Cannot launch multiple connections using Shrew Soft VPN

Question

I am on Windows 10. I am using Shrew Soft VPN to connect to two VPN servers. I was able to connect to both at the same time. ipconfig would show two virtual adapters with the expected IPs. While trying to debug an issue with intermittent connections to one of the VPN servers, I uninstalled and reinstalled Shrew Soft VPN. Now I am not able to connect to multiple VPN servers at the same time.

If I launch a second connection while I am already connected to the first one, the virtual adapter shows up, but is in a disconnected state (Media disconnected). If I disconnect from the first connection, then ipconfig shows the virtual adapter but now it is connected and has the expected IP.

I am not sure what I changed; all I did was reinstall the client. Has anyone seen this particular issue? Or is there a way to debug this issue -- anything I should look into?

UPDATE

I have verified that Cisco AnyConnect Network Access Manager (which comes with Cisco AnyConnect Secure Mobility Client) is responsible; it is designed to allow only one connection at a time. When it sees the second tunnel being made, it will intervene and disconnect it.

You can see this from the logs (using Get-EventLog -LogName "Cisco AnyConnect Network Access Manager") when connecting. Here are some pertinent entries. When establishing the first tunnel everything proceeds normally:

256940 May 22 08:49  Information NAM     1677728607 5848: USNB5CG85105Y8: May 22 2019 08:49:09.245 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Binding adapter Shrew Soft Virtual Adapter and machine auth for network wired
256939 May 22 08:49  Information NAM     1677728607 5847: USNB5CG85105Y8: May 22 2019 08:49:09.245 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Network wired: AccessStateMachine current state = ACCESS_STARTED, received userEvent = ATTACH_ADAPTER
256938 May 22 08:49  Information NAM     1677728607 5846: USNB5CG85105Y8: May 22 2019 08:49:09.235 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Clear scheduled datagrams for new accepted connections.
256936 May 22 08:49  Information NAM     1677728606 5845: USNB5CG85105Y8: May 22 2019 08:49:09.234 +0700: %NAM-6-INFO_MSG:     %[tid=4856]: matching adapter {367A782C-375C-447C-9963-B0298B9AD093} and network wired ...
256934 May 22 08:49  Information NAM     1677728607 5844: USNB5CG85105Y8: May 22 2019 08:49:09.234 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Not a user connection attempt during logon
256932 May 22 08:49  Information NAM     1677728607 5843: USNB5CG85105Y8: May 22 2019 08:49:09.234 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: starting makeMatches...
256931 May 22 08:49  Information NAM     1677728607 5842: USNB5CG85105Y8: May 22 2019 08:49:09.234 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: handleEventAndDoStateTransitionAction action : ACTION_DISCONNECT_LINK_CHANGED
256930 May 22 08:49  Information NAM     1677728607 5841: USNB5CG85105Y8: May 22 2019 08:49:09.233 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: ACE: adapter SM state change: STATE_DISCONNECTED_LINK_DOWN -> STATE_DISCONNECTED_LINK_UP
256929 May 22 08:49  Information NAM     1677728607 5840: USNB5CG85105Y8: May 22 2019 08:49:09.233 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: ACE: adapter SM current: state(STATE_DISCONNECTED_LINK_DOWN), event(EVENT_LINK_UP)
256928 May 22 08:49  Information NAM     1677728607 5839: USNB5CG85105Y8: May 22 2019 08:49:09.233 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: AceAdapterImpl::linkUpStatusEvent()
256927 May 22 08:49  Information NAM     1677728607 5838: USNB5CG85105Y8: May 22 2019 08:49:09.233 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Sending port up status after querying link state
256926 May 22 08:49  Information NAM     1677728607 5837: USNB5CG85105Y8: May 22 2019 08:49:09.233 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: PortUpStatusEventImpl::processEvent()
256925 May 22 08:49  Warning     NAM     2751470428 5836: USNB5CG85105Y8: May 22 2019 08:49:09.233 +0700: %NAM-4-WARNING_MSG:  %[tid=4920][comp=SAE]: NET (0) *WARNING: SscfCallback(3): BSSID OID query failed -- continuing with link event
