Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot establish IPSEC tunnel to D-Link DI-804HV

Status
Not open for further replies.
liceboy

liceboy

Programmer
Sep 13, 2006
11
GB
Hi. I've just installed a D-Link DI-804HV router. It works fine for establishing IPSEC tunnels to remote sites, but it doesn't work the other way i.e. the same remote sites cannot initiate the tunnel. I have tried from several sites with several different routers and also Windows VPN clients, and the D-Link's log always shows exactly the same thing. Phase 1 is established OK, and then this (WAN IP's replaced to protect the guilty!):

Tuesday March 20, 2007 10:08:00 Receive IKE Q1(QINIT) : [xxx.xxx.xxx.xxx]-->[yyy.yyy.yyy.yyy]
Tuesday March 20, 2007 10:08:00 Requested routing is [192.168.2.0|xxx.xxx.xxx.xxx]<->[yyy.yyy.yyy.yyy|192.168.0.0]
Tuesday March 20, 2007 10:08:00 error = 16

Has anyone got any idea what this error 16 means? I can't find anything on the D-Link website, and their tech support is in no hurry to get back to me!
 
Sort by date Sort by votes
Hey liceboy - did you ever get an answer to your post re the DI-804HV opening *incoming* IPSEC tunnels?

I am looking for a router to support multiple incoming VPN tunnels and this router was one of the few I could get any info on - does it work?
 
Upvote 0 Downvote
Hi Lanrat, yes I've got it working. I have 4 VPN tunnels established all with different remote routers. The one that was causing me a problem was with a remote Netgear DG834 router (I have a lot of trouble with these) and I eventually got it working by enabling PFS at the Netgear end and specifying a Key Group on the IPSEC policy at the D-Link end. Don't ask me why this works, I've no idea.

I have 2 major gripes with this router: firstly, it is not possible to enable/disable tunnels individually, either they are all enabled or they are all disabled. Secondly, every time you make the smallest configuration change, the thing restarts. It doesn't take long, but it does mean that everything gets dropped.

Please also bear in mind that this is a router only, you need an additional DSL "modem". Do NOT buy one from D-Link. I tried a D-link DSL-320T (I believe it is a UK-specific model) and it was complete rubbish. I have returned three of them, all with different faults. I now have a Linksys AM200-UK, which seems to work fine (although it's only been live since yesterday!). If you get a non-D-Link "modem", it is essential that it supports "bridged only" mode, otherwise the router will be unaware of the public IP address and hence will be unable to establish any VPN tunnels.

Hope that helps.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
606
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
398
sircles
sircles
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
413
LearningNetworking
LearningNetworking
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
821
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top