PDA

View Full Version : Configuring a VPN client for a dlink dfl800 firewall



Gfr
01-27-08, 10:32 AM
Hi,
I'm kinda new to this firewall so I'm feeling lost. Is there any sort
of tutorial or guide to configure a D-link VPN client to have access
to a dlink dfl800 firewall? I found something for the client but if I
don't know what to do on the firewall, it doesn't help me much..
Thanks in advance to anybody that will provide me with some useful
info

PS: I don't have to use certificates

Gianfranco Ambrosi

Wolfgang Kueter
01-28-08, 03:02 AM
Gfr wrote:

> Hi,
> I'm kinda new to this firewall so I'm feeling lost. Is there any sort
> of tutorial or guide to configure a D-link VPN client to have access
> to a dlink dfl800 firewall? I found something for the client but if I
> don't know what to do on the firewall, it doesn't help me much..
> Thanks in advance to anybody that will provide me with some useful
> info

RTFM

Wolfgang

Leythos
01-28-08, 07:45 AM
In article <7bd08e27-d5a7-4f10-aa03-
27149da0bd9f@s19g2000prg.googlegroups.com>, capretta@gmail.com says...
> Hi,
> I'm kinda new to this firewall so I'm feeling lost. Is there any sort
> of tutorial or guide to configure a D-link VPN client to have access
> to a dlink dfl800 firewall? I found something for the client but if I
> don't know what to do on the firewall, it doesn't help me much..
> Thanks in advance to anybody that will provide me with some useful
> info
>
> PS: I don't have to use certificates

And why have you not looked on the D-Link website, their support pages
are filled with how to setup VPN connections.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Cunnilingus
01-28-08, 08:11 AM
On Mon, 28 Jan 2008 10:02:46 +0100, Wolfgang Kueter
<wolfgang@shconnect.de> wrote:

>RTFM
>
>Wolfgang

Someone piss in your wheaties this morning?

Gfr
01-28-08, 08:38 AM
On 28 Gen, 15:11, Cunnilingus <forep...@work.com> wrote:
> On Mon, 28 Jan 2008 10:02:46 +0100, Wolfgang Kueter
>
> <wolfg...@shconnect.de> wrote:
> >RTFM
>
> >Wolfgang
>
> Someone piss in your wheaties this morning?

<And why have you not looked on the D-Link website, their support
pages
<are filled with how to setup VPN connections.


I DID read the proper chapters in the manuals and some info on
websites...and right because I didn't find anything specific matching
that client and that firewall, I asked in this forum. But it seems
that someone prefers to waste time giving very "classy" answers
instead of writing something useful. Fine.

Greetings
Gfr

Todd H.
01-28-08, 10:14 AM
Gfr <capretta@gmail.com> writes:

> On 28 Gen, 15:11, Cunnilingus <forep...@work.com> wrote:
> > On Mon, 28 Jan 2008 10:02:46 +0100, Wolfgang Kueter
> >
> > <wolfg...@shconnect.de> wrote:
> > >RTFM
> >
> > >Wolfgang
> >
> > Someone piss in your wheaties this morning?
>
> <And why have you not looked on the D-Link website, their support
> pages
> <are filled with how to setup VPN connections.
>
>
> I DID read the proper chapters in the manuals and some info on
> websites...and right because I didn't find anything specific matching
> that client and that firewall, I asked in this forum. But it seems
> that someone prefers to waste time giving very "classy" answers
> instead of writing something useful. Fine.

Welcome to comp.security.* :-)

--
Todd H.
http://www.toddh.net/

Leythos
01-28-08, 10:23 AM
In article <a494c1a5-4717-4414-a6a4-
81883a3a868f@s19g2000prg.googlegroups.com>, capretta@gmail.com says...
> On 28 Gen, 15:11, Cunnilingus <forep...@work.com> wrote:
> > On Mon, 28 Jan 2008 10:02:46 +0100, Wolfgang Kueter
> >
> > <wolfg...@shconnect.de> wrote:
> > >RTFM
> >
> > >Wolfgang
> >
> > Someone piss in your wheaties this morning?
>
> <And why have you not looked on the D-Link website, their support
> pages
> <are filled with how to setup VPN connections.
>
>
> I DID read the proper chapters in the manuals and some info on
> websites...and right because I didn't find anything specific matching
> that client and that firewall, I asked in this forum. But it seems
> that someone prefers to waste time giving very "classy" answers
> instead of writing something useful. Fine.