256921 May 22 08:49  Information NAM     1677728607 5835: USNB5CG85105Y8: May 22 2019 08:49:08.296 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: handleEventAndDoStateTransitionAction action : <unknown>
256920 May 22 08:49  Information NAM     1677728607 5834: USNB5CG85105Y8: May 22 2019 08:49:08.296 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: ACE: adapter SM current: state(STATE_DISCONNECTED_LINK_DOWN), event(EVENT_LINK_DOWN)
256919 May 22 08:49  Information NAM     1677728607 5833: USNB5CG85105Y8: May 22 2019 08:49:08.296 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Matchmaking for media type mobile-broadband failed because there are no available networks.
256918 May 22 08:49  Information NAM     1677728607 5832: USNB5CG85105Y8: May 22 2019 08:49:08.296 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Not a user connection attempt during logon
256917 May 22 08:49  Information NAM     1677728607 5831: USNB5CG85105Y8: May 22 2019 08:49:08.296 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Matchmaking for media type 802.11(wifi) failed because there are no available networks.
256916 May 22 08:49  Information NAM     1677728607 5830: USNB5CG85105Y8: May 22 2019 08:49:08.296 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Matchmaking for media type 802.11(wifi) failed because there are no available adapters.
256915 May 22 08:49  Information NAM     1677728607 5829: USNB5CG85105Y8: May 22 2019 08:49:08.296 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Not a user connection attempt during logon
256914 May 22 08:49  Information NAM     1677728607 5828: USNB5CG85105Y8: May 22 2019 08:49:08.296 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Matchmaking for media type 802.3(wired) failed because there are no available adapters.
256913 May 22 08:49  Information NAM     1677728607 5827: USNB5CG85105Y8: May 22 2019 08:49:08.296 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: starting makeMatches...
256912 May 22 08:49  Information NAM     1677728607 5826: USNB5CG85105Y8: May 22 2019 08:49:08.296 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: handleEventAndDoStateTransitionAction action : <unknown>
256911 May 22 08:49  Information NAM     1677728607 5825: USNB5CG85105Y8: May 22 2019 08:49:08.295 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: ACE: adapter SM current: state(STATE_DISCONNECTED_LINK_DOWN), event(EVENT_AUTH_SUCCESS)
256910 May 22 08:49  Information NAM     1677728607 5824: USNB5CG85105Y8: May 22 2019 08:49:08.295 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: {367A782C-375C-447C-9963-B0298B9AD093} - Received STATE_AUTHENTICATED
256909 May 22 08:49  Information NAM     1677728607 5823: USNB5CG85105Y8: May 22 2019 08:49:08.295 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: handleEventAndDoStateTransitionAction action : <unknown>
256908 May 22 08:49  Information NAM     1677728607 5822: USNB5CG85105Y8: May 22 2019 08:49:08.295 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: ACE: adapter SM current: state(STATE_UNBOUND), event(EVENT_UNBOUND)
256907 May 22 08:49  Information NAM     1677728607 5821: USNB5CG85105Y8: May 22 2019 08:49:08.295 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: {A5264957-D6BB-45A3-BA0B-3605ED773728}: symbolic name unbound
256906 May 22 08:49  Information NAM     1677728606 5820: USNB5CG85105Y8: May 22 2019 08:49:08.295 +0700: %NAM-6-INFO_MSG:     %[tid=4896][mac=1,6,aa:aa:aa:2c:ad:00]: {367A782C-375C-447C-9963-B0298B9AD093}: Port State AUTHENTICATED and status 8021x_FORCED_AUTH
256905 May 22 08:49  Information NAM     1677728606 5819: USNB5CG85105Y8: May 22 2019 08:49:08.295 +0700: %NAM-6-INFO_MSG:     %[tid=4856]: Adapter controlled: {367A782C-375C-447C-9963-B0298B9AD093}
256904 May 22 08:49  Information NAM     1677728607 5818: USNB5CG85105Y8: May 22 2019 08:49:08.294 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: {367A782C-375C-447C-9963-B0298B9AD093}: Calling acPortAttach

When establishing the second tunnel, Cisco AnyConnect NAM will disconnect it because a maximum of one connection is allowed:

