Author Topic: Setting up Shrewsoft VPN client  (Read 7275 times)

Amorphous

  • Newbie
  • *
  • Posts: 43
  • Karma: +0/-0
    • View Profile
Setting up Shrewsoft VPN client
« on: February 06, 2011, 11:21:08 pm »
Thought I would post the basic settings for this free VPN client as Netscreen Remote doesnt work on Windows 7 properly. I had tried Shrewsoft before but didnt get the settings right until I tested again with the latest version (2.1.7). This was connecting to a 5gt for remote server access but will work with anything.

Here are the settings I used to connect to a firewall using:  existing PC adapter address, a manual preshared key, email user ID string, no remote DNS requirement.

Note that the Phase 1 and 2 proposal algorithms work fine when set to 'Auto'.  If you use 3des-sha for example you can specify that explicity but it worked as auto so I left as that.
 

1. Download and setup the Shrewsoft VPN software: http://www.shrew.net/home

2. Open the Shrewsoft 'Access Manager ' and Click 'Add' to add a new policy

3. Under the 'General' tab:
- Host Name or IP Address: <IP of your Netscreen or other VPN gateway>
- Auto Configuration: <disabled>
- Local Host/Address Method : <Use an Existing adapter and current address>

4. 'Client' tab:
- Firewall options: leave all as is (enable/4500/15/540)
- Other Options: Tick 'Enable Dead Peer Detection' / Tick 'Enable ISAKMP Failure..'
 
5. 'Name Resolution ' Tab:
- Untick everything (or as required)

6. 'Authentication ' tab:
- Authentication Method: <Mutual PSK>
- Local Identity: identification type 'User Fully Qualified Domain Name' / UFQDN String: <your ID string - e.g. me@myco.com>
- Remote Identity: Identification Type: 'IP Address' / Tick 'Use a discovered remote hose address'
- Credentials: enter your pre-shared key

6. 'Phase 1' tab: (set as per your firewall setup - typical settings as below)
- Exchange type: agressive
- DH Exchange: group 2
- Cipher Algorithm: auto
- Hash Algorithm: auto
- Key Life Time limit: 86400
- Key Life Data limit: 0
- Untick 'Enable Check point ..'

7. 'Phase 2' tab:
- Transform algorithm: auto
- HMAC Algorithm: auto
- PFS Exchange: auto
- Compression Algorithm: disabled
- Key Life Time limit: 3600
- Key Life Data limit: 0

8. 'Policy ' tab
- Policy generation level: 'auto'
- Tick : 'Maintain Persistent Security Associations'
- Untick : 'Obtain Topology Automatically ..'
- Click 'Add ' and enter the IP and mask of the remote PC or subnet - e.g. 192.168.20.0 / 255.255.255.0

9. Click on Save

10. Click the Connect button to open the connection window and then click the following Connect button

- The network tab will show 'Established - 1' if the link is properly up

- If it doesnt the re-check all your settings


Amorphous

  • Newbie
  • *
  • Posts: 43
  • Karma: +0/-0
    • View Profile
Re: Setting up Shrewsoft VPN client - Remote Desktop fragmented traffic
« Reply #1 on: February 27, 2011, 01:45:37 pm »
Just to add to this - some remote connections over ADSL fragment the traffic and Remote Desktop or VNC may show a blank screen on connection.

To cure this you need to lower your Windows MTU value - the value of 1438 was the largest that worked for my connections - you may find a larger value works for you - here is the command for Windows 7:


1. Goto Start, type Command in the search box, in the list right click 'Command Prompt' and select 'Run as Administrator' - the command prompt (black text box) will appear

2. For a PC using a wired connection (i.e. not wireless) type and press enter:
  netsh interface ipv4 set subinterface "Local Area Connection" mtu=1438 store=persistent

For a PC using a wireless connection type and press enter:
  netsh interface ipv4 set subinterface "Wireless Network Connection" mtu=1438 store=persistent

After you enter this it should say "ok."