VPN setup question for XP. - Routers

This is a discussion on VPN setup question for XP. - Routers ; Hi: I'm attempting to set up a VPN for about 6 remote users connected through a Netgear FVS318. I've set up the VPN filters according to the information on this Netgear Support Page (using www.tinyurl.com , so it doesn't wrap): ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: VPN setup question for XP.

  1. VPN setup question for XP.

    Hi:

    I'm attempting to set up a VPN for about 6 remote users connected
    through a Netgear FVS318. I've set up the VPN filters according to the
    information on this Netgear Support Page (using www.tinyurl.com, so it
    doesn't wrap):

    http://tinyurl.com/oyh36

    , but I'm not sure how to use the filters set up as part of a completed
    VPN connection. It appears they've left that critical part out of the
    directions. (I do have a router on my end. It's a Belkin N1. The WAN
    set on the Belking isn't the internet IP though. It's something that
    starts with 192.168 so it's local, and the connection uses a Windows
    gateway. Maybe that's complicating things.)

    Clearly I can't use the VPN wizard to do it, because I've tried that, so
    there must me some manual rigmarole. The filters assume static
    addresses, and I generally have dynamic, but wanted to at least see if I
    can establish a network before dealing with that nicety. The IP
    addresses don't change, whether they're local or wide. BTW, I have set
    up a succussful Remote Desktop connection passing through this router,
    so it is possible to set up a two-way connection.

    The following log file is the sequence the router runs through about
    half a dozen times before giving up on the VPN, when I attempt to use a
    generic VPN connection set up by Microsoft's wizard. (Yes, I did
    specify an IPSec shared key). It basically gets stuck to the Oakley
    Transform, though I don't know what "invalid value 14" means.

    -----start log here-----
    Sat, 08/19/2006 13:07:32 - FVS318 IPsec:Receive Packet address:0x1397554
    from ***.***.***.***
    Sat, 08/19/2006 13:07:32 - FVS318 IKE:Peer Initialized IKE Main Mode
    Sat, 08/19/2006 13:07:32 - FVS318 IKE:[VPNCON2] RX << MM_I1 :
    ***.***.***.***
    Sat, 08/19/2006 13:07:32 - FVS318 IPsec:New State index:0, sno:13
    Sat, 08/19/2006 13:07:32 - FVS318 IPsec:responding to Main Mode
    Sat, 08/19/2006 13:07:32 - FVS318 IPsec:loglog[3] invalid value 14 for
    attribute OAKLEY_GROUP_DESCRIPTION in Oakley Transform
    -----end log here-----

    So is there any way to set up a VPN going from an XP box to this router?
    Do I need proprietary software? Would ISA work?


  2. Re: VPN setup question for XP.

    Freewheeling wrote:
    > Hi:
    >
    > I'm attempting to set up a VPN for about 6 remote users connected
    > through a Netgear FVS318.


    I'll assume XP throughout.

    Do you mean the FVS318 configured as the VPN device, talking to your
    local network using XP vpn server capabilities locally,
    or are you just using the FVS318 as a router/firewall for this
    connection, and using the built-in vpn capabilities of XP as client and
    server on each side?

    The former may not work, the latter certainly will. In any case...

    You have setup a target box on the lan for VPN, yes? This will be
    needed, since you're not running another FVS318 or equivalent on your
    end (in that case, they could just 'talk' directly to each other by
    setting up the apporopriate VPN parameters.)

    If not, go to network connections on the target, select the 'create a
    new connection' task,
    next;setup advanced...;accept incoming...;allow vpn...;edit users as
    needed;edit networking s/w if needed; finish

    You should now have an 'incoming connections' icon in your network
    connections.

    You'll need to set the router on your end to send vpn traffic to the
    target. Not sure if the g/w system will get in the way, I've never used
    vpn on xp that way - is there a reason you don't just connect the
    router directly to the ISP modem?

    Both sides need to be using the same vpn method, e.g., ppp, l2tp...

    Since manufacturers interpret the VPN specs differently in some cases,
    this may not fly if you're trying to let the FVS318 act as the client,
    ymmv.

    Good luck
    R


  3. Re: VPN setup question for XP.


    heycarnut wrote:
    <...
    Please also note, the XP vpn capabilities only allow one connection to
    the target at a time. If you need simultaneous connections, you'll need
    to use some other VPN server.
    Or, just put another FSV318 on your side.

    R


  4. Re: VPN setup question for XP.

    heycarnut wrote:
    > Freewheeling wrote:
    >> Hi:
    >>
    >> I'm attempting to set up a VPN for about 6 remote users connected
    >> through a Netgear FVS318.

