Seting up an ip sec vpn



Download 14.15 Kb.
Date27.01.2017
Size14.15 Kb.
#8800
Seting up an IP Sec VPN

I want to set up an IP Sec VPN over the internet, between a VR042 VPN router and a windows-7 lap-top.



  • One aim is to view IP-WEB camera (DLink DCS 930L)

  • Also test how IPSec VPN can be used to reach local files, manage devices etc



These are how I set up the parameters



  1. Camera, DLink DCS 930L,

  2. RV042 VPN Router,

  3. ADSL Router,

  4. Dynamıc DNS (Dyndns.org),

  5. VPN (on W7):



  1. Camera, DLink DCS 930L

Static IP: p.q.b.2

Subnetmask: 255.255.255.0

Primary/Secondary DNS: p.q.a.1

Port settings: 80

UPnP: Disable

UPnP Port forwarding: Disable

Bonjour: Disable

Dyndns: Disable

I also tried with

Server address: www.dyndns.org

xxxx.dyndns-office.com

user name: yyyy

password: zzzz

timeout: 576 hours



  1. RV042 VPN Router

WAN IP: p.q.a.2

Default Gateway: p.q.a.1

DNS: p.q.a.1

Stateful Packet Inspection: On

DoS: On

Block WAN request: Off



Block: Access to HTTP Proxy Servers

Access rule: 0 rules set

LAN: p.q.b.1

Subnetmask: 255.255.255.0

UPnP function: No

One-to-one NAT: Not enabled



Dynamic DNS

Dyndns.org:

Password: xxxx

Host name: zzzz.dyndns-office.com

IP Address: p.q.b.2

Status: Successfully updated with dyndns.org

Static routing:

Destination IP: p.q.a.0

Subnetmask: 255.255.255.0

Default Gateway: p.q.a.1

Interface: WAN1

Dyndns.org

Obtained -

xxxx.dyndns-office.com

Host with IP address selected

Not selected WebHop Redirect –URL forwarding service)

Not selected Offline HostName

IP address: x.y.z.t

System detected my dynamic WAN IP address as x.y.z.t



ADSL Router:

IP Address: p.q.a.1

Home network IP Address: p.q.a.0

LAN servers: What ıs LAN servers ?

Firewall:

Typical security: Inbound policy Reject, Remote admin settings will override the security inbound policy, Outbound Policy: reject

Block IP fragmentation: Selected

DNS Rebinding Protections

Activate DNS Relay Protection- Not selected

Act,vate Web Management protection: Selected

No access control

No port triggering set

No website restrictions

No advance filtering

Routing: LAN Bridge p.q.b.0 Netmask 255.255.255.0, Gateway p.q.a.2, metric=3,

No Dynamic DNS set up on ADSL router

Also tried with dyndns set up together with dyndns on VR042 at the same time

VPN Set up on LAP TOP

Host name or IP: Tried p.q.a.2 (VR042 WAN port towards the ADSL router)

And


xxx.dyndns-office.com

Options: Display progress while connecting, Prompt for name and password, certificate etc, İnclude Windows domain name

PPP Settings: Enable LCP extensions

Security


Type of VPN Automatic (tries both PPTP and L2TP)

Data encryption: Optional encryption, connect even if no encryption

Authentication:

Use Extensible Authentication Protocol (EAP) not selected

Allow these protocols:

EAP-MSCHAPV2 will be sued for IKEv2 VPN type

User name and password for dyndns account entered to connect to the VPN

When connecting to VPN

Connection verifies the User name and password,

Then tries PPTP and fails

Then tries L2TP and fails

Connecting to

xxx.dyndns-office.com using WAN miniport (PPTP)’…then trıed connection using WAN miniport (L2TP)’…

or for local trial it tried to connect to p.q.a.2 using WAN miniport (PPTP)’… then tried using WAN miniport (L2TP)’…

Both cases gave the following error message:

Error 800 The remote connection was not made because the VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPSec tunnel, the security parameters required for the IPSec negotiator might not be configured properly.



VPN

Client to gateway

Local security gateway type: dynamic IP + Domain name (FQDN) Authentication

Domain name: xxx.dyndns-office.com

Local security group Type: Subnet

IP Address: p.q.b.1

Subnetmask: 255.255.255.0

Remote client type: dynamic IP + Domain name (FQDN) Authentication

Domain name: xxx.dyndns-office.com

Keying mode: IKE with Pre-shared key

Phase 1 DH Group: Group 1-768 bit

Phase 1 Encryption: DES

Phase 1 Authentication: MD5

Phase 1 SA Life Time: 28800

Perfect Forward Secrecy: selected

Phase 2 DH Group: Group 1-768 bit

Phase 2 Encryption: DES

Phase 2 Authentication: MD5

Phase 2 SA Life time: 3600

Pre-shared key: xxxx



NAT Traversal: selected

Download 14.15 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page