HACKVIKING.COMHE KILLED CHUCK NORRIS, HE RULED DANCING SO HE TOOK UP A NEW HOBBY… Subscribe via RSS
IPSec VPN with Netgear FVS318v3My Belkin N1 Vision router decided to die the other day. So i realized it was time for anindustrial strength router. Checked out a really nice one with Linux built in and greatapplication support. It was a little prize for me right now, just got a new girlfriend and movedin with her....
I finally decided for the Netgear FVS318v3 which comes with a built in IPSec VPN server for 8concurrent connections. Netgear wants ~$50 for the client software which I wasn't reallyhappy about paying. So I started checking around for a free alternative. Finally I came acrossShrew Soft VPN Client (http://www.shrew.net/). It's free and really light weight. It took somefiguring out how to configure it all so I thought it was a good idea to share it.
I presume that you already have DynDNS enabled. If you have a dynamic WAN address it's amust to get this to work.
First you have to set up your FVS318 router to accept the connections.
1. Log on to your router and go to the "VPN Wizard" in the left hand menu.2. Just click "Next"...
3. You have to set a name for your connection and a pre-shared key (PSK). Select "A remoteVPN client" as connection type.
4. You will get a confirmation screen next. Just click "Done".
Now your router is up to speed and you need to download the VPN client fromhttp://www.shrew.net/downloadOnes installed it's time to set up your new connection.
1. In the router admin page select "IKE Policies" in the left hand menu. The two pieces ofinformation you are interested in is "Local ID" and "Remote ID".
2. Now start Shrew Soft VPN Access Manager and click "Add".
Categories
.Net
asp.net
C#
Cheat
CodeProject
Customize
Exchange
Flash games
fonera
Google App Engine
Google Code
Google Data API
Google Maps
Hack
Hyper-V
iPhone
ISA Server
jQuery
jQuery UI
Linq
LINQ to SQL
Microsoft
Misc
Missing People Techsupport
Money Making
MVC
MySQL
Network
Picasa Web
Power of scripting challange
Powershell
Python
RoundCube
Scripting
Security
Server
Spotify
sql
Uncategorized
VBScript
Watchguard
WEP
Windows
Windows Server 2008
Wireless security
Wordpress
Archives
About Me
Puh Kristofer Källsbo
CIO @ a Swedish product,construction and servicecompany. Consultant,programmer, blogger andsecurity freak. Currently onsabbatical to go treasurehunting @ sea
View Full Profile →
Follow me on Twitter
Google Picasa API Python:
Developers Guide
wp.me/p11vXx-5v
Hack Viking
@HackViking
Google Code Project Home
Page: Tips & Tricks
wp.me/p11vXx-5t
Hack Viking
@HackViking
Updated the project page for
Picasa Web Downloader:
code.google.com/p/picasa-web-d
Hack Viking
@HackViking
30 Oct
30 Oct
29 Oct
Tweets Follow
Tweet to @HackViking
OCT/10
HOME FILE ARCHIVE MY JS FIDDLES CONTACT ME
3. Now enter your DynDNS, or static WAN address if you have one, in the "Host Name or IPAddress" field.
4. Set "Auto Configuration" to "disabled".5. Set "Local Host" - "Address Method" to "Use an existing adapter and current address".
6. Now go to the "Name Resolution" tab. If you know the addresses to wins server and/ordns server on the remote network enter them here. If not uncheck the check boxes.
7. Now go to the "Authentication" tab and set "Authentication Method" to "Mutual PSK".8. "Local Identity" should be the field "Remote ID" on the routers "IKE Policies" page.
"Identification Type" should be "Fully Qualified Domain Name".
9. On the "Remote Identity" tab the "Identification Type" should be "Fully Qualified DomainName" and "FQDN String" should be the "Local ID" from the routers "IKE Policies" page.
Archives
October 2013
March 2013
February 2013
November 2012
October 2012
June 2012
March 2012
January 2012
November 2011
October 2011
July 2011
March 2011
February 2011
January 2011
October 2010
September 2010
August 2010
April 2010
March 2010
January 2010
September 2009
10. Moving on to the "Credentials" tab fill in your PSK in the "Pre Shared Key" field. In thiscase "areallylamekey".
11. Then you go to main tab "Policy".12. Uncheck the "Obtain Topology Automatically or Tunnel All" check box.13. Click the "Add" button.14. Type in your network. To route all the 192.168.0.x addresses over the VPN tunnel enter
address 192.168.0.0 and netmask 255.255.255.0. If you have the same network addressrange at home and in your current location you can enter specific addresses or add another topology entry that excludes those addresses.
