[vpn-help] new user, fairly baffled
Howard Spindel
howard at sci1.com
Wed Mar 9 03:02:10 CST 2011
Well, of course, changing the router is a better solution. I'm
looking for a solution that, while perhaps not as good, works with the DG834.
Howard
At 12:27 AM 3/9/2011, Alexis La Goutte wrote:
>Hi,
>
>The DG834 don't support the Aggressive Mode, there is only expected
>for VPN Site at Site
>Change the router is the better solution !
>
>Regards,
>
>On Mon, Mar 7, 2011 at 9:14 PM, Howard Spindel
><<mailto:howard at sci1.com>howard at sci1.com> wrote:
>Fabio,
>
>Don't know why I'd need Dynamic DNS for the laptop. The router
>doesn't have to find the laptop - the laptop finds the router.
>
>I did look at the tutorial for the Netgear connection, but the
>DG834G is very different from the tutorial and hard to map. The
>DG834G has many fewer settings allowed than the tutorial's ProSafe router.
>
>I tried the specific suggestions you had, and it made no difference
>that I can see. Still not getting through Phase 1.
>
>Really need a cookbook approach tailored to the DG834G here.
>
>Thanks,
>Howard
>
>
>
>At 11:31 AM 3/7/2011, Fabio Cigoj wrote:
>Howard,
>
>If you have a fixed IP address on the router that's ok, but you still
>need a dynamic DNS service for the laptop.
>I am a bit confused about the router as the Netgear website states it's
>a VPn passthrough in one place and that it can support up to 5 endpoints
>somewhere else.
>Worth giving it a try anyway...provided your router supports Mode Config
>for policy generation. One of the things I am sure of is that Shrew
>talks to Netgear only if Mode Config is used.
>If that is not the case then a new router is in order.
>Did you take a look to the tutorial published on Shrew's website for
>connections with Netgear hardware ? It is written for another router,
>but shouldn't be too difficult to figure it out.
>Bear in mind that some things need to be followed exactly, one is
>example is the authentication: pre shared key only does not work; it
>needs to be PSK + XAuth.
>Another thing is that the exchange mode must be set to aggressive. I
>tried main and it didn't work.
>Local gateway on the router is the local WAN IP, while for the remote I
>used a the FQDN assigned to the laptop.
>Make sure the address range to assign to the clients is on a different
>subnet than your LAN.
>DH group must be 2
>Encryption algorithm must be 3DES and integrity algorithm must be SHA-1
>
>Wouldn't know what more to add without a clear view of router and client
>configuration, but I think you have some more things to try now.
>
>Cheers
>
>Fabio
>
>
>On 07/03/11 20:03, Howard Spindel wrote:
> > Fabio,
> >
> > I shouldn't need a Dynamic DNS service as I have a static IP for my
> > Netgear router.
> >
> > So, how would I make this work with the DG834, and what additional
> > software do I need? The Netgear config panels don't talk about it being
> > a VPN pass-through - they make it sound like a VPN endpoint.
> >
> > If I'm going to have to buy a different router to make this work, what
> > router do folks like? (I need it with a DSL modem built-in too).
> >
> > Thanks,
> > Howard
> >
> > At 05:05 AM 3/7/2011, Fabio Cigoj wrote:
> >> Howard,
> >>
> >> The DG834 is a VPN-passthough in first place, not a VPN-endpoint,
> >> which would force you set up a VPN server.
> >> From my gatherings, collected from qualified people like the author of
> >> Shrew, it seems that Netgear uses quite an old VPN stack, but there
> >> are better and worse routers.
> >> I use a 338, which, far from being perfect for my needs is a
> >> VPN-endpoint, I managed to make work in much a similar config as the
> >> one you need.
> >> The trick is to register with a (free) dynamic DNS service both your
> >> router and your laptop, so every time you connect to internet the name
> >> of your machines has the correct IP address assigned. At that point
> >> you can use the FQDN (fully qualified domain name) in the VPN config.
> >> It looks complicated, but it is(n't)
> >>
> >> Cheers
> >>
> >> Fabio
> >>
> >> On Mon, Mar 7, 2011 at 1:31 PM, Howard Spindel
> <<mailto:howard at sci1.com>howard at sci1.com
> >> <mailto:howard at sci1.com>> wrote:
> >>
> >> In all likelihood, the laptop would no be directly connected to
> >> the internet. I would be at the mercy of whomever was providing a
> >> hot spot.
> >>
> >> Is there no way to get that to work?
> >>
> >>
> >>> Hi,
> >>>
> >>> You laptop is directly connected to Internet ? (no NAT).
> >>> Because the NETGEAR DG834 support only the MAIN Mode... (and
> >>> the VPN is buggy...)
> >>>
> >>> Regards,
> >>>
> >>> On Mon, Mar 7, 2011 at 11:32 AM, Howard Spindel
> >>> <<mailto:howard at sci1.com>howard at sci1.com
> <mailto:howard at sci1.com>> wrote:
> >>>
> >>> I'm trying to setup a VPN that will allow me to connect
> >>> in to my home network (with a Netgear DG834Gv4 facing the
> >>> internet) from a Windows 7 laptop.
> >>> Can anyone provide a cookbook for setting the Netgear VPN
> >>> settings and ShrewSoft VPN client that would enable the
> >>> two to connect? I've been tearing my hair trying all
> >>> sorts of combinations, but can't get anything to work.
> >>> The VPN trace on the Win 7 laptop shows three attempts to
> >>> send phase1 packets before it hits "resend limit exceeded
> >>> for phase1 exchange" and aborts.
> >>> I am a computer programmer with 30 years experience and
> >>> lots of networking experience, but I can't figure this
> >>> one out!
> >>> Thanks,
> >>> Howard
> >>> Netgear policy page looks like this right now:
> >>> Remote VPN Endpoint: Dynamic IP address
> >>> Local LAN: IP address is set to my local subnet
> >>> Remote LAN: IP address is set to "Single PC - no subnet"
> >>> IKE direction: responder only (only choice allowed)
> >>> Exchange mode: Main mode (only choice allowed)
> >>> DH group: auto
> >>> Local ID type: WAN IP address
> >>> Remote ID type: FQDN
> >>> Encryption algorithm: 3DES
> >>> Authentication algorithm: auto
> >>> Using a pre-shared key for authentication
> >>>
> >>>
> >>> _______________________________________________
> >>> vpn-help mailing list
> >>>
> <mailto:vpn-help at lists.shrew.net>vpn-help at lists.shrew.net
> <mailto:vpn-help at lists.shrew.net>
>
> >>>
> <http://lists.shrew.net/mailman/listinfo/vpn-help>http://lists.shrew.net/mailman/listinfo/vpn-help
> >>
> >>
> >>
> >> _______________________________________________
> >> vpn-help mailing list
> >> <mailto:vpn-help at lists.shrew.net>vpn-help at lists.shrew.net
> <mailto:vpn-help at lists.shrew.net>
>
> >>
> <http://lists.shrew.net/mailman/listinfo/vpn-help>http://lists.shrew.net/mailman/listinfo/vpn-help
> >>
> >
> >
> >
> > _______________________________________________
> > vpn-help mailing list
> > <mailto:vpn-help at lists.shrew.net>vpn-help at lists.shrew.net
> > http://lists.shrew.net/mailman/listinfo/vpn-help
>
>
>
>
>_______________________________________________
>vpn-help mailing list
><mailto:vpn-help at lists.shrew.net>vpn-help at lists.shrew.net
>http://lists.shrew.net/mailman/listinfo/vpn-help
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110309/38cc4dd7/attachment-0001.html>
More information about the vpn-help
mailing list