Setting up VPN using two DG834s

Soldato
Joined
25 Sep 2003
Posts
3,725
Location
Manchester
Me and a friend are doing a project together and have set up a VPN tunnel. He has a static WAN IP and a static local IP. I however have a static local IP but a dynamic WAN IP. I've set his router up to be the gateway and myself as the client and the connection works as far as I can see, however he's not in the MSHOME workgroup. :(

We can't see each others machines, do I need to do anything in XP? I've tried the XP VPN Wizard but when I double click the connection to "dial up" it asks for a username and password and then times out after 60 seconds.

AARGH!
 
Soldato
Joined
8 Nov 2002
Posts
9,128
Location
NW London
1. Are your LANs on different IP ranges?

2. Are all PC firewalls turned off (at least for this test so we know there is nothing "getting in the way")

3. Can you ping his PCs IP address.
 
Associate
Joined
9 Jan 2004
Posts
440
The DG834 doesn't do VPN? Only pass-through?

I guess you are using XP's "VPN"? with a port forward setup to his PC.. TCP 1723?.. (I think Passthrough takes care of GRE etc..)
 
Soldato
OP
Joined
25 Sep 2003
Posts
3,725
Location
Manchester
oddjob62 said:
1. Are your LANs on different IP ranges?

2. Are all PC firewalls turned off (at least for this test so we know there is nothing "getting in the way")

3. Can you ping his PCs IP address.

I can't ping his local IP address ( 192.168.0.2 ).

All firewalls are off. :(

The latest firmware for the DG834G v2 allows VPN although I don't know what type this is. How can I tell?

I haven't set up anything in XP, I guess I was hoping that the routers would fool XP in to thinking the networks were actually the same one.

Here's an amazing jpg! It may help?

http://homepages.nildram.co.uk/~henleyb/webstuff/vpn.JPG
 
Last edited:
Soldato
Joined
8 Nov 2002
Posts
9,128
Location
NW London
Mint_Sauce said:
I can't ping his local IP address ( 192.168.0.2 ).
[/url]

What's your local IP?

EDIT: by the looks for things you're on 192.168.0.0 network as well. That won't work. Traffic won't be sent to your gateway and through the tunnel because your PC will think it's a local IP.
 
Soldato
OP
Joined
25 Sep 2003
Posts
3,725
Location
Manchester
oddjob62 said:
What's your local IP?

EDIT: by the looks for things you're on 192.168.0.0 network as well. That won't work. Traffic won't be sent to your gateway and through the tunnel because your PC will think it's a local IP.

So, I'd need to change one of our networks to 192.168.1.0 or similar so the traffic is sent to the router and then the router will know that it's the VPN tunnel?
 
Last edited:
Soldato
OP
Joined
25 Sep 2003
Posts
3,725
Location
Manchester
oddjob62 said:
What's your local IP?

EDIT: by the looks for things you're on 192.168.0.0 network as well. That won't work. Traffic won't be sent to your gateway and through the tunnel because your PC will think it's a local IP.

My local IP is 192.168.0.4, nothing on my network has the same local IP as his PC. I've just changed his network to 192.168.1.0 and the subnet mask to 255.255.0.0.

I'm just waiting for him to reset his PC so his router will assign him a new IP.

Is there anything in XP that I need to set up and if so - how? :confused:

EDIT: Ok, his PC is now 192.168.1.2 but I still can't ping it in DOS. I'm guessing XP needs to do something?
 
Last edited:
Associate
Joined
9 Jan 2004
Posts
440
Burbleflop said:
Yes it does. Firmware v2 (I think) added VPN endpoint support. It is pretty flaky though, DG834 - DG834 is ok but try as I might I can't get a DG834 to create a VPN tunnel with my PIX.

I couldn't find any mention of it on Netgear's site!

I can't believe they added it as it's in direct competition with their Prosafe range now. :eek:
 
Soldato
Joined
7 May 2003
Posts
4,247
Location
Away from here
Mint_Sauce said:
EDIT: Ok, his PC is now 192.168.1.2 but I still can't ping it in DOS. I'm guessing XP needs to do something?

Nope. If the VPN tunnel is up then XP won't need to do anything special. As long as XP has the IP address of your router as its default gateway, then the ping request to other end of the tunnel will hit your router, (in theory) bring up the VPN tunnel and pass the data over the tunnel.
 
Soldato
Joined
8 Nov 2002
Posts
9,128
Location
NW London
Burbleflop said:
Nope. If the VPN tunnel is up then XP won't need to do anything special. As long as XP has the IP address of your router as its default gateway, then the ping request to other end of the tunnel will hit your router, (in theory) bring up the VPN tunnel and pass the data over the tunnel.

correct, you shouldn't have to do anything in XP, but you usually have to set on the VPN setup to tell it to send certain traffic down the VPN instead of out onto the internet (usually set the remote network/subnet). Make sure this is correct. Tracert is useful to make sure it is going through the VPN tunnel and not out of the usual gateway.
 
Soldato
OP
Joined
25 Sep 2003
Posts
3,725
Location
Manchester
hmmmmm, I can't ping or tracert his WAN or LAN IP. My Netgear Router is my Default Gateway (afaik, I did the setup home network wizard and selected the correct settings for a hub arrangement).

Any ideas why it's not playing ball?
 
Soldato
Joined
8 Nov 2002
Posts
9,128
Location
NW London
TBH without seeing the router VPN config it's going to be hard. Can you do a screenshot of the main config page (edit out secret key, and external IPs, etc, but we will need to see internal IPs)
 
Soldato
Joined
8 Nov 2002
Posts
9,128
Location
NW London
Your local lan and remote lan settings are completely wrong on both.

According to your settings the remote lan and local lan have the same ip range. (WRONG!)

Is there an option to use network address instead of IP Range.
 
Soldato
OP
Joined
25 Sep 2003
Posts
3,725
Location
Manchester
Yeah, I started off with just using a single PC address for both (with no subnetting) but that wasn't working either. I'll switch them back to single IP addresses but what else could be causing the problem?
 
Soldato
Joined
8 Nov 2002
Posts
9,128
Location
NW London
Mint_Sauce said:
Yeah, I started off with just using a single PC address for both (with no subnetting) but that wasn't working either. I'll switch them back to single IP addresses but what else could be causing the problem?
No not a single IP address, a Network address.

You have it set completely wrong. On your seetings. Local LAN should have the ip addresses on your network. Remote LAN should have the ip addresses on his network. At the moment you have the same settings for Local and Remote LAN.

IE for your setup

Local LAN
Network Address 192.168.0.0, Subnet 255.255.255.0

Remote LAN
Network Address 192.168.1.0, Subnet 255.255.255.0
 
Back
Top Bottom