Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VPN problem - VPN not responding waiting for MSG 2

Posted on 2013-01-27
16
Medium Priority
?
5,768 Views
Last Modified: 2013-02-03
I'm changing my home PC from one running XP to one running Windows 7 x64. At the moment I have them both connected to my home router (Virgin broadband) and the Watchguard VPN client is installed on both with the same current WGX file.

The XP PC can connect the VPN fine but the Windows 7 box reports the error "VPN not responding waiting for MSG 2". For now I've turned off the Windows firewall on Windows 7 but that hasn't helped.

I'm not that familiar with VPN set up so I'm baffled why XP is fine but Windows 7 isn't.

Can anyone help?

Thanks
0
Comment
Question by:funasset
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 3
16 Comments
 
LVL 71

Expert Comment

by:Qlemo
ID: 38824203
I assume you are using the IPSec client (not SSL, which is in fact OpenVPN). MSG2 is the first reply the initiator (client) expects to get - it does not, and you should see the reason on your WatchGuard for that, IF the initial packet arrives there, that is.

Did you stop the Windows Firewall service, or just switched off the firewall? The latter should be done, as the first causes strange behaviour most of the time.
Sadly, there is not much you can test, as IPSec uses a UDP connection on port 500 (switching to UDP/4500 after the first exchanges because you are behind a NAT firewall - your router). UDP connections are more hard to trace, as they are state- and sessionless.

You might want to try out Shrew VPN (http://www.shrew.net/download/vpn), a compatible, free VPN client able to read a WGX file, or update the WatchGuard client if it is older than 2010 (v11).
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 38824222
Another client to try is NCP Secure Entry (www.ncp-e.com). This is not a free client but it is best of breed, works on Windows 7 and 8 Pro 64-bit and works through double NAT arrangements. This is the client I use and I find it very much worth the cost.

.... Thinkpads_User
0
 

Author Comment

by:funasset
ID: 38824337
I'm just using the same software I had before. Dumb question - how do I know if it's using IPSec? I went in to the firewall settings and stopped any firewall I could find. Win7 seems to have more than one (domain, public) although XP could have had them but they were better hidden!

I'll check for client software updates on Watchguard and investigate the Shrew VPN as well.

Thanks

To be continued.......................
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 71

Expert Comment

by:Qlemo
ID: 38824352
If I think about it, a WGX file suggests you use the IPSec client ;-).

What you see about Domain and stuff is called Network Zones, and was invented with Vista. Depending on whether the default gateway is reachable, it is well-known already and such, the firewall determines if you are using a public hotspot or your more secure private home office, and applies different security rules for that. The zones can (and shall) be assigned as soon as a new network is detected.

So you switched off the firewall in the firewall settings - that is great, exactly what you should do. Since you are behind a router, the switched-off local firewall will not matter much (in respect to threads trying to attact from the Web).

You should also make sure you do not use the client on XP and W7 at the same time - that might introduce additional issues, as the WatchGuard might not be able to associate the connection to the client properly, and only one of both will work.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 38824520
VPN software for XP may not work in a 64-bit environment. That is why I switched to a more universal and capable IPSec client.

how do I know if it's using IPSec?  "VPN not responding waiting for MSG 2" is an IPSec type of message (two phases).

.... Thinkpads_User
0
 

Author Comment

by:funasset
ID: 38824755
"You might want to try out Shrew VPN (http://www.shrew.net/download/vpn), a compatible, free VPN client able to read a WGX file, or update the WatchGuard client if it is older than 2010 (v11)."

I looked on the Watchguard site for an updated client and it seems they are now recommending Shrew VPN! I find this a bit odd as colleagues using Windows 7 have used the same software I installed and they've had no problem.  I downloaded this anyway but it might as well be in Welsh. I couldn't see any option to read in a WGX file?

I've opened a ticket with WG support to see whether they can guide me through.

Thanks all for your help thus far - I'll update this later.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 38824807
Sorry for the WGX misinformation. Shrew cannot read it, I was mislead by the search results you get mentioning WGX files and Shrew :(.
WatchGuard describes how to create the .vpn file needed for Shrew in
http://www.watchguard.com/help/docs/webui/11/en-US/index_Left.html#CSHID=en-US%2Fmvpn%2Fipsec%2Fmvpn_ipsec_generate-profile-files_web.html|StartTopic=Content%2Fen-US%2Fmvpn%2Fipsec%2Fmvpn_ipsec_generate-profile-files_web.html

Those fellows of you using MUVPN on W7, do they have x86 or x64?

Whatsoever, seems to be a good idea to get WG itself involved.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 38824815
Shrew does work but we had to add settings in a Juniper Netscreen at a client. We have gone back to NCP because it is robust and reliable. It is not free, but where ever a connection is very important to a client, we use NCP.

.... Thinkpads_User
0
 

Author Comment

by:funasset
ID: 38824835
Thanks again all - I'll look at the details tomorrow and get back to you.
0
 

Author Comment

by:funasset
ID: 38826368
Update - just spoke to my 2 colleagues who also VPN to the office and they are both using Win7 x64 with the same Watchguard software I have installed.

WG also provided a link to instructions re creating a file to import in to Shrew but Help seems to be down as neither that link or the one kindly provided here appear to be working.

And it's only Monday..........
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 38826417
How long ago did you upgrade?

A couple of things:
1. Are you behind a double NAT? This realist from extra networking layers. That is not always fixable without upgrading to a different client that will traverse double NAT systems.

2. Do a TCP/IP repair on your PC.

3. Consider upgrading firmware on your home router.
.    Thinkpads_User
0
 

Author Comment

by:funasset
ID: 38826430
Upgrade the client software you mean? I don't know to be honest - I don't have much to do with the WG box or VPN as you can probably tell!

1.  How can I check?
2.  That's a new one on me - can you advise please?
3.  I'd need to speak to my cable provider about that. I'll look in to it.

Thanks
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 38826451
If your existing VPN application works on other computers, then in theory it should work on your mschine.

What I meant by new client application was different client software like NCP.

Talk to your cable provider first, though.
.... Thinkpads_User
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 38826648
With respect to TCP/IP:

http://support.microsoft.com/kb/299357 to reset TCP/IP  and

http://windows.microsoft.com/en-US/windows-vista/Troubleshoot-Internet-connection-problems  for general troubleshooting steps.

One more thing:  I do not do this and do not necessarily recommend it, but you might try disabling IPv6 to see if that helps. It should not interfere, but in the event it does, disabling may help.

.... Thinkpads_User
0
 

Accepted Solution

by:
funasset earned 0 total points
ID: 38830457
Well I created the wgx file again, just as I had done before and emailed it to my home account once again. I uninstalled and re-installed the WG client in exactly the same way I had done umpteen times over the weekend. I then applied the wgx file and used the exact same passwords etc as before......and the damned thing decided to connect this time. I give up.

At least if it falls over again I now know about the Shrew VPN alternative so thanks for that.

Sometimes, just sometimes I really hate technology.............

Thanks all.
0
 

Author Closing Comment

by:funasset
ID: 38848243
See previous post.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question