No, as each implementation is different, there would have to be someone
with a DFL-800 to direct you specifically to how to resolve your issue.

You don't need to get snotty, like someone that doesn't want help.

As it stands, I have a DFL-700, in fact, about 15 of them, running
around the country and use the PPTP VPN function on all of them. It was
painless to setup and the directions on the D-Link website made it easy
- if you have some basic networking skills/understanding - if not, then
you should find someone to come onsite and help you.

With your response tone I'm not lending you a hand.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Wolfgang Kueter
01-28-08, 10:36 AM
Gfr wrote:


> I DID read the proper chapters in the manuals and some info on
> websites...and right because I didn't find anything specific matching
> that client and that firewall, I asked in this forum.

What kind of VPN do you want to configure? IPSec? L2TP/PPTP or ???

What did you try so far?

Did you get any errors? If yes, what were the error messages?

> But it seems
> that someone prefers to waste time giving very "classy" answers
> instead of writing something useful.

The information you provided were not sufficient to enable someone to help
you because you only said: I've a DLINK box and want to configure a VPN ...

Wolfgang

Gfr
01-28-08, 10:42 AM
>
> The information you provided were not sufficient to enable someone to help
> you because you only said: I've a DLINK box and want to configure a VPN ...
>
> Wolfgang


"With your response tone I'm not lending you a hand. "

Mine?


That's Ok, I better do by myself, thanks anyway

Gfr

Gerald Vogt
01-28-08, 04:41 PM
On Jan 29, 1:42 am, Gfr <capre...@gmail.com> wrote:
> > The information you provided were not sufficient to enable someone to help
> > you because you only said: I've a DLINK box and want to configure a VPN ...
>
> > Wolfgang
>
> "With your response tone I'm not lending you a hand. "
>
> Mine?
>
> That's Ok, I better do by myself, thanks anyway

Yes. That is probably better. If you don't want to give details on
what you did etc. we cannot help you. You did not mention that you
have read the manual before nor did you exactly post which web sites
you have checked or tried. "something" is a little bit vague, isn't
it?

You don't exactly post which VPN client you use. There are various
versions available.

The rest of your OP sounded very much like those posts of other
people which don't care to even read the manual and just cry help once
the solution does not pop up as first result in your web search...

The dlink support pages has something on "How do I configure the
DS-601/DS-605 VPN software client to connect to the DFL-210/800/1600?"
which sounds to me very much like the thing you want to do. But if it
does not work you must give more details. What would be the benefit of
pointing you again to this article if you tried it before but don't
mention it nor mention what did go wrong?

Basic instructions are always in the manual and it is futile to repeat
all that here. Read the manual. Try it. It contains instructions how
to set up IPSec, PPTP, and L2TP. If you failed post what you have
tried exactly, what settings you have used, what exact error messages
you saw, messages in the logs etc.

Gerald

Gfr
01-30-08, 11:51 AM
> The dlink support pages has something on "How do I configure the
> DS-601/DS-605 VPN software client to connect to the DFL-210/800/1600?"
> which sounds to me very much like the thing you want to do. But if it
> does not work you must give more details. What would be the benefit of
> pointing you again to this article if you tried it before but don't
> mention it nor mention what did go wrong?
>
> Basic instructions are always in the manual and it is futile to repeat
> all that here. Read the manual. Try it. It contains instructions how
> to set up IPSec, PPTP, and L2TP. If you failed post what you have
> tried exactly, what settings you have used, what exact error messages
> you saw, messages in the logs etc.
>
> Gerald

