G
Guest
Guest
Archived from groups: comp.dcom.vpn (More info?)
I've been tinkering with our FVS318 Netgear router (v2.4 firmware) and
SSH Sentinel 1.3.2.
Using the following for the Netgear settings I can get SSH Sent to
connect:
Connection Name : tsullivan (my name)
Local IPSec Identifier: (Netgear's External IP)
Remote IPSec Identifier: 0.0.0.0
Tunnel can be accessed from : a subnet of local addresses
Local LAN Start : 192.168.100.0
Local LAN Subnet: 255.255.255.0
Tunnel can access : the remote WAN IP or FQDN
Remote WAN IP or FQDN : 0.0.0.0
Secure Association : Main Mode
Perfect Forward Security : Enabled
Encryption Protocol : 3DES
PreShared Key : AKeyIUse
Key Life : 28800
IKE Life Time : 86400
NETBIOS Enable : X
---------------------
The SSH Sentinel settings are as follows :
In key management, local primary identifier is set to "No Identity"
In key management, remote primary identifier is set to "Host IP
Address" and has the WAN ip of my router
In key managemetn, the keys are in there too.
In Rule Properties :
Security Gateway is set to my router's IP address
Remote Network is set to Any (192.168.100.0/255.255.255.0) (192.168.100
is the router's internal IP subnet)
Auth Key is set to the one above
Proposal Template : legacy
Under settings there:
IKE Proposal:
Encryption : 3DES
Integrity : MD5
IKE Mode : main mode
IKE Group : MODP 1024 (group 2)
IPSec Proposal:
Encryption : 3DES
Integrity : HMAC-MD5
IPSec Mode : tunnel (greyed)
PFS group : MODP 1024 (group 2)
NOT CHECKED : Attach only the selected values to the proposal
I do not have checked "Acquire a virtual IP address" or "Extended
authentication"
Under advanced:
X : Audit this rule
X : Discover Path MTU
X : Enable NAT (Doesn't make a difference in this example as far as I
can tell)
Under settings here :
IKE Lifetime 240 Min
IKE Megabyes 0 MB
IPSec Lifetime 60 Min
IPSec Megabytes 400 MB
---------------
The connect routine looks like it's connecting fine. Phew.
But and ipconfig /all shows :
Ethernet adapter (reg-key)
Media State : Media disconnected
Description : SSH Virtual Private Network Adapter (sshvnic)
--------------
I'm dialed into the internet via a modem -- but this machine has a NIC.
Would this be causing the problem?
Thanks in advance for anyone's replies to this.. I'm quite interested,
yet quite exhausted at this point.
-Thomas
I've been tinkering with our FVS318 Netgear router (v2.4 firmware) and
SSH Sentinel 1.3.2.
Using the following for the Netgear settings I can get SSH Sent to
connect:
Connection Name : tsullivan (my name)
Local IPSec Identifier: (Netgear's External IP)
Remote IPSec Identifier: 0.0.0.0
Tunnel can be accessed from : a subnet of local addresses
Local LAN Start : 192.168.100.0
Local LAN Subnet: 255.255.255.0
Tunnel can access : the remote WAN IP or FQDN
Remote WAN IP or FQDN : 0.0.0.0
Secure Association : Main Mode
Perfect Forward Security : Enabled
Encryption Protocol : 3DES
PreShared Key : AKeyIUse
Key Life : 28800
IKE Life Time : 86400
NETBIOS Enable : X
---------------------
The SSH Sentinel settings are as follows :
In key management, local primary identifier is set to "No Identity"
In key management, remote primary identifier is set to "Host IP
Address" and has the WAN ip of my router
In key managemetn, the keys are in there too.
In Rule Properties :
Security Gateway is set to my router's IP address
Remote Network is set to Any (192.168.100.0/255.255.255.0) (192.168.100
is the router's internal IP subnet)
Auth Key is set to the one above
Proposal Template : legacy
Under settings there:
IKE Proposal:
Encryption : 3DES
Integrity : MD5
IKE Mode : main mode
IKE Group : MODP 1024 (group 2)
IPSec Proposal:
Encryption : 3DES
Integrity : HMAC-MD5
IPSec Mode : tunnel (greyed)
PFS group : MODP 1024 (group 2)
NOT CHECKED : Attach only the selected values to the proposal
I do not have checked "Acquire a virtual IP address" or "Extended
authentication"
Under advanced:
X : Audit this rule
X : Discover Path MTU
X : Enable NAT (Doesn't make a difference in this example as far as I
can tell)
Under settings here :
IKE Lifetime 240 Min
IKE Megabyes 0 MB
IPSec Lifetime 60 Min
IPSec Megabytes 400 MB
---------------
The connect routine looks like it's connecting fine. Phew.
But and ipconfig /all shows :
Ethernet adapter (reg-key)
Media State : Media disconnected
Description : SSH Virtual Private Network Adapter (sshvnic)
--------------
I'm dialed into the internet via a modem -- but this machine has a NIC.
Would this be causing the problem?
Thanks in advance for anyone's replies to this.. I'm quite interested,
yet quite exhausted at this point.
-Thomas