I'm trying to set up a LAN to LAN VPN.

On one end I have:

1. Common Settings
Netbios Naming Packet Pass
Call Direction Dial-Out
Idle Timeout 300 second(s)

2. Dial-Out Settings
Type of Server I am calling
IPSec Tunnel

Server IP/Host Name for VPN.
123.45.67.89

IKE Authentication Method
Pre-Shared Key

IPSec Security Method
Medium(AH)

4. TCP/IP Network Settings
Remote Network IP 192.168.2.0
Remote Network Mask 255.255.255.0

RIP Direction Disable
From first subnet to remote network, you have to do Route

On the other end, I have:

1. Common Settings
Netbios Naming Packet Pass
Call Direction Dial-In
Idle Timeout 300 second(s)

3. Dial-In Settings
Type of Server I am calling
IPSec Tunnel

4. TCP/IP Network Settings
Remote Network IP 192.168.0.0
Remote Network Mask 255.255.255.0

RIP Direction Disable
From first subnet to remote network, you have to do Route


Plus, all the settings match in the 'Remote Access Control' and 'IPSec General Setup' pages.

I can ping the public IP's both ways no problem, but the connection isn't being established, even if I click Dial.

Can anyone help?

You need to specify the IP address of the other end in the 'Peer VPN Server IP' filed in the 'Dial In settings'

OK, I just did that, but it's still not being established.

candl wrote: You need to specify the IP address of the other end in the 'Peer VPN Server IP' filed in the 'Dial In settings'

You don't need that if you have configured your PSK in IPSec General settings and you are dialling into that router.

BTW you'd do better to go for IPSec Security Method ESP and in the advanced settings allow PFS, but there is no point doing that until the connection is working. I would also set the connection to be always on (but it may need a idle timeout of 0 and one end)

How can you ping both ways if you do not have a connection? Are you pinging the remote LAN or WAN IP?

NJH wrote:

candl wrote: You need to specify the IP address of the other end in the 'Peer VPN Server IP' filed in the 'Dial In settings'

You don't need that if you have configured your PSK in IPSec General settings and you are dialling into that router.

OK, I'll undo that.

NJH wrote: BTW you'd do better to go for IPSec Security Method ESP and in the advanced settings allow PFS, but there is no point doing that until the connection is working. I would also set the connection to be always on (but it may need a idle timeout of 0 and one end)

Yeah, I'll improve security once its working. I've set 'Always On' at one end and 0 timeout at the other.

How can you ping both ways if you do not have a connection? Are you pinging the remote LAN or WAN IP?

Sorry, I realise that wasn't very clear. I meant WAN IP.

In the dial out settings, can you confirm that have you set the PSK there? If not, you need to. I think from you post you have.

Have you used syslog or another program to see what is happening?