cancel
Showing results for 
Search instead for 
Did you mean: 

Dlink 504 Router with VPN set-up

N/A

Dlink 504 Router with VPN set-up

I have a Dlink 504 router connected to my Plusnet ADSL connection.
Web browsing is fine, no problems.

I want to connect to my workplace with VPN (I have VPN client software called Checkpoint) and have a certificate to validate me when connecting to my workplace.

No matter what I try I cannot get this to work.
My colleagues have this type of set-up albeit different routers and different ISP ADSL connections, and it works fine. I even tried borrowing a Netgear 814 router and trying it, but it did not work.

I tried contacting support, both Plusnet & Dlink, but they are as helpful as a chocolate teapot.

I have the latest fimware for the Dlink, I don't know whether I should have any other configuration set on the Dlink router to Allow VPN passthrough.

Can anyone help? I am seriously considering BlueYonder when my Plusnet contract is up!!
8 REPLIES
N/A

Dlink 504 Router with VPN set-up

My sugestion would be to illiminate all possible issues with your VPN.

It may be worth having somebody with a working setup attempt a connection using the own details (and certificate if needed) to test if it could be a issue with the connection or not.

Included in this, they should try using there own router on your line (though your ISP details).

If this still fails, there is little support can do, unless you then pinpoint exactly where the connection is failing.
N/A

Dlink 504 + VPn

I have tried using someone elses router (netgear 814) who has it working at his home with ADSL (not plus.net) I put my account details in, web browsing ok, didn't work using my VPN client set-up and certificate.

I have also successfully used this VPN client setup and certificate through a Plus.net dial-up modem link, which worked but very slowly as you would expect. The problem is either router setup, or something to do with your ADSL line (i.e. something is blocking it further on up the line).
N/A

Dlink 504 Router with VPN set-up

If you wish to use VPN you need to open the inbound ports on the DSL504 router firewall. Otherwise your VPN client (I'm using CISCO) will send the connect request to your router/server at work but it will not receive a reply from you as the packets are discarded by the DSL504 router - it needs to handshake with your PC before the tunnel will open. Preferable that you have ver 2.21 firmware on the router.

Normally VPN uses the following ports:
L2TP Layer 2 Tunnelling Protocol (VPN)
UDP 500
UDP 1701

What you need to do is set up port forwarding for the two port numbers above(or the ports used by your VPN service, which may be TCP instead) to send the incoming packets to the machine which has inititated the connection.

So if your PC at home has an address of 192.168.0.2 (say) then create port forwarding entries to direct packets received by the router at ports UDP500 and UDP1701 to that address.

See this site for all sorts of useful info on the DSL504 router
http://shadow.sentry.org/~trev/dsl50x.html
N/A

DSL 504 Router + VPN

I tried your suggestions, i.e. Port fowarding for UPD 500 & 1701 (I also did TCP for those Ports) and re-directed them to my PC's IP address.

I still get the same problem, cannot connect to VPN Gateway.

I have firmware R2.21.002.06.b2t10uk

Any other suggestions?
N/A

DSL 504 Router + VPN

The only other thing I can think of is to make sure your router can pass IPSEC traffic (IP Protocol 50) if UDP Encapsulation is not used. If UDP Encapsulation Mode is used, make sure it can pass UDP Port 2746. Forward both if you are unsure. If I presume correctly that you are using the SecuRemote client you may also need to open IKE (token encryption/decryption) on TCP port 264.

Does your router firmware have an ALG page under the configurations section? Check that you have ticked L2TP and IPSEC if available before tinkering with the ports.

HTH
N/A

Dlink 504 Router with VPN set-up

Hello again,

still no good...

On Router - Under IP Masquerade Pass Through IPSEC & PPTP is enabled

I have forwarded ports for TCP 50, UDP 2746 & TCP 264 through to my PC's IP Address, along with the others from the other day.

The Vpn Client software has an option to "Force UDP Encapsulation" I have been told to choose that option by our Network guy at work.

There is also an option for IKE something or other, but I have not been told to choose this option.

Anyway I have tried it with both these options on/off.

I am waining under amount of attempts to get this working, but truly appreciate your help in trying to resolve this matter.

Any other suggestions welcome..

Cheers

Ken
mssystems
Rising Star
Posts: 269
Thanks: 33
Fixes: 1
Registered: 10-08-2007

Dlink 504 Router with VPN set-up

Hi Ken

Caveat I know a bit about VPN's. I am not particularly familiar with your D-Link router and it is a while since I played with Checkpoint Firewall 1.

IPSec is a fairly complicated protocol. I doubt your going to fix this by random fiddling with settings. First thing is to find out if there are any debugging facilities with the VPN client. Can you create a log file of the connection attempt? Without knowing where the Contact/Authentication/Encapsulation chain is failing your shooting in the dark.

IIRC there used to be a problem with Checkpoint's UDP encapsulation (NAT-T). I would have thought they had fixed it by now though?

Key to this sort of fault finding is to simplify things as far as possible. Can you connect to the ADSL line without the router, borrow a USB or PCI modem perhaps? Alternatively you could try disabling NAT at the router.

It may be worth asking Work if they can supply you with a known good config file for the VPN client to use as a starting point.

From my office I run IPsec VPNs to multiple Cisco, Sonicwall and Netscreen routers. So it is not impossible to tunnel IPSec through Plusnet. I am currently looking at a problem with a Netgear router which is refusing to play ball, so it isn't always straightforward either.

Regards
Matt
N/A

Dlink 504 Router with VPN set-up

Hi

I've just got my VPN working through Plusnet with a DG814 router. The clinet is Cisco, but the principal is the same, so for what its worth here is what I did.

1. Check that your client supports a UDP wrapper, it wont work if this is not turned on.
(This is because IPSec the VPN protocol is designed to make sure that nothing changes to the packet as it crosses the Internet. NAT does change the packet so by default it will fail to connect. A UDP wrapper simply wraps the IPSec packet in another packet and IPSec doesnt care if that gets changed so it will be accepted)

2. Check that your router accepts VPN passthrough or IPSec passthrough, they are different terms for the same thing.

This is because the tunnel setup needs to establish to your PC and with NAT, there is nothing to tell IPSec where that connection needs to go to get to your PC. VPN passthrough might be dynamic on the router, ie it might detect you are running a tunnel and who you are by IP address and return the IPSec connection to your PC, or you might need to configure it with a NAT/PAT rule. This is what I needed to do on mine.

The DG814 has a port forwarding for IPSec ready to add, so you specify your PC IP address and it should be sorted. The port for IPSec is 500 in case you dont have that kind of automatic rule available.

You shouldnt need any other ports mapped.

As soon as I did that the tunnel was up right away and the throughput is excellent.


I hope that helps.

Ian