HACKVIKING.COMHE KILLED CHUCK NORRIS, HE RULED DANCING SO HE TOOK UP A NEW HOBBY… Subscribe via RSS

IPSec VPN with Netgear FVS318v3My Belkin N1 Vision router decided to die the other day. So i realized it was time for anindustrial strength router. Checked out a really nice one with Linux built in and greatapplication support. It was a little prize for me right now, just got a new girlfriend and movedin with her....

I finally decided for the Netgear FVS318v3 which comes with a built in IPSec VPN server for 8concurrent connections. Netgear wants ~$50 for the client software which I wasn't reallyhappy about paying. So I started checking around for a free alternative. Finally I came acrossShrew Soft VPN Client (http://www.shrew.net/). It's free and really light weight. It took somefiguring out how to configure it all so I thought it was a good idea to share it.

I presume that you already have DynDNS enabled. If you have a dynamic WAN address it's amust to get this to work.

First you have to set up your FVS318 router to accept the connections.

1. Log on to your router and go to the "VPN Wizard" in the left hand menu.2. Just click "Next"...

3. You have to set a name for your connection and a pre-shared key (PSK). Select "A remoteVPN client" as connection type.

4. You will get a confirmation screen next. Just click "Done".

Now your router is up to speed and you need to download the VPN client fromhttp://www.shrew.net/downloadOnes installed it's time to set up your new connection.

1. In the router admin page select "IKE Policies" in the left hand menu. The two pieces ofinformation you are interested in is "Local ID" and "Remote ID".

2. Now start Shrew Soft VPN Access Manager and click "Add".

Categories

.Net

asp.net

C#

Cheat

CodeProject

Customize

Exchange

Facebook

Flash games

fonera

Google

Google App Engine

Google Code

Google Data API

Google Maps

Hack

Hyper-V

iPhone

ISA Server

jQuery

jQuery UI

Linq

LINQ to SQL

Microsoft

Misc

Missing People Techsupport

Money Making

MVC

MySQL

Network

Picasa Web

Power of scripting challange

Powershell

Python

RoundCube

Scripting

Security

Server

Spotify

sql

Uncategorized

VBScript

Watchguard

WEP

Windows

Windows Server 2008

Wireless security

Wordpress

Archives

About Me

Puh Kristofer Källsbo

CIO @ a Swedish product,construction and servicecompany. Consultant,programmer, blogger andsecurity freak. Currently onsabbatical to go treasurehunting @ sea

View Full Profile →

Follow me on Twitter

Google Picasa API Python:

Developers Guide

wp.me/p11vXx-5v

Hack Viking

@HackViking

Google Code Project Home

Page: Tips & Tricks

wp.me/p11vXx-5t

Hack Viking

@HackViking

Updated the project page for

Picasa Web Downloader:

code.google.com/p/picasa-web-d

Hack Viking

@HackViking

30 Oct

30 Oct

29 Oct

Tweets Follow

Tweet to @HackViking

OCT/10

HOME FILE ARCHIVE MY JS FIDDLES CONTACT ME

3. Now enter your DynDNS, or static WAN address if you have one, in the "Host Name or IPAddress" field.

4. Set "Auto Configuration" to "disabled".5. Set "Local Host" - "Address Method" to "Use an existing adapter and current address".

6. Now go to the "Name Resolution" tab. If you know the addresses to wins server and/ordns server on the remote network enter them here. If not uncheck the check boxes.

7. Now go to the "Authentication" tab and set "Authentication Method" to "Mutual PSK".8. "Local Identity" should be the field "Remote ID" on the routers "IKE Policies" page.

"Identification Type" should be "Fully Qualified Domain Name".

9. On the "Remote Identity" tab the "Identification Type" should be "Fully Qualified DomainName" and "FQDN String" should be the "Local ID" from the routers "IKE Policies" page.

Archives

October 2013

March 2013

February 2013

November 2012

October 2012

June 2012

March 2012

January 2012

November 2011

October 2011

July 2011

March 2011

February 2011

January 2011

October 2010

September 2010

August 2010

April 2010

March 2010

January 2010

September 2009

10. Moving on to the "Credentials" tab fill in your PSK in the "Pre Shared Key" field. In thiscase "areallylamekey".

11. Then you go to main tab "Policy".12. Uncheck the "Obtain Topology Automatically or Tunnel All" check box.13. Click the "Add" button.14. Type in your network. To route all the 192.168.0.x addresses over the VPN tunnel enter

address 192.168.0.0 and netmask 255.255.255.0. If you have the same network addressrange at home and in your current location you can enter specific addresses or add another topology entry that excludes those addresses.

