[vpn-help] new user, fairly baffled
Alexis La Goutte
alexis.lagoutte at gmail.com
Wed Mar 9 02:27:22 CST 2011
Hi,
The DG834 don't support the Aggressive Mode, there is only expected for VPN
Site at Site
Change the router is the better solution !
Regards,
On Mon, Mar 7, 2011 at 9:14 PM, Howard Spindel <howard at sci1.com> wrote:
> Fabio,
>
> Don't know why I'd need Dynamic DNS for the laptop. The router doesn't
> have to find the laptop - the laptop finds the router.
>
> I did look at the tutorial for the Netgear connection, but the DG834G is
> very different from the tutorial and hard to map. The DG834G has many fewer
> settings allowed than the tutorial's ProSafe router.
>
> I tried the specific suggestions you had, and it made no difference that I
> can see. Still not getting through Phase 1.
>
> Really need a cookbook approach tailored to the DG834G here.
>
> Thanks,
> Howard
>
>
>
> At 11:31 AM 3/7/2011, Fabio Cigoj wrote:
>
>> Howard,
>>
>> If you have a fixed IP address on the router that's ok, but you still
>> need a dynamic DNS service for the laptop.
>> I am a bit confused about the router as the Netgear website states it's
>> a VPn passthrough in one place and that it can support up to 5 endpoints
>> somewhere else.
>> Worth giving it a try anyway...provided your router supports Mode Config
>> for policy generation. One of the things I am sure of is that Shrew
>> talks to Netgear only if Mode Config is used.
>> If that is not the case then a new router is in order.
>> Did you take a look to the tutorial published on Shrew's website for
>> connections with Netgear hardware ? It is written for another router,
>> but shouldn't be too difficult to figure it out.
>> Bear in mind that some things need to be followed exactly, one is
>> example is the authentication: pre shared key only does not work; it
>> needs to be PSK + XAuth.
>> Another thing is that the exchange mode must be set to aggressive. I
>> tried main and it didn't work.
>> Local gateway on the router is the local WAN IP, while for the remote I
>> used a the FQDN assigned to the laptop.
>> Make sure the address range to assign to the clients is on a different
>> subnet than your LAN.
>> DH group must be 2
>> Encryption algorithm must be 3DES and integrity algorithm must be SHA-1
>>
>> Wouldn't know what more to add without a clear view of router and client
>> configuration, but I think you have some more things to try now.
>>
>> Cheers
>>
>> Fabio
>>
>>
>> On 07/03/11 20:03, Howard Spindel wrote:
>> > Fabio,
>> >
>> > I shouldn't need a Dynamic DNS service as I have a static IP for my
>> > Netgear router.
>> >
>> > So, how would I make this work with the DG834, and what additional
>> > software do I need? The Netgear config panels don't talk about it being
>> > a VPN pass-through - they make it sound like a VPN endpoint.
>> >
>> > If I'm going to have to buy a different router to make this work, what
>> > router do folks like? (I need it with a DSL modem built-in too).
>> >
>> > Thanks,
>> > Howard
>> >
>> > At 05:05 AM 3/7/2011, Fabio Cigoj wrote:
>> >> Howard,
>> >>
>> >> The DG834 is a VPN-passthough in first place, not a VPN-endpoint,
>> >> which would force you set up a VPN server.
>> >> From my gatherings, collected from qualified people like the author of
>> >> Shrew, it seems that Netgear uses quite an old VPN stack, but there
>> >> are better and worse routers.
>> >> I use a 338, which, far from being perfect for my needs is a
>> >> VPN-endpoint, I managed to make work in much a similar config as the
>> >> one you need.
>> >> The trick is to register with a (free) dynamic DNS service both your
>> >> router and your laptop, so every time you connect to internet the name
>> >> of your machines has the correct IP address assigned. At that point
>> >> you can use the FQDN (fully qualified domain name) in the VPN config.
>> >> It looks complicated, but it is(n't)
>> >>
>> >> Cheers
>> >>
>> >> Fabio
>> >>
>> >> On Mon, Mar 7, 2011 at 1:31 PM, Howard Spindel <howard at sci1.com
>> >> <mailto:howard at sci1.com>> wrote:
>> >>
>> >> In all likelihood, the laptop would no be directly connected to
>> >> the internet. I would be at the mercy of whomever was providing a
>> >> hot spot.
>> >>
>> >> Is there no way to get that to work?
>> >>
>> >>
>> >>> Hi,
>> >>>
>> >>> You laptop is directly connected to Internet ? (no NAT).
>> >>> Because the NETGEAR DG834 support only the MAIN Mode... (and
>> >>> the VPN is buggy...)
>> >>>
>> >>> Regards,
>> >>>
>> >>> On Mon, Mar 7, 2011 at 11:32 AM, Howard Spindel
>> >>> <howard at sci1.com <mailto:howard at sci1.com>> wrote:
>> >>>
>> >>> I'm trying to setup a VPN that will allow me to connect
>> >>> in to my home network (with a Netgear DG834Gv4 facing the
>> >>> internet) from a Windows 7 laptop.
>> >>> Can anyone provide a cookbook for setting the Netgear VPN
>> >>> settings and ShrewSoft VPN client that would enable the
>> >>> two to connect? I've been tearing my hair trying all
>> >>> sorts of combinations, but can't get anything to work.
>> >>> The VPN trace on the Win 7 laptop shows three attempts to
>> >>> send phase1 packets before it hits "resend limit exceeded
>> >>> for phase1 exchange" and aborts.
>> >>> I am a computer programmer with 30 years experience and
>> >>> lots of networking experience, but I can't figure this
>> >>> one out!
>> >>> Thanks,
>> >>> Howard
>> >>> Netgear policy page looks like this right now:
>> >>> Remote VPN Endpoint: Dynamic IP address
>> >>> Local LAN: IP address is set to my local subnet
>> >>> Remote LAN: IP address is set to "Single PC - no subnet"
>> >>> IKE direction: responder only (only choice allowed)
>> >>> Exchange mode: Main mode (only choice allowed)
>> >>> DH group: auto
>> >>> Local ID type: WAN IP address
>> >>> Remote ID type: FQDN
>> >>> Encryption algorithm: 3DES
>> >>> Authentication algorithm: auto
>> >>> Using a pre-shared key for authentication
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> vpn-help mailing list
>> >>> vpn-help at lists.shrew.net <mailto:vpn-help at lists.shrew.net
>> >
>>
>> >>> http://lists.shrew.net/mailman/listinfo/vpn-help
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> vpn-help mailing list
>> >> vpn-help at lists.shrew.net <mailto:vpn-help at lists.shrew.net>
>>
>> >> http://lists.shrew.net/mailman/listinfo/vpn-help
>> >>
>> >
>> >
>> >
>> > _______________________________________________
>> > vpn-help mailing list
>> > vpn-help at lists.shrew.net
>> > http://lists.shrew.net/mailman/listinfo/vpn-help
>>
>
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110309/a38ca991/attachment-0001.html>
More information about the vpn-help
mailing list