D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-890L => Topic started by: Aswanghari30 on August 05, 2015, 07:44:24 AM
-
May I know how to set up the Quick VPN of the DIR-890L and how to access it using the iPhone when I am on a remote location?
-
Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)
- What Hardware version is your router? Look at sticker under the router case.
- Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on the routers web page under status.
- What region are you located?
Internet Service Provider and Modem Configurations
- What ISP Service do you have? Cable or DSL?
- What ISP Modem Mfr. and model # do you have?
Have you reviewed the User Manual for this feature?
You may need to refer to Apple on VPN access thru there phones as additional configuration and applications maybe needed for VPN...
Basic VPN Troubleshooting and Suggestions (http://forums.dlink.com/index.php?topic=58716.0)
http://forums.dlink.com/index.php?topic=56861.0 (http://forums.dlink.com/index.php?topic=56861.0)
http://forums.dlink.com/index.php?topic=53692.0 (http://forums.dlink.com/index.php?topic=53692.0)
-
HW: A1
FW:1.07
Connection: Cable
ISP:Time Warner
-
What ISP Modem Mfr. and model # do you have?
-
Time Warner (ISP)
SBG6580 SURFBOARD® EXTREME WIRELESS CABLE MODEM (ARRIS)
-
If the ISP modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems: Link>Double NAT (http://www.practicallynetworked.com/networking/fixing_double_nat.htm) and How NAT Works (http://computer.howstuffworks.com/nat.htm). Call the ISP and ask to see if the ISP modem can be bridged. To tell if the modem is bridged or not, look at the routers web page, Status/Device Info/Wan Section, if there is a 192.168.0.# address in the WAN IP address field, then the modem is not bridged. If the modem can't be bridged then see if the modem has a DMZ option and input the IP address the router gets from the modem and put that into the modems DMZ.
-
He is using Standard modem and got public IP on it
-
Does the router get the public IP address? ???
-
I too am in a similar predicament with my router https://imgur.com/IRmszNr (https://imgur.com/IRmszNr)
I've never set up my own VPN before, but the router said this would be relatively quick and painless to do. I tried to follow similar instructions here http://forums.dlink.com/index.php?topic=13352.0 (http://forums.dlink.com/index.php?topic=13352.0), but the interface is different and I don't know what to put where he puts "192.168.0.101".
Many thanks to the community members on Dlink.
-
Let me look into this and see if I can get some additional information. I too am not an expert in VPNs and I presume there is additional applications that are needed to be able to access a VPN configuration. What I don't know. ???
-
ok :)
-
Looking at the manual, the setup on the router side should be as simple as flipping a switch to enable it and setting the username/password/PSK you would like to use.
The difficult part is going to either be
A) ISP issues (such as the bridging concern Mr. Nutz brought up, or the fact that some ISPs are unfriendly towards VPNs)
or they are going to be (and this is where my money is, generally)
B) Involving the setup and environment of the remote side. The good news is that with an iPhone, there is plenty of documentation to throw at you. I have a link to the Apple doc below. In order to make this as simple as possible, you should test the VPN (at least initially) with wifi off, as I am fairly certain that no cellular provider is going to have any issues with VPNs.
https://support.apple.com/en-us/HT201550 (https://support.apple.com/en-us/HT201550)
Please note:
D-Link L2TP over IPSec = iOS L2TP
D-Link Username = iOS Account
D-Link PSK = iOS Secret
-
Thank you sir. ;)
-
Looking at the manual, the setup on the router side should be as simple as flipping a switch to enable it and setting the username/password/PSK you would like to use.
The difficult part is going to either be
A) ISP issues (such as the bridging concern Mr. Nutz brought up, or the fact that some ISPs are unfriendly towards VPNs)
or they are going to be (and this is where my money is, generally)
B) Involving the setup and environment of the remote side. The good news is that with an iPhone, there is plenty of documentation to throw at you. I have a link to the Apple doc below. In order to make this as simple as possible, you should test the VPN (at least initially) with wifi off, as I am fairly certain that no cellular provider is going to have any issues with VPNs.
https://support.apple.com/en-us/HT201550 (https://support.apple.com/en-us/HT201550)
Please note:
D-Link L2TP over IPSec = iOS L2TP
D-Link Username = iOS Account
D-Link PSK = iOS Secret
Would you happen to know how to set this up on a Windows PC? Or even a Linux machine? I imagine it should be simple, but I have never set up my own VPN before so I may be missing some obvious steps.
