• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7042
  • Last Modified:

I have a DLINK DSR-250n, Need to setup Software VPN to it.

Does anyone have any detailed instructions on how to setup an IPSEC VPN on a DLink DSR-250n Router to ShrewSoft VPN Client (the only one that is free and runs on Windows 7)
I'm having problems translating settings from one to another.

The DLink DSR models are supposed to be all the same.

ShrewSoft VPN Settings (These are not my settings, This is just showing settings screen)
ShrewSoft VPN 1ShrewSoft VPN 2
DLink DSR-250n router vpn settings (I want to know where these settings correspond to settings of the ShrewSoft VPN, and if any of these settings need changed)

DLink DSR-250n VPN Dropdown boxes choices:
Policy Type: Auto Policy / Manual Policy
IPSec Mode: Tunnel Mode / Transport Mode
Select Local Gateway: Dedicated WAN
Remote Endpoint: FQDN / IP Address
Protocol: AH / ESP
Local IP: Any / Single / Range / Subnet
Remote IP: Any / Single / Range / Subnet
Exchange Mode: Main / Aggressive
Direction/Type: Initiator / Responder / BothSelect Local Gateway:
Select Local Gateway:
Local Identifier Type: Local WAN IP / FQDN / User FQDN / DER ASN1 DN
Remote Identifier Type: Remote WAN IP / FQDN / User FQDN / DER ASN1 DN
Authentication Method: Pre-shared Key / RSA Signature
Diffie-Hellman (DH) Group: Group1(768bit) / Group2(1024bit) / Group5(1536) /         DH_Group14 (2048bit) / DH_Group15(3072bit) / DH_Group16(4096bit) / DH_Group17(6144bit) / DH_Group18(8192bit)
PFS Key Group: Group1(768bit) / Group2(1024bit) / Group5(1536) /         DH_Group14 (2048bit) / DH_Group15(3072bit) / DH_Group16(4096bit) / DH_Group17(6144bit) / DH_Group18(8192bit)

DLink Screen Shot1Dlink Screen Shot2Dlink Screen Shot3Dlink Screen Shot4Dlink ScreenShot5
0
ekurelowech
Asked:
ekurelowech
  • 3
  • 2
1 Solution
 
QlemoC++ DeveloperCommented:
I don't know the D-Links very well. But the ShrewSoft settings should be straightforward. You might want to read ftp://ftp.dlink.es/DFL/Ejemplos_de_Configuracion_NetDefend/How_to_configure_VPN_IPSec_with_FREE_Shrew_Vpn_software.pdf
for a simplified setup example.

In addition to that:
1. D-Link screenshot is ok as-is. The first tab of Shrew corresponds to that, you will have to enter the D-Link pulic IP, and (probably) set Auto Configuration to either disabled or "ike config push". Adapter Mode should be "Use a virtual ..". You might have to flip the "Obtain Automatically" setting and then provide a manual (remote) IP address for the VPN.
2. You will have to make sure you use local and remote ID in reverse order on Shrew, tab "Authentication" set to "Mutual PSK" - ShrewSoft "Local" is D-Link "Remote" and vice versa.
3. In Shrew "Authentication", "Credentials", just enter the same PSK as on D-Link
    In "Phase 1" do not use any AUTO settings, instead set to exactly the same as on D-Link:
       aggressive, group 2, AES, 128, sha12, 28800, 0
4./5. Are for Shrew "Phase 2" settings. Again, don't use Auto and match exactly.
AFAI have seen configs, you will need to set the Shew "Policy" level to unique or shared, and provide the remote network manually in the list box.
0
 
ekurelowechAuthor Commented:
It looks like alot more than I had. Wish I had a PDF with my exact Model .
I'll try it tomorrow,
On the 1st page of the shrewsoft,it has a port setting, is that the port that all vpn's use.
Or is there different ports used on different manufacturers, I don't see anything on the Dlink DSR-250n configuration.
0
 
QlemoC++ DeveloperCommented:
IPSec always uses 500/udp for first contact. It may switch to 4500/udp (NAT-T) if negotiated, or 10000/tcp for Cisco NAT-T. There are also some other proprietary ports, but in general, you only need to care about 500 and 4500.
0
 
ekurelowechAuthor Commented:
you were right on, the main problem was, I didn't reverse the FQDN's.
But I can't seem to get any DHCP working, The VPN works great if I configure the IP.
You have any ideas how to enable that to come from the router.
My router doesn't DHCP, my server does. Is this why it's not working.
On Dlink router Under GENERAL / Enable DHCP: I enable, but don't know where the DHCP is coming from.
On Shrewsoft Under GENERAL, I have AUTO CONFIGURATION: I tried all different settings.
All I get is DHCP timed out.
0
 
QlemoC++ DeveloperCommented:
The D-Link has to act as the DHCP server for this to work, or run a DHCP Relay Agent service. I really can't help much on implementing a dynamic IP method here, as it is highly depending on the device used whether it works at all, and how it needs to be configured.

Enabling DHCP Relay should be easy, if I read the manuals correctly. In DHCP settings on the D-Link you should be able to add a DHCP Relay; just enter the DHCP Server's IP here.

You will then need to enable Mode Config in the VPN settings (first screenshot). If you are lucky, that's all to make it work.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now