I've been tinkering with our FVS318 Netgear router (v2.4 firmware) and SSH Sentinel 1.3.2.
Using the following for the Netgear settings I can get SSH Sent to connect:
Connection Name : tsullivan (my name) Local IPSec Identifier: (Netgear's External IP) Remote IPSec Identifier: 0.0.0.0 Tunnel can be accessed from : a subnet of local addresses Local LAN Start : 192.168.100.0 Local LAN Subnet: 255.255.255.0 Tunnel can access : the remote WAN IP or FQDN Remote WAN IP or FQDN : 0.0.0.0
Secure Association : Main Mode Perfect Forward Security : Enabled Encryption Protocol : 3DES PreShared Key : AKeyIUse Key Life : 28800 IKE Life Time : 86400 NETBIOS Enable : X
---------------------
The SSH Sentinel settings are as follows :
In key management, local primary identifier is set to "No Identity" In key management, remote primary identifier is set to "Host IP Address" and has the WAN ip of my router In key managemetn, the keys are in there too.
In Rule Properties :
Security Gateway is set to my router's IP address Remote Network is set to Any (192.168.100.0/255.255.255.0) (192.168.100 is the router's internal IP subnet) Auth Key is set to the one above Proposal Template : legacy
Under settings there:
IKE Proposal: Encryption : 3DES Integrity : MD5 IKE Mode : main mode IKE Group : MODP 1024 (group 2)
IPSec Proposal: Encryption : 3DES Integrity : HMAC-MD5 IPSec Mode : tunnel (greyed) PFS group : MODP 1024 (group 2)
NOT CHECKED : Attach only the selected values to the proposal
I do not have checked "Acquire a virtual IP address" or "Extended authentication"
Under advanced:
X : Audit this rule X : Discover Path MTU X : Enable NAT (Doesn't make a difference in this example as far as I can tell)
Under settings here :
IKE Lifetime 240 Min IKE Megabyes 0 MB
IPSec Lifetime 60 Min IPSec Megabytes 400 MB
---------------
The connect routine looks like it's connecting fine. Phew.
But and ipconfig /all shows :
Ethernet adapter (reg-key) Media State : Media disconnected Description : SSH Virtual Private Network Adapter (sshvnic)
--------------
I'm dialed into the internet via a modem -- but this machine has a NIC.
Would this be causing the problem?
Thanks in advance for anyone's replies to this.. I'm quite interested, yet quite exhausted at this point. ;)
-Thomas