15. Then hit "Save" and you will return to the mane window.16. Dubbel click your connection and select "Connect". That's it!
Share this:
Filed under: Network, Security Leave a comment
WarrenOctober 14th, 2010 - 07:38
Hi,
I tried this. Didn’t work for me. I get “[==== IKE PHASE 1 ESTABLISHED====]” okay, butI can’t seem to get PHASE II to happen. As a result no tunnel.
WarrenOctober 14th, 2010 - 08:09
Alright, then. I tried again, following the steps you documented and this time it worked!Thanks for the guide, most helpful.
BobFebruary 26th, 2011 - 06:34
It worked as advertised.thanks,Bob
RudyApril 13th, 2011 - 17:52
hi I am able to connect but only to the firewall, let say I want to do https on one on thecomputers under this firewall I cannot.
JayJune 14th, 2011 - 04:40
Dude, you saved my day with these instructions.
zackAugust 9th, 2011 - 16:59
http://pastebin.com/j6iNrBb5
Any idea what could be happening? I get “invalid message from gateway” through Shrew.
KeithAugust 20th, 2011 - 06:53
Man, saved our bacon too. Almost midnight and got it working thanks to your help! BTW,on the FVS318V3 firmware version 3.0_28 we had to do one additional config in theShrew Soft client.We could get Phase I to connect but were having issues with Phase II completing.
In the Phase II tab, we had to change “Transform Algorithm” to: esp-3desand “HMAC Algorithm” to: sha1and “PFS Exchange” to: disabled
Then we were able to connect properly.
Thanks again!
SchaussiSeptember 16th, 2011 - 10:39
Thank you, this tutorial was a great help for me!
Your now up and running with your own secure IPSec tunnel to your home or office!
Facebook Google Twitter
Comments (20) Trackbacks (0) ( subscribe to comments on this post )
Thank you, this tutorial was a great help for me!
PaulGNovember 23rd, 2011 - 15:00
I too would like to say thank you for the tutorial. Followed the instructions step by step andeverything worked on the first try at connecting.
Belkin Router IpJanuary 14th, 2012 - 14:49
What’s up, just wanted to mention, I loved this article. It was helpful. Keep on posting!
SRejectMarch 13th, 2012 - 01:20
I keep getting “invalid message from gateway” after “bringing up tunnel”. Any idea whythis would occur?
SupportMay 31st, 2012 - 13:42
Followed the tutorial but had the same problem as Rudy. I can establish the tunnel but canNOT communicate with any device on the other side. IPConfig shows the connectiondoesn’t have a Gateway address. Is the “Use Current adapter and Current Address”assuming both sides have the same ip range? What if they don’t? Assigning an address didnot seems to help.
Andrey ToktarovAugust 18th, 2012 - 20:24
Thanks you! It’s very easy tutorial)))
GrantOctober 21st, 2012 - 01:08
Just wanted to write to say thanks for taking the time to document this. Worked perfectlyand your instructions allowed me to get it working in about 5 minutes. Compare that to theseveral hours of research trying to find the Netgear VPN client, only to find out it isn’tcompatible with Windows 7. Many thanks!
OhioTechNovember 15th, 2012 - 18:46
Awesome guide, this worked flawlessly for me. Really appreciate your efforts! Thanks!
JeffMarch 26th, 2013 - 00:19
Thanks so much for taking the time to type this out and include the screen shots. I initiallyfollowed the Netgear How-To on the Shrew site but it didn’t work. After finding yourinstructions I followed the steps and everything worked perfectly! Thanks again!
BIagioApril 30th, 2013 - 20:19
everything is working at first connection. Thanks, you are very great!!!!!
davidcAugust 5th, 2013 - 22:14
Hey awesome guide, I finally was able to connect o my vpn but I can’t ping anything onthat network.
My network is set at 192.168.1.x
Copyright © 2013 Hackvik ing.com · Powered by WordPress Lightword Theme by Andrei Luca
Go to top ↑
My network is set at 192.168.1.xthe VPN network is at 10.1.1.x
how would i do that? i tried the virtual adapter thing.Wasnt much luck.
Thanks,David
paoloAugust 17th, 2013 - 10:50
I tried following some tutorials here and there and nothing worked.I followed your tutorial and it worked perfectly at the first try. I just needed to specifysome more parameters in shrew under Phase1 and Phase2 tabs.Great great help indeed!
MattAugust 29th, 2013 - 12:17
Excellent, took me hours to come close to this, but your tutorial got me the rest of the wayand fast, Thank you so much!!!
Jailbreak for iPhone 4 » « Unable to display current owner
Leave a Reply
Enter your comment here...