-
Some search results for setting up VPN on Windows:
https://www.dogpile.com/info.dogpl/search/web?fcoid=417&fcop=topnav&fpid=27&q=Setup+VPN+client+on+windows&ql= (https://www.dogpile.com/info.dogpl/search/web?fcoid=417&fcop=topnav&fpid=27&q=Setup+VPN+client+on+windows&ql=)
Let us know what works best for you.
-
I set up my VPN according to instructions I found online, yet it still will not connect through VPN.
https://imgur.com/a/xqfVU (https://imgur.com/a/xqfVU)
-
Can you post the advanced settings configuration as well?
-
Advanced Settings (https://goo.gl/photos/rk5AAUqVTHf3unrM6)
-
In general L2TP over IPsec is far away from being easy because there are many influencing factors that might cause a failure in case of a configuration mismatch between VPN client and VPN server (your DIR-890L). For example:
- To be reachable from the Internet, the VPN server (DIR-890L) must have the public IP address provided by the ISP. If it hasn't, it obviously sits behind a 'modem' which is not working as a real modem (bridging mode) but as an IPv4 router itself, that performs NAT in case of IPv4. If this is true, in order to make L2TP/IPsec work you have to configure port forwardings inside the "routing modem" where you direct UDP packets for destination ports 500 and 4500 to be forwarded to the (private) IP address at the WAN interface of your DIR-890L.
- If it happens that your DIR-890L sits behind a routing/NAT-ing modem or another NAT router, and you have configured the port forwardings as described in the last bullet, you have a so called "NAT traversal" (or nat-t) scenario. Both the VPN server (DIR-890L) and the remote VPN client must support NAT traversal in this case. If one of them doesn't, the game is over.
- In any case, from the VPN client's perspective the VPN destination is always the public IP address that is either used by the DIR-890L itself (if it luckily sits behind a real bridging modem) or by the routing/NAT-ing modem which possibly sits in front of it. If this is a fixed address, you can configure it as the VPN server address inside your VPN client. If it isn't fixed (may change over time) the device that owns this address (DIR-890L or the the upstream routing/NAT-ing modem) must provide a DynDNS client feature in order to register the current IP address with a DynDNS service. Inside the VPN client you must specify the VPN server via a DNS name instead of an IP address, where this name resolves to the current IP address via the DynDNS service provider. If a DynDNS client feature isn't provided by the device that owns the public IP address, game is over again.
- IPsec uses another protocol for key management called IKE which comes in two versions 1 or 2. If one party (VPN client, VPN server) wants to talk IKEv2 while the other can only talk IKEv1, game is over again. Even in the case of the the same IKE version the number of supported IKE options in one party's implementation may be insufficient in order to successfully negotiate a VPN connection with the other party.
- PPP authentication maybe either MSCHAPv2, CHAP or PAP inside the VPN server DIR-890L. Make sure you select the same method in the VPN client as is configured for the VPN server.
- I'm not sure, why DIR-890L uses MPPE for PPP encryption, because you are already secure due to IPsec encryption. You can't switch this off. You only can select between RC4-40 and RC4-128. Maybe there are L2TP/IPsec VPN clients that don't support MPPE, because they argue that this is useless in the presence of strong IPsec encryption. Game is over again in this case.
- If the VPN client supports MPPE, make sure you select the same method in the VPN client as is configured for the VPN server (either RC4-40 or RC4-128).
- ...
-
Any status on this? ???
Advanced Settings (https://goo.gl/photos/rk5AAUqVTHf3unrM6)
-
Any status on this? ???
Advanced Settings (https://goo.gl/photos/rk5AAUqVTHf3unrM6)
What do you mean? I posted a link to an image of my Advanced Settings
-
Is it working? ???
-
Is it working? ???
So far, the only environment I can get it to work is from inside my home network (which is pretty trivial). I can VPN from inside my network to inside my network.
Can't VPN into my home network at work. This may be an outbound firewall issue though. The message is "Your computer appears to be correctly configured, but the device or resource (98.245.85.219) is not responding".
It is set to use a pre-shared key, but all the other settings (aside from username and password) were left as is when configured with Windows 7 Enterprise using Window's built-in VPN application.
-
Any status on this?
Is the device source the IP address the router is getting from the ISP modem/service?