DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

VPN to 2820Vn with a Netgear DG834G

  • stuey
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
12 Jun 2009 18:56 #1 by stuey
VPN to 2820Vn with a Netgear DG834G was created by stuey
Hi Guys,

I've tried to get this to work, but have very little experience of vpn's. Could someone please give me a step by step way to get this to work.

I basically have a remote worker who has a Netger DG834G and I want to be able for the router to VPN into the 2820Vn like my other workers do (apart from the fact they have 2820Vn's!)

I've searched the forums but can't find someone that's actually done this.

Thanks in advance

Please Log in or Create an account to join the conversation.

More
13 Jun 2009 11:19 #2 by j.baker
Replied by j.baker on topic VPN to 2820Vn with a Netgear DG834G
What version of the DG384 are you using? What firmware versions are you using?

It is fairly easy. You need to make sure that the LAN IP address ranges on each site are different. You need to make sure that you have the WAN IP addresses from each site. I suggest making sure that your ISP is giving you a static IP address for the WAN IP addresses, otherwise it will take a little more to setup.
Regards

John Baker

Vigor2820 series with firmware 3.3.5.2_RC2
ADSL

Please Log in or Create an account to join the conversation.

  • stuey
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
13 Jun 2009 12:38 #3 by stuey
Replied by stuey on topic VPN to 2820Vn with a Netgear DG834G
thanks for the reply.

This is where I'm currently at.

Router is DG834g v3
http://kb.netgear.com/app/products/model/a_id/2325
Firmware Version 4.01.28 (but can update to Version 4.01.40, if required?)

Information of networks and WANs


DRAYTEK ip range 192.168.1.xx
NETGEAR ip range 192.168.254.xx

2820vn IP (static) 87.12x.xx.xx
DG834G IP (static - but changing to sky broadband on 17th, so dynamic setup would also be great), currently 87.13x.xx.xx.


2820vn Settings

I've setup a LAN to LAN VPN called netgear with dial in settings.
Peer VPS Server IP of 87.13x.xx.xx
IP SEC security all ticked (medium, 3des, aes, des)
Prehsared key of 12345678 (as testing)

Haven't changed any other setting. e.g. TCP/IP settings.

Netgear 834G Settings

Policy name : netgear
address fixed ip
87.12x.xx.xx

keep alive unticked and ping address empty

local lan (subnet address)
192.168.254.1
finish empty
subnet 255.255.255.0

remote (subnet address)
192.168.1.207
finish empty
subnet 255.255.255.0

IKE
Initiator and responder
Main Mode
Group 2 (1024bit)
Local Identity Type: WAN IP address
data n/a
Remote Identity: IP address
data n/a

Parameters
Encryption: 3DES
Auth Algorithm: SHA-1
Pre-shared Key: 12345678
SA Life Time: 3600
enable PFS unticked

No firewall settings.

This is the response I get


Sat, 2009-06-13 15:47:26 - [netgear] initiating Main Mode
Sat, 2009-06-13 15:47:27 - [netgear] ISAKMP SA established
Sat, 2009-06-13 15:47:37 - [netgear] STATE_QUICK_I1: retransmission; will wait 20s for response
Sat, 2009-06-13 15:47:57 - [netgear] STATE_QUICK_I1: retransmission; will wait 40s for response
Sat, 2009-06-13 15:48:37 - [netgear] max number of retransmissions reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sat, 2009-06-13 15:49:30 - [netgear] STATE_QUICK_I1: retransmission; will wait 20s for response
Sat, 2009-06-13 15:49:50 - [netgear] STATE_QUICK_I1: retransmission; will wait 40s for response
Sat, 2009-06-13 15:50:30 - [netgear] max number of retransmissions reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sat, 2009-06-13 15:51:24 - [netgear] STATE_QUICK_I1: retransmission; will wait 20s for response
Sat, 2009-06-13 15:51:44 - [netgear] STATE_QUICK_I1: retransmission; will wait 40s for response
Sat, 2009-06-13 15:52:24 - [netgear] max number of retransmissions reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Sat, 2009-06-13 15:52:38 - [netgear] STATE_QUICK_I1: retransmission; will wait 20s for response



Over to you :)

Please Log in or Create an account to join the conversation.

More
13 Jun 2009 18:30 #4 by j.baker
Replied by j.baker on topic VPN to 2820Vn with a Netgear DG834G
Make sure the IPSEC VPN is selected from the remote access control setup first.

i have my draytek initiating the vpn tunnel, so I am have my call direction set as out.

Then goto to the LAN-LAN tunnel.

Dialout settings set to IPSEC tunnel.

Server IP/HOSTNAME is the WAN IP address of the remote site (DB384)

IKE Preshared key selected. Press the button to enter the PSK.

IPSEC Security Method is High, 3DEB with Auth. Click on the Advanced button. I use main mode. IKE Phase 1 3DES_SHA1_G1 phase 2 3DES-SHA1

Key 1 and 2 lifttime set to 14400

PFS enable!!!

I have my Local ID set to my FQHN of the routers WAN port.

My WAN IP 0.0.0. Remote gateway 0.0.0.0 Remote network 192.168.254.0 Netmash 255.255.255.0


My remote site is currently down, so I cannot get the netgear settings......yet
Regards

John Baker

Vigor2820 series with firmware 3.3.5.2_RC2
ADSL

Please Log in or Create an account to join the conversation.

  • stuey
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
13 Jun 2009 19:25 #5 by stuey
Replied by stuey on topic VPN to 2820Vn with a Netgear DG834G
Done as you've said but am still getting;

Sat, 2009-06-13 18:20:49 - added connection description "netgear"
Sat, 2009-06-13 18:20:49 - adding interface ipsec0/ppp0 87.12x.xx.xx
Sat, 2009-06-13 18:21:01 - [netgear] initiating Main Mode
Sat, 2009-06-13 18:21:01 - [netgear] ISAKMP SA established
Sat, 2009-06-13 18:21:11 - [netgear] STATE_QUICK_I1: retransmission; will wait 20s for response
Sat, 2009-06-13 18:21:31 - [netgear] STATE_QUICK_I1: retransmission; will wait 40s for response
Sat, 2009-06-13 18:22:11 - [netgear] max number of retransmissions reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal



Must be at the netgear end then (or I need to reverse the request, e.g. draytek to netgear instead).

I'll wait until we can see your Netgear settings though first.

Thanks again.

Please Log in or Create an account to join the conversation.

More
15 Jun 2009 07:56 #6 by andypcarpenter
Replied by andypcarpenter on topic VPN to 2820Vn with a Netgear DG834G
Hi,

I have recently setup a lan to lan VPN between a Vigor 2800G (server side) and Netgear DG834G (client side). I'm not sure of the differences between the 2800 and 2820 but I'm happy to post what I've done if that helps any?

Best regards,

Andy.

Please Log in or Create an account to join the conversation.