Sign in with
Sign up | Sign in
Your question

Really dumb VPN question

Last response: in Networking
Share
July 11, 2006 2:28:04 PM

I must be missing the forest for the trees... I successfuly established a VPN connection between my work computer (client software) and my Netgear router at home (FSV114). My intent was to access a Linkstation on my home LAN that stores important copies work files. I was originally going to just use FTP but was alarmed at the number of pings was receiving after I opened the port. So, I was thinking VPN would offer me more security.

So basically, the VPN is established but I cannot figure out how to access the Linkstation. I thought I would simply appear on the home network and be able to access it via its local IP - but that doesn't work.

Any help greatly appreciated - I have googled this to death and still confused.

More about : dumb vpn question

July 11, 2006 8:33:17 PM

Sorry I dont really have any help for you but may be you can help me. Can you explain how you actually setup the freaking Netgear VPN endpoint with teh Netgear Client?? I cant seem to get it to work. I cannot seem to get a connect button highlighted to work under the conections. I know you can just let it run and it sets up automatically but i cannot for the life of me get it to let me hit a connect situation. It has been driving me freaking bonkers. I have even tried using Microsoft Client software and still NOTHING.
July 11, 2006 10:57:07 PM

I followed the example in the included software manual that set up the client and a different netgear router. I remoted to my router from work, and could compare each of the settings. I always could select "connect" but could not connect until I got the name and some of the encryption stuff set correctly. This was a little bit trial and error.

I did learn today that I probably have 1 fundamental problem: Both my work and home LAN have the same IP structure (192.168.1.xxx) which appears to be a major booboo. 8O

I did notice that I cannot select the "connect" button until I have activated the security policy. Once it is selected, I can connect and disconnect. What drives me insane is that it reconnects right after I disconnect. I disable the security policy to prevent this.
Related resources
July 12, 2006 1:44:16 AM

Quote:
I did notice that I cannot select the "connect" button until I have activated the security policy.


Ya I have tried that too and still nothing. I had it going one time but was not connecting so i changed the settings again and then it went away again. It has given me qiute the headache.
July 12, 2006 1:46:07 AM

Quote:
I did learn today that I probably have 1 fundamental problem: Both my work and home LAN have the same IP structure (192.168.1.xxx) which appears to be a major booboo. 8O



I dont think that would matter with both systems using NAT??? Am I wrong?
July 12, 2006 3:42:13 PM

:D  That was actually my final problem. I now have full access to the home network, can map drives and print.

Did you follow the example in the manual? Following this seemed to work very well for me. There may also be a possibility that you need to open ports on the client side firewall. I have them open now, and will close them to see if they are needed.

I will probably type up a step by step procedure on what I did, otherwise I would forget it in about a month. If you want, I could send that to you.
July 12, 2006 3:55:15 PM

No, I did not get to the example as of yet. If you could send me the step by step in the meantime that would be great just for a extra example for me. This is the first time I have tried to setup a VPN and went into it blind. I have now pretty much got all the security down I just need the actual addressing and setup. It is extremely confusing.

Thanks a bunch for your help.
July 12, 2006 5:59:18 PM

My first attempt to setup a VPN locked my pc from unternet access. I had to leave on a trip and haven't tried since. I would appriacate a copy of your step by step instructions. To see what I did wrong. I was following examples but apparently missed something.
July 12, 2006 7:52:29 PM

I had the same issue with mines too. I had to disable the rule to get it back to working. It is a PITA.
July 17, 2006 6:04:29 PM

I am working on a step by step procedure on what I did with the VPN Prosafe client and my FSV114 router. When I get through it, I will post it here so you can see what worked for me.

8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O
July 18, 2006 2:28:36 AM

Quote:
I am working on a step by step procedure on what I did with the VPN Prosafe client and my FSV114 router. When I get through it, I will post it here so you can see what worked for me.

8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O 8O


Great Thanks a bunch!!
July 21, 2006 7:33:50 PM

To start, make sure the 2 lan networks you are trying to connect have different IP structures: Such as 192.168.2.xxx and 192.168.10.xxx. You will be finding resources on each lan via its IP address, so everthing must be unique.

In the Prosafe VPN client:

Create a new connection with these properties:
ID Type: IP Subnet
Subnet: 192.168.2.0 this is the lan you are trying to connect to
Mask: 255.255.255.0
Protocol: All
Check the box for connecting with a secure gateway tunnel
ID Type will be IP Address
Enter the IP address of the router you are trying to reach (WAN IP)

Next edit My Identity:
Enter the pre-share key
ID type will be how you are identified - I chose Domain Name and entered my domain here at work. You could just use a name. (match this on the router)
Virtual Adapter is disabled
Internal IP address is 0.0.0.0

Next edit the security policy
Choose the negotiation mode (match this on the router)
Enable Perfect Forward Secrecy and select PFS Key Group (match this on the router)
Unselect replay detection

Next edit the authentication proposal 1
Method is pre-share key
Encrypt Alg (select and match with router)
Hash Alg (select and match with router)
SA Life (select and match with router)
Key group (select and match with router)

Finally edit the key exchange

IPSec protocols (select and match with router - I did not use compression)
Select Encapusulation Protocol
Set Encrypt Alg and Hash Alg as was set above
Encapsulation - use Tunnel
Do not select Authentication Protocol

Thats it for the client software. Now for the router. Most of this is simply match what you have already done.

Here are some tidbits:


IKE Policy Configuration:

Direction Type is Remote Access
Exchange Mode (same as security policy in vpn client)
Remote Identity and Type should be the same as My Identity in vpn client
IKE SA Parameters - set all of these the same as corresponding settings in vpn client (including the preshare key)

VPN Configuration:

Remote VPN Endpoint - set address type to IP Address and use the local IP address of the machine running the VPN client
SA Lifetime - match the setting in the client
Enable IPSec PFS and match setting in client

Traffic Selector, set local IP to subnet address and set as follows:
192.168.10.0
255.255.255.0

Remote IP address set to single address, and put in the WAN IP address of the VPN client network (I did it this way to limit traffic to only my work IP address).


In the ESP configuration, select both Encryption and Authentication and set these to match the VPN client.



This is just a quick overview of what I did and it worked. I was a little vague with things that needed to be. This pretty much follows the Netgear example verbatim except I tweaked it for my particular router. You will need to hunt around on your router for the particular fields that need filled out.

Hope this helps. 8O
July 21, 2006 7:57:13 PM

Thankyou very much I will give it a try, when I get somw free time again.
July 24, 2006 4:41:14 AM

Thanks a bunch. Hopefully I can get this working right. :p 
July 24, 2006 3:28:59 PM

Quote:
<SNIP>
So basically, the VPN is established but I cannot figure out how to access the Linkstation. I thought I would simply appear on the home network and be able to access it via its local IP - but that doesn't work.
<SNIP>


How are you trying to contact it by it's IP? Can you ping it?

Some protocols do not cross over to different LANs well. Network neighborhood stuff is usually unreliable or unavailable. You should be able to map a drive reliably with \\IPaddress\sharename
!