Hi, The DG834 don't support the Aggressive Mode, there is only expected for VPN Site@Site Change the router is the better solution !
Regards, On Mon, Mar 7, 2011 at 9:14 PM, Howard Spindel <[email protected]> wrote: > Fabio, > > Don't know why I'd need Dynamic DNS for the laptop. The router doesn't > have to find the laptop - the laptop finds the router. > > I did look at the tutorial for the Netgear connection, but the DG834G is > very different from the tutorial and hard to map. The DG834G has many fewer > settings allowed than the tutorial's ProSafe router. > > I tried the specific suggestions you had, and it made no difference that I > can see. Still not getting through Phase 1. > > Really need a cookbook approach tailored to the DG834G here. > > Thanks, > Howard > > > > At 11:31 AM 3/7/2011, Fabio Cigoj wrote: > >> Howard, >> >> If you have a fixed IP address on the router that's ok, but you still >> need a dynamic DNS service for the laptop. >> I am a bit confused about the router as the Netgear website states it's >> a VPn passthrough in one place and that it can support up to 5 endpoints >> somewhere else. >> Worth giving it a try anyway...provided your router supports Mode Config >> for policy generation. One of the things I am sure of is that Shrew >> talks to Netgear only if Mode Config is used. >> If that is not the case then a new router is in order. >> Did you take a look to the tutorial published on Shrew's website for >> connections with Netgear hardware ? It is written for another router, >> but shouldn't be too difficult to figure it out. >> Bear in mind that some things need to be followed exactly, one is >> example is the authentication: pre shared key only does not work; it >> needs to be PSK + XAuth. >> Another thing is that the exchange mode must be set to aggressive. I >> tried main and it didn't work. >> Local gateway on the router is the local WAN IP, while for the remote I >> used a the FQDN assigned to the laptop. >> Make sure the address range to assign to the clients is on a different >> subnet than your LAN. >> DH group must be 2 >> Encryption algorithm must be 3DES and integrity algorithm must be SHA-1 >> >> Wouldn't know what more to add without a clear view of router and client >> configuration, but I think you have some more things to try now. >> >> Cheers >> >> Fabio >> >> >> On 07/03/11 20:03, Howard Spindel wrote: >> > Fabio, >> > >> > I shouldn't need a Dynamic DNS service as I have a static IP for my >> > Netgear router. >> > >> > So, how would I make this work with the DG834, and what additional >> > software do I need? The Netgear config panels don't talk about it being >> > a VPN pass-through - they make it sound like a VPN endpoint. >> > >> > If I'm going to have to buy a different router to make this work, what >> > router do folks like? (I need it with a DSL modem built-in too). >> > >> > Thanks, >> > Howard >> > >> > At 05:05 AM 3/7/2011, Fabio Cigoj wrote: >> >> Howard, >> >> >> >> The DG834 is a VPN-passthough in first place, not a VPN-endpoint, >> >> which would force you set up a VPN server. >> >> From my gatherings, collected from qualified people like the author of >> >> Shrew, it seems that Netgear uses quite an old VPN stack, but there >> >> are better and worse routers. >> >> I use a 338, which, far from being perfect for my needs is a >> >> VPN-endpoint, I managed to make work in much a similar config as the >> >> one you need. >> >> The trick is to register with a (free) dynamic DNS service both your >> >> router and your laptop, so every time you connect to internet the name >> >> of your machines has the correct IP address assigned. At that point >> >> you can use the FQDN (fully qualified domain name) in the VPN config. >> >> It looks complicated, but it is(n't) >> >> >> >> Cheers >> >> >> >> Fabio >> >> >> >> On Mon, Mar 7, 2011 at 1:31 PM, Howard Spindel <[email protected] >> >> <mailto:[email protected]>> wrote: >> >> >> >> In all likelihood, the laptop would no be directly connected to >> >> the internet. I would be at the mercy of whomever was providing a >> >> hot spot. >> >> >> >> Is there no way to get that to work? >> >> >> >> >> >>> Hi, >> >>> >> >>> You laptop is directly connected to Internet ? (no NAT). >> >>> Because the NETGEAR DG834 support only the MAIN Mode... (and >> >>> the VPN is buggy...) >> >>> >> >>> Regards, >> >>> >> >>> On Mon, Mar 7, 2011 at 11:32 AM, Howard Spindel >> >>> <[email protected] <mailto:[email protected]>> wrote: >> >>> >> >>> I'm trying to setup a VPN that will allow me to connect >> >>> in to my home network (with a Netgear DG834Gv4 facing the >> >>> internet) from a Windows 7 laptop. >> >>> Can anyone provide a cookbook for setting the Netgear VPN >> >>> settings and ShrewSoft VPN client that would enable the >> >>> two to connect? I've been tearing my hair trying all >> >>> sorts of combinations, but can't get anything to work. >> >>> The VPN trace on the Win 7 laptop shows three attempts to >> >>> send phase1 packets before it hits "resend limit exceeded >> >>> for phase1 exchange" and aborts. >> >>> I am a computer programmer with 30 years experience and >> >>> lots of networking experience, but I can't figure this >> >>> one out! >> >>> Thanks, >> >>> Howard >> >>> Netgear policy page looks like this right now: >> >>> Remote VPN Endpoint: Dynamic IP address >> >>> Local LAN: IP address is set to my local subnet >> >>> Remote LAN: IP address is set to "Single PC - no subnet" >> >>> IKE direction: responder only (only choice allowed) >> >>> Exchange mode: Main mode (only choice allowed) >> >>> DH group: auto >> >>> Local ID type: WAN IP address >> >>> Remote ID type: FQDN >> >>> Encryption algorithm: 3DES >> >>> Authentication algorithm: auto >> >>> Using a pre-shared key for authentication >> >>> >> >>> >> >>> _______________________________________________ >> >>> vpn-help mailing list >> >>> [email protected] <mailto:[email protected] >> > >> >> >>> http://lists.shrew.net/mailman/listinfo/vpn-help >> >> >> >> >> >> >> >> _______________________________________________ >> >> vpn-help mailing list >> >> [email protected] <mailto:[email protected]> >> >> >> http://lists.shrew.net/mailman/listinfo/vpn-help >> >> >> > >> > >> > >> > _______________________________________________ >> > vpn-help mailing list >> > [email protected] >> > http://lists.shrew.net/mailman/listinfo/vpn-help >> > > > > _______________________________________________ > vpn-help mailing list > [email protected] > http://lists.shrew.net/mailman/listinfo/vpn-help >
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