257106 May 22 08:59  Information NAM     1677728607 5974: USNB5CG85105Y8: May 22 2019 08:59:14.398 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: handleEventAndDoStateTransitionAction action : <unknown>
257105 May 22 08:59  Information NAM     1677728606 5973: USNB5CG85105Y8: May 22 2019 08:59:14.398 +0700: %NAM-6-INFO_MSG:     %[tid=4896][mac=1,6,aa:aa:aa:2c:a2:01]: {A5264957-D6BB-45A3-BA0B-3605ED773728}: Port State UNAUTHENTICATED and status 8021x_FORCED_UNAUTH
257104 May 22 08:59  Information NAM     1677728607 5972: USNB5CG85105Y8: May 22 2019 08:59:14.398 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: ACE: adapter SM current: state(STATE_DISCONNECTED_LINK_UP), event(EVENT_AUTH_FAIL)
257103 May 22 08:59  Information NAM     1677728607 5971: USNB5CG85105Y8: May 22 2019 08:59:14.397 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: {A5264957-D6BB-45A3-BA0B-3605ED773728}: Closing the port
257102 May 22 08:59  Information NAM     1677728607 5970: USNB5CG85105Y8: May 22 2019 08:59:14.397 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: closing adapter (name = Shrew Soft Virtual Adapter #2)
257101 May 22 08:59  Information NAM     1677728607 5969: USNB5CG85105Y8: May 22 2019 08:59:14.397 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: skipping (matched) adapter Shrew Soft Virtual Adapter
257099 May 22 08:59  Information NAM     1677728607 5968: USNB5CG85105Y8: May 22 2019 08:59:14.397 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: {C0D2996D-6BF1-4B40-84E2-AACAAA70FBB8}: Closing the port
257098 May 22 08:59  Information NAM     1677728607 5967: USNB5CG85105Y8: May 22 2019 08:59:14.397 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: closing adapter (name = Intel(R) Ethernet Connection (4) I219-LM)
257096 May 22 08:59  Information NAM     1677728607 5966: USNB5CG85105Y8: May 22 2019 08:59:14.396 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: No matches were made for media type 802.3(wired) because the maximum number of matches had already been made.
257094 May 22 08:59  Information NAM     1677728607 5965: USNB5CG85105Y8: May 22 2019 08:59:14.396 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: starting makeMatches...
257093 May 22 08:59  Information NAM     1677728607 5964: USNB5CG85105Y8: May 22 2019 08:59:14.396 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: handleEventAndDoStateTransitionAction action : ACTION_DISCONNECT_LINK_CHANGED
257092 May 22 08:59  Information NAM     1677728607 5963: USNB5CG85105Y8: May 22 2019 08:59:14.396 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: ACE: adapter SM state change: STATE_DISCONNECTED_LINK_DOWN -> STATE_DISCONNECTED_LINK_UP
257091 May 22 08:59  Information NAM     1677728607 5962: USNB5CG85105Y8: May 22 2019 08:59:14.396 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: ACE: adapter SM current: state(STATE_DISCONNECTED_LINK_DOWN), event(EVENT_LINK_UP)
257090 May 22 08:59  Information NAM     1677728607 5961: USNB5CG85105Y8: May 22 2019 08:59:14.396 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: AceAdapterImpl::linkUpStatusEvent()
257089 May 22 08:59  Information NAM     1677728607 5960: USNB5CG85105Y8: May 22 2019 08:59:14.396 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: Sending port up status after querying link state
257088 May 22 08:59  Information NAM     1677728607 5959: USNB5CG85105Y8: May 22 2019 08:59:14.395 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: PortUpStatusEventImpl::processEvent()
257087 May 22 08:59  Warning     NAM     2751470428 5958: USNB5CG85105Y8: May 22 2019 08:59:14.395 +0700: %NAM-4-WARNING_MSG:  %[tid=4920][comp=SAE]: NET (0) *WARNING: SscfCallback(4): BSSID OID query failed -- continuing with link event
257084 May 22 08:59  Information NAM     1677728607 5957: USNB5CG85105Y8: May 22 2019 08:59:13.463 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: No matches were made for media type 802.3(wired) because the maximum number of matches had already been made.
257082 May 22 08:59  Information NAM     1677728607 5956: USNB5CG85105Y8: May 22 2019 08:59:13.463 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: starting makeMatches...
257081 May 22 08:59  Information NAM     1677728607 5955: USNB5CG85105Y8: May 22 2019 08:59:13.460 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: handleEventAndDoStateTransitionAction action : <unknown>
257080 May 22 08:59  Information NAM     1677728607 5954: USNB5CG85105Y8: May 22 2019 08:59:13.454 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: ACE: adapter SM current: state(STATE_DISCONNECTED_LINK_DOWN), event(EVENT_LINK_DOWN)
257079 May 22 08:59  Information NAM     1677728607 5953: USNB5CG85105Y8: May 22 2019 08:59:13.446 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: handleEventAndDoStateTransitionAction action : <unknown>
257078 May 22 08:59  Information NAM     1677728607 5952: USNB5CG85105Y8: May 22 2019 08:59:13.440 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: ACE: adapter SM current: state(STATE_DISCONNECTED_LINK_DOWN), event(EVENT_AUTH_SUCCESS)
257077 May 22 08:59  Information NAM     1677728607 5951: USNB5CG85105Y8: May 22 2019 08:59:13.434 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: {A5264957-D6BB-45A3-BA0B-3605ED773728} - Received STATE_AUTHENTICATED
257076 May 22 08:59  Information NAM     1677728606 5950: USNB5CG85105Y8: May 22 2019 08:59:13.425 +0700: %NAM-6-INFO_MSG:     %[tid=4856]: Adapter controlled: {A5264957-D6BB-45A3-BA0B-3605ED773728}
257075 May 22 08:59  Information NAM     1677728606 5949: USNB5CG85105Y8: May 22 2019 08:59:13.425 +0700: %NAM-6-INFO_MSG:     %[tid=4896][mac=1,6,aa:aa:aa:2c:a2:01]: {A5264957-D6BB-45A3-BA0B-3605ED773728}: Port State AUTHENTICATED and status 8021x_FORCED_AUTH
257074 May 22 08:59  Information NAM     1677728607 5948: USNB5CG85105Y8: May 22 2019 08:59:13.425 +0700: %NAM-7-DEBUG_MSG:    %[tid=4856]: {A5264957-D6BB-45A3-BA0B-3605ED773728}: Calling acPortAttach

