derheinrich
Guest
|
 Posted:
Tue Oct 25, 2005 9:29 pm Post subject:
VPN Connection between Netgear FVS318 and Draytek Vigor 2900 |
|
|
I have just managed to connect a Draytek Vigor 2900 and a Netgear
FVS318 router successfuly per VPN using 3DES encryption.
The setup is pretty easy (as it always is once you've got it running).
In this scenario the Draytek will be connecting to the Netgear router.
The Draytek router is behind our ISP's router which has a static IP and
full portforwarding towards the Draytek router enabled. Since this one
will be making the call we don't need to know which ports are needed
for VPN/IPSEC.
The Netgear router has a dynamic IP, a full qualified domain name
registered with dyndns and Dynamic DNS set up in the configuration
menu.
The Netgear-router is on a 192.168.3.0/255.255.255.0 subnet.
The Draytek-router is on a 192.168.0.0/255.255.255.0 subnet.
==================================================================
Netgear:
Go to VPN-settings and select an empty slot.
Connection Name: FeelFree
Local IPSec Identifier: 0.0.0.0
Remote IPSec Identifier: 0.0.0.0
Tunnel can be accessed from: a subnet of local address
Local LAN start IP Address: 192.168.3.0
Local LAN IP Subnetmask : 255.255.255.0
!!This is an important part. It seems that there is a bug if you tell
the router that it can access a subnet. So in this case you have to
define a range of IPs otherwise you will receive the strange "
#hahaha.... next payload type of ISAKMP Hash Payload has an unknown ...
" error in the vpn-log.
Tunnel can access
Remote LAN start IP Address: 192.168.0.1
Remote LAN finish IP Address:192.168.0.254
Remote WAN IP or FQDN: yourhost.homelinux.org
Secure Association: Main Mode
Perfect Forward Secrecy: Disabled
Encryption Protocol: 3DES
PreShared Key: YourPresharedKey
Key Life 28800
IKE Life Time 86400
NETBIOS Enable: (I turned it off)
====================================================================
====================================================================
Draytek Vigor 2900 (I'm translating this from the german menu, so some
terms might not be 100% identical to the english menu)
1. Go to VPN / LAN-LAN Connection and select an empty slot
2. Set connection to "Always on". This automatically changes the
connection-direction to "out"
3. Under connection to external LAN select "IPSec tunnel". This will
automatically activate the IPSec-Key-button.
4. Press the IPSec-Key button and type in the same IPSec-key which used
in Preshared-Key in the Netgear configuration.
5. Set Security to "High security (ESP)" and select "3DES
(authenticated)"
6. Press "Advanced" (button under high security) and
set phase 1 mode to "Main Mode"
set Phase 1 Proposal to "3DES_MD5_G1"
set Phase 1 Key lifetime to 28800
set Phase 2 Key lifetime to 86400
perfect foward secret "OFF" !!!
leave Local ID empty
7. Proceed to TCP/IP settings
set remote IP to an unused IP from the Netgear subnet (e.g.
192.168.3.51)
set remote router to the netgear router IP (e.g. 192.168.3.45)
set remote network IP to the Netgear subnet (e.g. 192.168.3.0)
set subnet mask to 255.255.255.0
=======================================================================
This worked for me.
I also downgraded the Netgear firmware to 2.3 and haven't checked if
the 2.4 will still do the job. I also find the 2.3 firmware faster than
the 2.4-version. There are quite a few negative comments concerning the
FVS318 around and they seem to have their reason. So if you read this
before buying the FVS318/FVM318 and want to use it for VPN ->don't buy
it<-.
Oliver |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in