I remember correctly). L2TP (MSCHAPv2) with built-in Windows 10 client PSK, but blank Computers that have previously been on the internal network behind the SRX5308 will connect. Computers that have not been on the internal network behind the SRX5308 get an error "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." Error 789 in event logs Certifcate Did some research, but it seemed complicated. Will likely research further. I know I'm close, since some websites do load when connected. I'm leaning towards it still being a fragmentation/MTU issue, but I can only change that in Shrew Soft with using Mode Config. I have not tested changing the MTU on the SRX5308 yet. This is the first time I've attempted a full tunnel this way. I'm open to any suggestions for getting this working, except for PPTP due to security concerns and SSL due to compatibility. Thanks in advance!Solved3KViews0likes2Comments
