[vpn-help] new user, fairly baffled

Howard Spindel howard at sci1.com
Wed Mar 9 03:02:10 CST 2011


Well, of course, changing the router is a better solution.  I'm 
looking for a solution that, while perhaps not as good, works with the DG834.

Howard


At 12:27 AM 3/9/2011, Alexis La Goutte wrote:
>Hi,
>
>The DG834 don't support the Aggressive Mode, there is only expected 
>for VPN Site at Site
>Change the router is the better solution !
>
>Regards,
>
>On Mon, Mar 7, 2011 at 9:14 PM, Howard Spindel 
><<mailto:howard at sci1.com>howard at sci1.com> wrote:
>Fabio,
>
>Don't know why I'd need Dynamic DNS for the laptop.  The router 
>doesn't have to find the laptop - the laptop finds the router.
>
>I did look at the tutorial for the Netgear connection, but the 
>DG834G is very different from the tutorial and hard to map.  The 
>DG834G has many fewer settings allowed than the tutorial's ProSafe router.
>
>I tried the specific suggestions you had, and it made no difference 
>that I can see.  Still not getting through Phase 1.
>
>Really need a cookbook approach tailored to the DG834G here.
>
>Thanks,
>Howard
>
>
>
>At 11:31 AM 3/7/2011, Fabio Cigoj wrote:
>Howard,
>
>If you have a fixed IP address on the router that's ok, but you still
>need a dynamic DNS service for the laptop.
>I am a bit confused about the router as the Netgear website states it's
>a VPn passthrough in one place and that it can support up to 5 endpoints
>somewhere else.
>Worth giving it a try anyway...provided your router supports Mode Config
>for policy generation. One of the things I am sure of is that Shrew
>talks to Netgear only if Mode Config is used.
>If that is not the case then a new router is in order.
>Did you take a look to the tutorial published on Shrew's website for
>connections with Netgear hardware ? It is written for another router,
>but shouldn't be too difficult to figure it out.
>Bear in mind that some things need to be followed exactly, one is
>example is the authentication: pre shared key only does not work; it
>needs to be PSK + XAuth.
>Another thing is that the exchange mode must be set to aggressive. I
>tried main and it didn't work.
>Local gateway on the router is the local WAN IP, while for the remote I
>used a the FQDN assigned to the laptop.
>Make sure the address range to assign to the clients is on a different
>subnet than your LAN.
>DH group must be 2
>Encryption algorithm must be 3DES and integrity algorithm must be SHA-1
>
>Wouldn't know what more to add without a clear view of router and client
>configuration, but I think you have some more things to try now.
>
>Cheers
>
>Fabio
>
>
>On 07/03/11 20:03, Howard Spindel wrote:
> > Fabio,
> >
> > I shouldn't need a Dynamic DNS service as I have a static IP for my
> > Netgear router.
> >
> > So, how would I make this work with the DG834, and what additional
> > software do I need?  The Netgear config panels don't talk about it being
> > a VPN pass-through - they make it sound like a VPN endpoint.
> >
> > If I'm going to have to buy a different router to make this work, what
> > router do folks like?  (I need it with a DSL modem built-in too).
> >
> > Thanks,
> > Howard
> >
> > At 05:05 AM 3/7/2011, Fabio Cigoj wrote:
> >> Howard,
> >>
> >> The DG834 is a VPN-passthough in first place, not a VPN-endpoint,
> >> which would force you set up a VPN server.
> >> From my gatherings, collected from qualified people like the author of
> >> Shrew, it seems that Netgear uses quite an old VPN stack, but there
> >> are better and worse routers.
> >> I use a 338, which, far from being perfect for my needs is a
> >> VPN-endpoint, I managed to make work in much a similar config as the
> >> one you need.
> >> The trick is to register with a (free) dynamic DNS service both your
> >> router and your laptop, so every time you connect to internet the name
