• March 28, 2024, 03:23:21 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2]

Author Topic: May I know how to set up the Quick VPN of the DIR-890L and how to access it usin  (Read 20849 times)

Krabby127

  • Level 1 Member
  • *
  • Posts: 9

I set up my VPN according to instructions I found online, yet it still will not connect through VPN.
https://imgur.com/a/xqfVU
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Can you post the advanced settings configuration as well?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Krabby127

  • Level 1 Member
  • *
  • Posts: 9
« Last Edit: October 05, 2015, 07:39:28 AM by FurryNutz »
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441

In general L2TP over IPsec is far away from being easy because there are many influencing factors that might cause a failure in case of a configuration mismatch between VPN client and VPN server (your DIR-890L). For example:

  • To be reachable from the Internet, the VPN server (DIR-890L) must have the public IP address provided by the ISP. If it hasn't, it obviously sits behind a 'modem' which is not working as a real modem (bridging mode) but as an IPv4 router itself, that performs NAT in case of IPv4. If this is true, in order to make L2TP/IPsec work you have to configure port forwardings inside the "routing modem" where you direct UDP packets for destination ports 500 and 4500 to be forwarded to the (private) IP address at the WAN interface of your DIR-890L.
  • If it happens that your DIR-890L sits behind a routing/NAT-ing modem or another NAT router, and you have configured the port forwardings as described in the last bullet, you have a so called "NAT traversal" (or nat-t) scenario. Both the VPN server (DIR-890L) and the remote VPN client must support NAT traversal in this case. If one of them doesn't, the game is over.
  • In any case, from the VPN client's perspective the VPN destination is always the public IP address that is either used by the DIR-890L itself (if it luckily sits behind a real bridging modem) or by the routing/NAT-ing modem which possibly sits in front of it. If this is a fixed address, you can configure it as the VPN server address inside your VPN client. If it isn't fixed (may change over time) the device that owns this address (DIR-890L or the the upstream routing/NAT-ing modem) must provide a DynDNS client feature in order to register the current IP address with a DynDNS service. Inside the VPN client you must specify the VPN server via a DNS name instead of an IP address, where this name resolves to the current IP address via the DynDNS service provider. If a DynDNS client feature isn't provided by the device that owns the public IP address, game is over again.
  • IPsec uses another protocol for key management called IKE which comes in two versions 1 or 2. If one party (VPN client, VPN server) wants to talk IKEv2 while the other can only talk IKEv1, game is over again. Even in the case of the the same IKE version the number of supported IKE options in one party's implementation may be insufficient in order to successfully negotiate a VPN connection with the other party.
  • PPP authentication maybe either MSCHAPv2, CHAP or PAP inside the VPN server DIR-890L. Make sure you select the same method in the VPN client as is configured for the VPN server.
  • I'm not sure, why DIR-890L uses MPPE for PPP encryption, because you are already secure due to IPsec encryption. You can't switch this off. You only can select between RC4-40 and RC4-128. Maybe there are L2TP/IPsec VPN clients that don't support MPPE, because they argue that this is useless in the presence of strong IPsec encryption. Game is over again in this case.
  • If the VPN client supports MPPE, make sure you select the same method in the VPN client as is configured for the VPN server (either RC4-40 or RC4-128).
  • ...

« Last Edit: October 05, 2015, 03:36:43 PM by PacketTracer »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Krabby127

  • Level 1 Member
  • *
  • Posts: 9

Any status on this?  ???

Advanced Settings

What do you mean? I posted a link to an image of my Advanced Settings
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Is it working?  ???
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Krabby127

  • Level 1 Member
  • *
  • Posts: 9

Is it working?  ???

So far, the only environment I can get it to work is from inside my home network (which is pretty trivial). I can VPN from inside my network to inside my network.

Can't VPN into my home network at work. This may be an outbound firewall issue though. The message is "Your computer appears to be correctly configured, but the device or resource (98.245.85.219) is not responding".


It is set to use a pre-shared key, but all the other settings (aside from username and password) were left as is when configured with Windows 7 Enterprise using Window's built-in VPN application.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Any status on this?

Is the device source the IP address the router is getting from the ISP modem/service?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.
Pages: 1 [2]