Hi,
thanks for your post. I need to check again all the settings (IPSec
connection): I have no time to do it during these days, as that's an
extra thing I have to fix and I'm kinda busy. Last Sunday I followed
some steps in the manual and set the firewall in a way similar to
what is written in the Dlink support site but I still had some trouble
with the IKE in the first phase...so I may have set something wrong as
I was bored and tired. That's why I need to deal with it by myself.
Thanks again,
bye
Gfr

Gfr
02-10-08, 03:40 PM
> mention it nor mention what did go wrong?
>
> Basic instructions are always in the manual and it is futile to repeat
> all that here. Read the manual. Try it. It contains instructions how
> to set up IPSec, PPTP, and L2TP. If you failed post what you have
> tried exactly, what settings you have used, what exact error messages
> you saw, messages in the logs etc.
>
> Gerald

Ok, I'm back.
My case seems to be right the one described here
http://support.dlink.com/faq/view.asp?prod_id=2694&question=dfl-800
but there is something wrong and evidently I'm missing something.
So..I have this dlink dfl 800 at home. It's not connected to an actual
LAN because I have to set it up before connecting it to the LAN and to
internet. The client is Net Defend v 1.03...which looks like the one
in the example. I'm pretty sure that the problem is not the client but
I did something wrong on the firewall or forgot something. In fact
everything matches with the example on the dlink page..but I have a
problem with the first phase of the IKE (IKE error phase 1. Lost
contact to peer). Data (tx) in Kbyte results to be 5,523 so the
request seems to leave the client...but evidently there's no reply
from the firewall. Right because I'm not testing it on a real existing
network, I must've made some mistake or forgot something.
Under Interfaces - Ethernet I have a wan1 with IP 10.0.0.1, network
10.0.0.0 default gateway 10.0.0.1, no DHCP
The lan is with IP 192.168.1.1, same IP for the gateway
Under IP rules I set the rules just like in the example to allow any
traffic to and from the client to the server, with IPsec Tunnel....

Under IPSec Tunnels, I set
all-nets for Local network and Remote network,
no remote endpoint,
Tunnel as encapsulation mode,
selected the key I had set before, then put a tick on Routing/
Dynamically add a route etc etc and Advanced/Add route for remote
network

My laptop has IP 172.30.1.1 and the dlink client points to the
firewall gateway with IP 10.0.0.1. I connected to the port Wan1 and
tried to connect but the connection stopped at the first phase.
What am I forgetting or what did I do wrong?
Sorry again for bothering but since I can deal with this issue only on
week ends, it's getting a bit annoying.. :P:P

Gfr

Wolfgang Kueter
02-10-08, 04:52 PM
Gfr wrote:

>> mention it nor mention what did go wrong?
>>
>> Basic instructions are always in the manual and it is futile to repeat
>> all that here. Read the manual. Try it. It contains instructions how
>> to set up IPSec, PPTP, and L2TP. If you failed post what you have
>> tried exactly, what settings you have used, what exact error messages
>> you saw, messages in the logs etc.
>>
>> Gerald
>
> Ok, I'm back.
> My case seems to be right the one described here
> http://support.dlink.com/faq/view.asp?prod_id=2694&question=dfl-800
> but there is something wrong and evidently I'm missing something.
> So..I have this dlink dfl 800 at home. It's not connected to an actual
> LAN because I have to set it up before connecting it to the LAN and to
> internet. The client is Net Defend v 1.03...which looks like the one
> in the example. I'm pretty sure that the problem is not the client but
> I did something wrong on the firewall or forgot something. In fact
> everything matches with the example on the dlink page..but I have a
> problem with the first phase of the IKE (IKE error phase 1. Lost
> contact to peer). Data (tx) in Kbyte results to be 5,523 so the
> request seems to leave the client...but evidently there's no reply
> from the firewall. Right because I'm not testing it on a real existing
> network,

> I must've made some mistake or forgot something.

Oviously you have not tried whether your client 172.30.1.1 can reach
10.0.0.1 (Firewall WAN-IP) ...

> Under Interfaces - Ethernet I have a wan1 with IP 10.0.0.1, network
> 10.0.0.0 default gateway 10.0.0.1, no DHCP

So the default gateway is the firewall itself, which means that the
firewall will send everything to its own external interface. That is
obviouly complete crap, even for a lab setup.

