1. Home
  2. Virtual Private Networks
  3. FVS318 Connects with SSH Sentinel -- No IP Addy Assigned

FVS318 Connects with SSH Sentinel -- No IP Addy Assigned

I've been tinkering with our FVS318 Netgear router (v2.4 firmware) and SSH Sentinel 1.3.2.

Using the following for the Netgear settings I can get SSH Sent to connect:

Connection Name : tsullivan (my name) Local IPSec Identifier: (Netgear's External IP) Remote IPSec Identifier: 0.0.0.0 Tunnel can be accessed from : a subnet of local addresses Local LAN Start : 192.168.100.0 Local LAN Subnet: 255.255.255.0 Tunnel can access : the remote WAN IP or FQDN Remote WAN IP or FQDN : 0.0.0.0

Secure Association : Main Mode Perfect Forward Security : Enabled Encryption Protocol : 3DES PreShared Key : AKeyIUse Key Life : 28800 IKE Life Time : 86400 NETBIOS Enable : X

---------------------

The SSH Sentinel settings are as follows :

In key management, local primary identifier is set to "No Identity" In key management, remote primary identifier is set to "Host IP Address" and has the WAN ip of my router In key managemetn, the keys are in there too.

In Rule Properties :

Security Gateway is set to my router's IP address Remote Network is set to Any (192.168.100.0/255.255.255.0) (192.168.100 is the router's internal IP subnet) Auth Key is set to the one above Proposal Template : legacy

Under settings there:

IKE Proposal: Encryption : 3DES Integrity : MD5 IKE Mode : main mode IKE Group : MODP 1024 (group 2)

IPSec Proposal: Encryption : 3DES Integrity : HMAC-MD5 IPSec Mode : tunnel (greyed) PFS group : MODP 1024 (group 2)

NOT CHECKED : Attach only the selected values to the proposal

I do not have checked "Acquire a virtual IP address" or "Extended authentication"

Under advanced:

X : Audit this rule X : Discover Path MTU X : Enable NAT (Doesn't make a difference in this example as far as I can tell)

Under settings here :

IKE Lifetime 240 Min IKE Megabyes 0 MB

IPSec Lifetime 60 Min IPSec Megabytes 400 MB

---------------

The connect routine looks like it's connecting fine. Phew.

But and ipconfig /all shows :

Ethernet adapter (reg-key) Media State : Media disconnected Description : SSH Virtual Private Network Adapter (sshvnic)

--------------

I'm dialed into the internet via a modem -- but this machine has a NIC.

Would this be causing the problem?

Thanks in advance for anyone's replies to this.. I'm quite interested, yet quite exhausted at this point. ;)

-Thomas

Reply to
Morren
Loading thread data ...

This is your connection name on the Client and must be filled in

Works on single IP only , make it what ever you want but not the same schema as the LAN and the client has to match

Reply to
davidl

It would seem that it temporarily gets the IP address when I have it designated in the SSH Sentinel "assign virtual IP" screen -- but never completes the VPN process.

How can I tell the router to just hand out an IP to anything with the proper key that connects?

snipped-for-privacy@yourmama.com wrote:

(192.168.100

interested,

Reply to
Morren

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.