Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

vpn using netgear fvs318 & softremote 1

Status
Not open for further replies.
trans10

trans10

Technical User
Mar 15, 2004
6
0
0
CA
hello,

i've setup a netgear fvs318 as a vpn and softremote on the other side to connect to the vpn. All works fine (i can browse, open, save,...files). I defined one vpn tunnel in the fvs318. Both sides have dynamic ip's. That all taken care of.

The problem starts when I connect to the vpn from a different computer. Example first time i connected through dsl from home. Second time through dsl from friends house. Both worked, but when i re-tried my connection from home it no longer worked only my freinds worked. Same thing happened when his freind tried from his house. It seems like only the last pc is permitted to re-connect and the other ones are blocked. I keep getting retransmission errors in my logs.

Do I have to define unique tunnels for each connection, so that each softremote user uses a different tunnel?

Any help will be greatly appreciated.

Thanks,

mark
 
Sort by date Sort by votes
yes ur right, u have to define one tunnel 4 each client you wish to connect (netgear manual)
the fvs318 aupports 4 tunnels at same time in main mode and 8 tunnels in agressive mode.
 
Upvote 0 Downvote
I've been trying to set up my FVS318 with SoftRemoteLT 10 for a while now. I was hoping you could tell me how you've done it...

I keep getting errors stating:
SENDING >>>> ISAKMP OAK MM (Retransmission)
message not received! Retransmitting!
Exceeded 3 IKE SA negotiation attempts

So if you could let me know exactly what you set up in SoftRemote and how you maybe did FVS318's set up different... on my router, i've got the following settings:
Local IPSec: 0.0.0.0
Remote IPSec: 0.0.0.0
Tunnel can be access...: subnet of local address
192.168.0.0
Tunnel can access...: the remote WAN IP or FQDN
Secure Assocation: Main Mode
PFS: Enabled
Encryption protocol: 3DES
Key Life: 28800
IKE Life time: 86400
Netbios: enabled

i've got all of SoftRemote's settings to as close to that as possible (with the except of extra settings like PFS key group, which is set to DH group 2, and so on...)
 
Upvote 0 Downvote
>>milli

Thanks, I did as you said plus I installed the most recent firmware version 2.2 and it seems to be working now...lets hope it stays that way :)


>>caskater

I'm using Softremote 9 not 10. Plus I have dynamic ip's on both ends (dsl connections). If that is your case then I could probably be of some help. Let me know.
 
Upvote 0 Downvote
My situation is similar to yours. Both ends are using cable connections. The end that my FVS318 is connected to is a dynamic IP, but the IP hasn't changed in about 2 years. So it's pretty static if you ask me. The client end will always have a different IP address.
 
Upvote 0 Downvote
ok, I basically followed the instructions found in this pdf: the instructions are for dynamic ip's on both ends but i guess you can adapt them for your scenario. It also helped when i ugraded to the latest firmware version for the fvs318.
 
Upvote 0 Downvote
OK, i was able to make a connection from my school earlier today. I wasn't able to see any Network Neighborhood shares (possibly because the address for the VPN was 192.168.1.0 and the other computers are on 192.168.0.0?). I was able to get on to my router however... and I changed one thing and was not able to connect again. I'm at home now and i'm trying to connect through the system.... going outside and then back in. I've set the Internal Network IP addrses to a different subnet of course and matched it appriopriately to the Remote Lan start IP address but i'm now totally unable to access the system. I have had outside computers make the attempt and still no connection. My router's firmware is the latest (2.4a) and I have defined different VPN connections for each computer with different shared keys and start IP addresses. I dont' know what's wrong or whats different about it when it did work that one time...
 
Upvote 0 Downvote
>>possibly because the address for the VPN was 192.168.1.0 and the other computers are on 192.168.0.0?

Here's what my lan ip setup looks like on the fvs318:

========================================================
LAN IP Setup
Enable UPnP not selected

LAN TCP/IP Setup

IP Address 192.168.0.1
IP Subnet Mask 255.255.255.0
RIP Direction Both
RIP Version RIP-2B

MTU Size Default


Use router as DHCP server selected

Starting IP Address 192.168.0.2
Ending IP Address 192.168.0.100
WINS Server 0.0.0.0

Reserved IP Addresses

# IP Address MAC Address Description
1 192.168.0.10 BA:34:12:D2:58:34 FILE SERVER
========================================================


Here's what my vpn Settings look like:
========================================================
VPN Settings - Main Mode

Connection Name fvs_conn_1
Local IPSec Identifier abc.dyndns.org
Remote IPSec Identifier 0.0.0.0
Tunnel can be accessed from any local address
Local LAN start IP Address -
Local LAN finish IP Address -
Local LAN IP Subnetmask -
Tunnel can access a single remote address
Remote LAN start IP Address 192.168.100.2
Remote LAN finish IP Address -
Remote LAN IP Subnetmask -
Remote WAN IP or FQDN -

Secure Association Main Mode
Perfect Forward Secrecy Enabled
Encryption Protocol 3DES
PreShared Key your_preshared_key_here
Key Life Seconds 3600
IKE Life Time Seconds 28800
NETBIOS Enable yes
========================================================


Now for softremote:

Under "My Connections"->your_connection_name:

ID Type -> IP Subnet
Subnet -> 192.168.0.0
Mask -> 255.255.255.0

Protocol -> All

Connect using -> secure gateway tunnel
ID Type -> any -> Gateway Hostname
Any ID abc.dyndns.org


Under MyIdentity, make sure that the "Internal Network IP Address" is the same as the "Remote LAN start IP Address" which was entered on the fvs318 (in my case it would be 192.168.100.2). The rest of the settings for softremote are exactly as you see them in the pdf document that i pointed out in an earlier post.

if it works then try pinging a machine or accessing a machine with \\192.168.xxx.xxx in windows explorer.

i would have to warn you though that this is the first vpn that i've ever set up and so am no expert at it. That said i'll try my best to help you out.

good luck and tell me how it goes
 
Upvote 0 Downvote
oh after thought: you should also look at the log in the fvs318 and see what the errors say when you try to connect. Just go to Router Status and press the VPN logs button.

Also when i was getting Retransmission errors i deleted 4 tunnels on the router and redefined the 4 that were left to use 192.168.100.2/50/100/150 as the Remote LAN IP Address. From that time on i stopped getting Retransmission errors. Don't ask me why it fixed the problem or if it was fixed at all...but its working for now.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
306
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Question
Best vpn safe and fast
Replies
4
Views
198
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
128
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
222
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top