02-25-2012 08:24 AM
I've tried the suggested configuration and it woks just for 200 seconds.
After that time I receive back :
gateway is not responding
detached from key daemon....
Tested with SRX240 10.4.8.5 junos version and Shrew 2.1.7 and 2.2.0(beta).
Any suggestion ?
03-02-2012 10:45 PM
I have this same problem and would really love to figure this out. The SRX deletes the SA after a couple minutes, then Shrew reports that the gateway is not responding and disconnects. Running Wireshark and I am not seeing Heartbeats or any packets for that matter that are coming from the SRX. From the IKE traceoption is appears that the SRX is receiving DPD packets from Shrew client.
10.4R8.5 with shrew 2.2.0.
Juniper Networks Access Manager works fine with dynamic VPN.
05-02-2012 08:58 AM
I got the same problem with Shrew and SRX: disconnects consistently after 200 sec.
The workaround is to set Phase1 key life time to 180 sec while keeping Phase2 key life time on default 28800. This will force a rekey before the SA is deleted from the SRX. Tunnel connectivity is not disrupted and the tunnels stays up.
Have been testing the tunnel using icmp for the last hour and get occasional spikes of 70ms delay, I guess because of the rekey (min latency is 35ms and avg is 40ms).
Tested with SRX210H running Junos 11.4r2.1 and Shrew 2.1.6 on Windows and on Linux (Ubuntu).
05-02-2012 09:30 AM
The proper supported IPsec VPN client is NCP: http://www.ncp-e.com.
It works with no problems, stable, reliable and fast. I think you get what you pay for 8)
09-12-2012 12:29 PM
Hey, just grappled with this
Need to tell the Shrew client what networks are going to be tunneled.
To do this open the client
Untick "Obtain Topology Automatically or Tunnel All"
Click "Add" and enter the network that you want to tunnel to
Save and reconnect, should work.
12-17-2012 12:50 AM
12-19-2012 02:54 AM
Asked Shrew Core Dev about this :
This is internal to the Shrew client, this should be fix next year.
Hope that helps,
12-24-2012 12:41 AM