> The lan is with IP 192.168.1.1, same IP for the gateway

No gateway to be configured here.

> My laptop has IP 172.30.1.1 and the dlink client points to the
> firewall gateway with IP 10.0.0.1. I connected to the port Wan1 and
> tried to connect but the connection stopped at the first phase.
> What am I forgetting or what did I do wrong?

The client simpy cannot reach the gateway, how should he?

Configure your lab like this:

Firewall:
IP-Wan: 10.0.0.1 netmask 255.255.255.0 gateway 10.0.0.254
IP-LAN: 10.168.1.1 netmask 255.255.255.0

Client: 10.0.0.2 netmask 255.255.255.0 gateway 10.0.0.254

Connect the WAN Interface and the client to a switch and runs your tests
again.

> Sorry again for bothering but since I can deal with this issue only on
> week ends, it's getting a bit annoying.. :P:P

You are anooying because you try to deal with IPSec ( a rather complicated
matter) but even seem to have no clue about what IP-adresses and netmasks
together mean.

You have to ensure that the client can reach the firewall by putting them if
the same subnet if no routers are involved.

Wolfgang

Gfr
02-17-08, 08:11 AM
Back!

> > network,
> > I must've made some mistake or forgot something.
>
> Oviously you have not tried whether your client 172.30.1.1 can reach
> 10.0.0.1 (Firewall WAN-IP) ...

Actually I forgot to say that the client was using 10.0.0.2 and it was
not picking the IP of my laptop. My bad, sorry. I did so many attempts
that when I wrote last post I was again tired and somehow frustrated
for failing

> > Under Interfaces - Ethernet I have a wan1 with IP 10.0.0.1, network
> > 10.0.0.0 default gateway 10.0.0.1, no DHCP
>
> So the default gateway is the firewall itself, which *means that the
> firewall will send everything to its own external interface. That is
> obviouly complete crap, even for a lab setup.

I did it on purpose. The only thing connected to the firewall was my
laptop so I wanted to make all the traffic converge to 1 specific IP.
Then, after making it work, I can change the gateway. Thanks for your
nice opinion, honey :D

> Firewall:
> IP-Wan: 10.0.0.1 netmask 255.255.255.0 gateway 10.0.0.254
> IP-LAN: 10.168.1.1 netmask 255.255.255.0
>
> Client: 10.0.0.2 netmask 255.255.255.0 gateway 10.0.0.254

it's similar to what I did. Sorry again for omitting that the client
was using its own IP

> Connect the WAN Interface and the client to a switch and runs your tests
> again.

I did it with and without switch, with straight and crossover
cables...but the problem was not that one. I fixed it 10 minutes ago.
The problem was that I changed 263874638 times the IP settings on my
ethernet card, net adaptor, client adapter, ..every time I had to
connect to the LAN port of the firewall to configure it..and then to
the WAN port to test it. Plus my wifi card is using another different
IP too and I had to disable several times the client adaptor when I
was using again the wifi network at home during the rest of the
week...so..in short, the client connection was somehow screwed up. I
re installed the client, checked again all the IPs, disabling the wifi
at home and now it's working fine. Deo gratias

> > Sorry again for bothering but since I can deal with this issue only on
> > week ends, it's getting a bit annoying.. :P:P
>
> You are anooying because you try to deal with IPSec ( a rather complicated
> matter) but even seem to have no clue about what IP-adresses and netmasks
> together mean.

you never miss the chance to say something nasty, don't you?
Well..thanks anyway..at least you tried to help me.

Bye

Gianfranco

lucas.g
05-07-08, 10:42 AM
Wolfgang Kueter;3490264 Wrote:
> Gfr wrote:
> [color=blue]
> RTFM
>
> Wolfgang

That is precisely the answer we awaited for years. Thank you Wolfgang!


--
lucas.g
------------------------------------------------------------------------
lucas.g's Profile: http://forums.techarena.in/member.php?userid=48507
View this thread: http://forums.techarena.in/showthread.php?t=901983

http://forums.techarena.in