> >> of your machines has the correct IP address assigned. At that point
> >> you can use the FQDN (fully qualified domain name) in the VPN config.
> >> It looks complicated, but it is(n't)
> >>
> >> Cheers
> >>
> >> Fabio
> >>
> >> On Mon, Mar 7, 2011 at 1:31 PM, Howard Spindel 
> <<mailto:howard at sci1.com>howard at sci1.com
> >> <mailto:howard at sci1.com>> wrote:
> >>
> >>     In all likelihood, the laptop would no be directly connected  to
> >>     the internet. I would be at the mercy of whomever was providing a
> >>     hot spot.
> >>
> >>     Is there no way to get that to work?
> >>
> >>
> >>>         Hi,
> >>>
> >>>         You laptop is directly connected to Internet ? (no NAT).
> >>>         Because the NETGEAR DG834 support only the MAIN Mode... (and
> >>>         the VPN is buggy...)
> >>>
> >>>         Regards,
> >>>
> >>>         On Mon, Mar 7, 2011 at 11:32 AM, Howard Spindel
> >>>         <<mailto:howard at sci1.com>howard at sci1.com 
> <mailto:howard at sci1.com>> wrote:
> >>>
> >>>             I'm trying to setup a VPN that will allow me to connect
> >>>             in to my home network (with a Netgear DG834Gv4 facing the
> >>>             internet) from a Windows 7 laptop.
> >>>             Can anyone provide a cookbook for setting the Netgear VPN
> >>>             settings and ShrewSoft VPN client that would enable the
> >>>             two to connect?  I've been tearing my hair trying all
> >>>             sorts of combinations, but can't get anything to work.
> >>>             The VPN trace on the Win 7 laptop shows three attempts to
> >>>             send phase1 packets before it hits "resend limit exceeded
> >>>             for phase1 exchange" and aborts.
> >>>             I am a computer programmer with 30 years experience and
> >>>             lots of networking experience, but I can't figure this
> >>>             one out!
> >>>             Thanks,
> >>>             Howard
> >>>             Netgear policy page looks like this right now:
> >>>             Remote VPN Endpoint: Dynamic IP address
> >>>             Local LAN: IP address is set to my local subnet
> >>>             Remote LAN: IP address is set to "Single PC - no subnet"
> >>>             IKE direction: responder only (only choice allowed)
> >>>             Exchange mode: Main mode (only choice allowed)
> >>>             DH group: auto
> >>>             Local ID type: WAN IP address
> >>>             Remote ID type: FQDN
> >>>             Encryption algorithm: 3DES
> >>>             Authentication algorithm: auto
> >>>             Using a pre-shared key for authentication
> >>>
> >>>
> >>>             _______________________________________________
> >>>             vpn-help mailing list
> >>> 
> <mailto:vpn-help at lists.shrew.net>vpn-help at lists.shrew.net 
> <mailto:vpn-help at lists.shrew.net>
>
> >>> 
> <http://lists.shrew.net/mailman/listinfo/vpn-help>http://lists.shrew.net/mailman/listinfo/vpn-help
> >>
> >>
> >>
> >>     _______________________________________________
> >>     vpn-help mailing list
> >>     <mailto:vpn-help at lists.shrew.net>vpn-help at lists.shrew.net 
> <mailto:vpn-help at lists.shrew.net>
>
> >> 
> <http://lists.shrew.net/mailman/listinfo/vpn-help>http://lists.shrew.net/mailman/listinfo/vpn-help
> >>
> >
> >
> >
> > _______________________________________________
> > vpn-help mailing list
> > <mailto:vpn-help at lists.shrew.net>vpn-help at lists.shrew.net
> > http://lists.shrew.net/mailman/listinfo/vpn-help
>
>
>
>
>_______________________________________________
>vpn-help mailing list
><mailto:vpn-help at lists.shrew.net>vpn-help at lists.shrew.net
>http://lists.shrew.net/mailman/listinfo/vpn-help
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110309/38cc4dd7/attachment-0001.html>


More information about the vpn-help mailing list