The way forward would be to figure out a way to stop Cisco NAM from managing these virtual adapters.

Answer 1

I was able to figure this out. The solution is to use nvspbind and disable the Cisco AnyConnect Network Access Manager Filter on the virtual adapters. You will need to run nvspbind from an admin PowerShell prompt.

First, you will need to identify the names of your virtual adapters. I did that with the following command .\nvspbind.exe | Select-String -Pattern "Shrew Soft Virtual Adapter" -Context 0,1. On my machine I had Local Area Connection* 10 and Local Area Connection* 12.

I then disabled the Cisco NAM filter as follows:

• .\nvspbind.exe /d "Local Area Connection* 10" csco_acnamfd
• .\nvspbind.exe /d "Local Area Connection* 12" csco_acnamfd

You can verify that the filter is disabled by running nvspbind without any arguments and scrolling until you find your connection. You should see something like the following:

{FB3E5E2E-036C-496A-8357-D5631A7961B8}
"vnet"
"Shrew Soft Virtual Adapter"
"Local Area Connection* 10":
  enabled: ms_msclient (Client for Microsoft Networks)
  enabled: ms_server (File and Printer Sharing for Microsoft Networks)
  enabled: ms_wfplwf_upper (WFP 802.3 MAC Layer LightWeight Filter)
  disabled: vms_pp (Hyper-V Extensible Virtual Switch)
  enabled: ms_pacer (QoS Packet Scheduler)
  enabled: ms_tcpip (Internet Protocol Version 4 (TCP/IPv4))
  enabled: ms_lldp (Microsoft LLDP Protocol Driver)
  enabled: ms_netbt (WINS Client(TCP/IP) Protocol)
  enabled: ms_rdma_ndk (Microsoft RDMA - NDK)
  disabled: ms_implat (Microsoft Network Adapter Multiplexor Protocol)
  enabled: ms_tcpip6 (Internet Protocol Version 6 (TCP/IPv6))
  enabled: ms_rspndr (Link-Layer Topology Discovery Responder)
  enabled: ms_pppoe (Point to Point Protocol Over Ethernet)
  enabled: ms_ndisuio (NDIS Usermode I/O Protocol)
  enabled: symc_teefer2 (Symantec Endpoint Protection Firewall)
  enabled: ms_lltdio (Link-Layer Topology Discovery Mapper I/O Driver)
  enabled: ms_netbios (NetBIOS Interface)
  enabled: ms_wfplwf_lower (WFP Native MAC Layer LightWeight Filter)
  enabled: ms_ndiscap (Microsoft NDIS Capture)
  disabled: csco_acnamfd (Cisco AnyConnect Network Access Manager Filter Driver) <--- should be disabled
  enabled: vflt (Shrew Soft Lightweight Filter)

Once this is done, you should be able to establish multiple tunnels at the same time. This also took care of another issue I was facing, where after I established a tunnel through Shrew Soft VPN, Cisco NAM would mess up the routes by intermittently preventing certain ones from being added (which prevented me from reaching the hosts I wanted).