15. Then hit "Save" and you will return to the mane window.16. Dubbel click your connection and select "Connect". That's it!

Share this:

Filed under: Network, Security Leave a comment

WarrenOctober 14th, 2010 - 07:38

Hi,

I tried this. Didn’t work for me. I get “[==== IKE PHASE 1 ESTABLISHED====]” okay, butI can’t seem to get PHASE II to happen. As a result no tunnel.

WarrenOctober 14th, 2010 - 08:09

Alright, then. I tried again, following the steps you documented and this time it worked!Thanks for the guide, most helpful.

BobFebruary 26th, 2011 - 06:34

It worked as advertised.thanks,Bob

RudyApril 13th, 2011 - 17:52

hi I am able to connect but only to the firewall, let say I want to do https on one on thecomputers under this firewall I cannot.

JayJune 14th, 2011 - 04:40

Dude, you saved my day with these instructions.

zackAugust 9th, 2011 - 16:59

http://pastebin.com/j6iNrBb5

Any idea what could be happening? I get “invalid message from gateway” through Shrew.

KeithAugust 20th, 2011 - 06:53

Man, saved our bacon too. Almost midnight and got it working thanks to your help! BTW,on the FVS318V3 firmware version 3.0_28 we had to do one additional config in theShrew Soft client.We could get Phase I to connect but were having issues with Phase II completing.

In the Phase II tab, we had to change “Transform Algorithm” to: esp-3desand “HMAC Algorithm” to: sha1and “PFS Exchange” to: disabled

Then we were able to connect properly.

Thanks again!

SchaussiSeptember 16th, 2011 - 10:39

Thank you, this tutorial was a great help for me!

Your now up and running with your own secure IPSec tunnel to your home or office!

Facebook Google Twitter

Comments (20) Trackbacks (0) ( subscribe to comments on this post )

Thank you, this tutorial was a great help for me!

PaulGNovember 23rd, 2011 - 15:00

I too would like to say thank you for the tutorial. Followed the instructions step by step andeverything worked on the first try at connecting.

Belkin Router IpJanuary 14th, 2012 - 14:49

What’s up, just wanted to mention, I loved this article. It was helpful. Keep on posting!

SRejectMarch 13th, 2012 - 01:20

I keep getting “invalid message from gateway” after “bringing up tunnel”. Any idea whythis would occur?

SupportMay 31st, 2012 - 13:42

Followed the tutorial but had the same problem as Rudy. I can establish the tunnel but canNOT communicate with any device on the other side. IPConfig shows the connectiondoesn’t have a Gateway address. Is the “Use Current adapter and Current Address”assuming both sides have the same ip range? What if they don’t? Assigning an address didnot seems to help.

Andrey ToktarovAugust 18th, 2012 - 20:24

Thanks you! It’s very easy tutorial)))

GrantOctober 21st, 2012 - 01:08

Just wanted to write to say thanks for taking the time to document this. Worked perfectlyand your instructions allowed me to get it working in about 5 minutes. Compare that to theseveral hours of research trying to find the Netgear VPN client, only to find out it isn’tcompatible with Windows 7. Many thanks!

OhioTechNovember 15th, 2012 - 18:46

Awesome guide, this worked flawlessly for me. Really appreciate your efforts! Thanks!

JeffMarch 26th, 2013 - 00:19

Thanks so much for taking the time to type this out and include the screen shots. I initiallyfollowed the Netgear How-To on the Shrew site but it didn’t work. After finding yourinstructions I followed the steps and everything worked perfectly! Thanks again!

BIagioApril 30th, 2013 - 20:19

everything is working at first connection. Thanks, you are very great!!!!!

davidcAugust 5th, 2013 - 22:14

Hey awesome guide, I finally was able to connect o my vpn but I can’t ping anything onthat network.

My network is set at 192.168.1.x

Copyright © 2013 Hackvik ing.com · Powered by WordPress Lightword Theme by Andrei Luca

Go to top ↑

My network is set at 192.168.1.xthe VPN network is at 10.1.1.x

how would i do that? i tried the virtual adapter thing.Wasnt much luck.

Thanks,David

paoloAugust 17th, 2013 - 10:50

I tried following some tutorials here and there and nothing worked.I followed your tutorial and it worked perfectly at the first try. I just needed to specifysome more parameters in shrew under Phase1 and Phase2 tabs.Great great help indeed!

MattAugust 29th, 2013 - 12:17

Excellent, took me hours to come close to this, but your tutorial got me the rest of the wayand fast, Thank you so much!!!

Jailbreak for iPhone 4 » « Unable to display current owner

Leave a Reply

Enter your comment here...