• March 19, 2024, 01:08:39 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: How to configure DIR-655 for multiple outbound VPN sessions  (Read 8924 times)

cpraha

  • Level 1 Member
  • *
  • Posts: 3
How to configure DIR-655 for multiple outbound VPN sessions
« on: February 05, 2010, 12:48:19 PM »

My apologies if this has been covered elsewhere, I have been able to find the answer that applies to my case.

I have a DIR-655 with firmware 1.21, connected to a DSL232B modem. I have two computers that I wish to connect to my school's VPN with. I have only been able to set the router to allow one OR the other machine, but never both. The two machines are connected with separate static IP's. However, currently I cannot connect at all.

Checking the log on the router I see the following events when I try to connect:
- Dropped GRE packet from 192.168.x.x to xxx.xxx.1.141 as unable handle packet header
- Blocked incoming GRE packet from xxx.xxx.1.141 to (my router's ISP-assigned IP address)

My VPN client is Windows XP for both machines.

One machine is connected by wire, the other is wireless.
I can get a machine to connect with the following settings (some of which may be redundant)
- Virtual server rule for other protocol 47) for one machine's IP address. (The router won't let me enable    concurrent rules for both machines.)
- Port Forwarding (1723) for one machine's IP address. (Again, the router won't let me enable concurrent rules for both machines.)
- Application Filter for port 1723 (both 'Trigger' and 'Firewall'), TCP traffic, always enabled
- WAN traffic shaping enabled
- QOS enigne disabled
- Access control disabled
- Inbound filter set to 'enabled' for the range of VPN server IP addresses the school uses.
- SPI enabled
- UDP Endpoint Filtering is address restricted
- TCP Endpoint Filtering is address and port restricted
- Anti-spoof checking enabled
- Application Level gateway configured for PPTP, VPN, RTSP, and SIP
- WISH disabled
- Multicast enabled
Logged

cpraha

  • Level 1 Member
  • *
  • Posts: 3
Re: How to configure DIR-655 for multiple outbound VPN sessions
« Reply #1 on: February 05, 2010, 01:43:15 PM »

to follow up and further clarify.

- I can otherwise access the Internet without problems.
- I can ping the VPN server both by name and by IP.
- I have since disabled SPI, , turned off the 1723 port forwarding and enabled it as a virtual server entry, and I still get the same log messages for GRE.
Logged

lizzi555

  • Level 5 Member
  • *****
  • Posts: 605
Re: How to configure DIR-655 for multiple outbound VPN sessions
« Reply #2 on: February 05, 2010, 01:45:19 PM »

Quote
- Virtual server rule for other protocol 47) for one machine's IP address. (The router won't let me enable    concurrent rules for both machines.)

No virtual server needed - it is an outgoing connection. not an internal VPN server - - disable it

Quote
- Port Forwarding (1723) for one machine's IP address. (Again, the router won't let me enable concurrent rules for both machines.)

The router is capable of VPN pass through without any Portforwardings.
Portforwarding is only needed for incoming connections. - disable it

Quote
- Application Filter for port 1723 (both 'Trigger' and 'Firewall'), TCP traffic, always enabled

Not needed, the ALG will recognize and handle the connection - disable it

Quote
- WAN traffic shaping enabled
Try disabling traffic shaping, it can affect the VPN packets negativly.

Quote
QOS enigne disabled
- Access control disabled
OK

Quote
- Inbound filter set to 'enabled' for the range of VPN server IP addresses the school uses.
Not needed for VPN - disable it

Quote
- SPI enabled
Try disabling SPI, it may drop packets


Quote
- UDP Endpoint Filtering is address restricted
Set to Endpoint  independent

Quote
- TCP Endpoint Filtering is address and port restricted
Set to address restricted

Quote
- Anti-spoof checking enabled
- Application Level gateway configured for PPTP, VPN, RTSP, and SIP
- WISH disabled
- Multicast enabled
OK

Please try these settings.
Logged

cpraha

  • Level 1 Member
  • *
  • Posts: 3
Re: How to configure DIR-655 for multiple outbound VPN sessions
« Reply #3 on: February 05, 2010, 02:13:00 PM »

Thanks! I can now connect with the wireless machine. I will have to try the other machine later tonight though.

Of the settings I just changed, are there specific ones I could or should try to change back in order to have a higher level of security?
Logged

lizzi555

  • Level 5 Member
  • *****
  • Posts: 605
Re: How to configure DIR-655 for multiple outbound VPN sessions
« Reply #4 on: February 05, 2010, 02:37:15 PM »

....

Of the settings I just changed, are there specific ones I could or should try to change back in order to have a higher level of security?

SPI and Endoint Filtering are the only security settings here. You can try to set them back one by one.
But as the router still has its NAT firewall, it is not a must. You are still secure.
Logged