1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Setting up VPN using two DG834s

Discussion in 'Networks & Internet Connectivity' started by Mint_Sauce, 15 May 2006.

  1. Mint_Sauce

    Mobster

    Joined: 25 Sep 2003

    Posts: 3,694

    Location: Manchester

    Me and a friend are doing a project together and have set up a VPN tunnel. He has a static WAN IP and a static local IP. I however have a static local IP but a dynamic WAN IP. I've set his router up to be the gateway and myself as the client and the connection works as far as I can see, however he's not in the MSHOME workgroup. :(

    We can't see each others machines, do I need to do anything in XP? I've tried the XP VPN Wizard but when I double click the connection to "dial up" it asks for a username and password and then times out after 60 seconds.

    AARGH!
     
  2. oddjob62

    Sgarrista

    Joined: 8 Nov 2002

    Posts: 9,128

    Location: NW London

    1. Are your LANs on different IP ranges?

    2. Are all PC firewalls turned off (at least for this test so we know there is nothing "getting in the way")

    3. Can you ping his PCs IP address.
     
  3. DazW

    Gangster

    Joined: 9 Jan 2004

    Posts: 440

    The DG834 doesn't do VPN? Only pass-through?

    I guess you are using XP's "VPN"? with a port forward setup to his PC.. TCP 1723?.. (I think Passthrough takes care of GRE etc..)
     
  4. Mint_Sauce

    Mobster

    Joined: 25 Sep 2003

    Posts: 3,694

    Location: Manchester

    I can't ping his local IP address ( 192.168.0.2 ).

    All firewalls are off. :(

    The latest firmware for the DG834G v2 allows VPN although I don't know what type this is. How can I tell?

    I haven't set up anything in XP, I guess I was hoping that the routers would fool XP in to thinking the networks were actually the same one.

    Here's an amazing jpg! It may help?

    http://homepages.nildram.co.uk/~henleyb/webstuff/vpn.JPG
     
    Last edited: 15 May 2006
  5. oddjob62

    Sgarrista

    Joined: 8 Nov 2002

    Posts: 9,128

    Location: NW London

    What's your local IP?

    EDIT: by the looks for things you're on 192.168.0.0 network as well. That won't work. Traffic won't be sent to your gateway and through the tunnel because your PC will think it's a local IP.
     
  6. Burbleflop

    PermaBanned

    Joined: 7 May 2003

    Posts: 4,247

    Location: Away from here

    Yes it does. Firmware v2 (I think) added VPN endpoint support. It is pretty flaky though, DG834 - DG834 is ok but try as I might I can't get a DG834 to create a VPN tunnel with my PIX.
     
  7. Mint_Sauce

    Mobster

    Joined: 25 Sep 2003

    Posts: 3,694

    Location: Manchester

    So, I'd need to change one of our networks to 192.168.1.0 or similar so the traffic is sent to the router and then the router will know that it's the VPN tunnel?
     
    Last edited: 15 May 2006
  8. Mint_Sauce

    Mobster

    Joined: 25 Sep 2003

    Posts: 3,694

    Location: Manchester

    My local IP is 192.168.0.4, nothing on my network has the same local IP as his PC. I've just changed his network to 192.168.1.0 and the subnet mask to 255.255.0.0.

    I'm just waiting for him to reset his PC so his router will assign him a new IP.

    Is there anything in XP that I need to set up and if so - how? :confused:

    EDIT: Ok, his PC is now 192.168.1.2 but I still can't ping it in DOS. I'm guessing XP needs to do something?
     
    Last edited: 15 May 2006
  9. DazW

    Gangster

    Joined: 9 Jan 2004

    Posts: 440

    I couldn't find any mention of it on Netgear's site!

    I can't believe they added it as it's in direct competition with their Prosafe range now. :eek:
     
  10. Burbleflop

    PermaBanned

    Joined: 7 May 2003

    Posts: 4,247

    Location: Away from here

    Nope. If the VPN tunnel is up then XP won't need to do anything special. As long as XP has the IP address of your router as its default gateway, then the ping request to other end of the tunnel will hit your router, (in theory) bring up the VPN tunnel and pass the data over the tunnel.
     
  11. oddjob62

    Sgarrista

    Joined: 8 Nov 2002

    Posts: 9,128

    Location: NW London

    correct, you shouldn't have to do anything in XP, but you usually have to set on the VPN setup to tell it to send certain traffic down the VPN instead of out onto the internet (usually set the remote network/subnet). Make sure this is correct. Tracert is useful to make sure it is going through the VPN tunnel and not out of the usual gateway.
     
  12. Mint_Sauce

    Mobster

    Joined: 25 Sep 2003

    Posts: 3,694

    Location: Manchester

    hmmmmm, I can't ping or tracert his WAN or LAN IP. My Netgear Router is my Default Gateway (afaik, I did the setup home network wizard and selected the correct settings for a hub arrangement).

    Any ideas why it's not playing ball?
     
  13. oddjob62

    Sgarrista

    Joined: 8 Nov 2002

    Posts: 9,128

    Location: NW London

    TBH without seeing the router VPN config it's going to be hard. Can you do a screenshot of the main config page (edit out secret key, and external IPs, etc, but we will need to see internal IPs)
     
  14. Mint_Sauce

    Mobster

    Joined: 25 Sep 2003

    Posts: 3,694

    Location: Manchester

  15. oddjob62

    Sgarrista

    Joined: 8 Nov 2002

    Posts: 9,128

    Location: NW London

    Your local lan and remote lan settings are completely wrong on both.

    According to your settings the remote lan and local lan have the same ip range. (WRONG!)

    Is there an option to use network address instead of IP Range.
     
  16. Mint_Sauce

    Mobster

    Joined: 25 Sep 2003

    Posts: 3,694

    Location: Manchester

    Yeah, I started off with just using a single PC address for both (with no subnetting) but that wasn't working either. I'll switch them back to single IP addresses but what else could be causing the problem?
     
  17. oddjob62

    Sgarrista

    Joined: 8 Nov 2002

    Posts: 9,128

    Location: NW London

    No not a single IP address, a Network address.

    You have it set completely wrong. On your seetings. Local LAN should have the ip addresses on your network. Remote LAN should have the ip addresses on his network. At the moment you have the same settings for Local and Remote LAN.

    IE for your setup

    Local LAN
    Network Address 192.168.0.0, Subnet 255.255.255.0

    Remote LAN
    Network Address 192.168.1.0, Subnet 255.255.255.0
     
  18. Mint_Sauce

    Mobster

    Joined: 25 Sep 2003

    Posts: 3,694

    Location: Manchester

    Ok, i'll give that a go when I get home tonight and report back! :)