    >
    > I'll assume XP throughout.
    >
    > Do you mean the FVS318 configured as the VPN device, talking to your
    > local network using XP vpn server capabilities locally,
    > or are you just using the FVS318 as a router/firewall for this
    > connection, and using the built-in vpn capabilities of XP as client and
    > server on each side?


    Well, it may not be the set choice but at the moment I was just going to
    tunnel to the router and see if the network server picked up the new
    connection. Not that I know what I'm doing, mind you.
    >
    > The former may not work, the latter certainly will. In any case...
    >

    I think the company uses the Win2000 server, or maybe Win2003.

    > You have setup a target box on the lan for VPN, yes? This will be
    > needed, since you're not running another FVS318 or equivalent on your
    > end (in that case, they could just 'talk' directly to each other by
    > setting up the apporopriate VPN parameters.)
    >
    > If not, go to network connections on the target, select the 'create a
    > new connection' task,
    > next;setup advanced...;accept incoming...;allow vpn...;edit users as
    > needed;edit networking s/w if needed; finish
    >
    > You should now have an 'incoming connections' icon in your network
    > connections.


    If I want to set this up for multiple users I should probably do this on
    the server, right?

    >
    > You'll need to set the router on your end to send vpn traffic to the
    > target. Not sure if the g/w system will get in the way, I've never used
    > vpn on xp that way - is there a reason you don't just connect the
    > router directly to the ISP modem?


    I thought it was. On both ends.
    >
    > Both sides need to be using the same vpn method, e.g., ppp, l2tp...


    Alright.

    >
    > Since manufacturers interpret the VPN specs differently in some cases,
    > this may not fly if you're trying to let the FVS318 act as the client,
    > ymmv.


    There's supposedly a software client for the Netgear stuff. I should
    probably try that. Since most of the users' home systems will differ
    quite a bit that might be the only way to go. Trouble is, the disk with
    the client software seems to have been misplaced. Ugh.

    >
    > Good luck
    > R
    >


  5. Re: VPN setup question for XP.

    heycarnut wrote:
    > heycarnut wrote:
    > <...
    > Please also note, the XP vpn capabilities only allow one connection to
    > the target at a time. If you need simultaneous connections, you'll need
    > to use some other VPN server.
    > Or, just put another FSV318 on your side.
    >
    > R
    >

    I think the FSV318 can handle up to 8 simultaneous connections, which is
    enough for our small staff. On the other side I can't imagine that
    they'll need more than 1 connection per employee.

  6. Re: VPN setup question for XP.

    Freewheeling wrote:
    > I think the FSV318 can handle up to 8 simultaneous connections, which is
    > enough for our small staff. On the other side I can't imagine that
    > they'll need more than 1 connection per employee.


    I meant that if you use the xp vpn built-in, it will only handle *one*
    connection at a time. That means only one vpn user at a time. They
    could rig up a system on their end to g/w all of them through one vpn
    connection, but frankly, for the ~$100.00 the router costs, you'll save
    *alot* of headache and configuration just putting another one on your
    end, and get 8 full compatible vpn connections simultaneously between
    the nets.

    R


  7. Re: VPN setup question for XP.

    heycarnut wrote:
    > Freewheeling wrote:
    >> I think the FSV318 can handle up to 8 simultaneous connections, which is
    >> enough for our small staff. On the other side I can't imagine that
    >> they'll need more than 1 connection per employee.

    >
    > I meant that if you use the xp vpn built-in, it will only handle *one*
    > connection at a time. That means only one vpn user at a time. They
    > could rig up a system on their end to g/w all of them through one vpn
    > connection, but frankly, for the ~$100.00 the router costs, you'll save
    > *alot* of headache and configuration just putting another one on your
    > end, and get 8 full compatible vpn connections simultaneously between
    > the nets.


    I must be missing something. Wouldn't that be $800 for 8 additional
    routers, or are you talking about something else? Would it be less
    expenive to let the users use their own equipment and just spend $50 for
    Netgear's client software? I'm strongly leaning in that direction,
    leaving Windows VPN stuff out of the picture. People from home would
    have access to the shared drives, or they could Remote Desktop directly
    to their own boxes at work.

    Is there something I missed? Maybe this is silly, for some reason not
    obvious to me? Anyway, I guess your observation sort of rules out using
    Windowns solutions. Thanks.

    >
    > R
    >


  8. Re: VPN setup question for XP.


    Freewheeling wrote:
    >...

    I assumed the 8 users were in one remote office, but it appears you
    meant they were dispersed. Yes, the cheapest, and likely easiest
    solution in that case is to use the netgear vpn client s/w on each of
    the remote user machines.

    Good luck,

    r


+ Reply to Thread