VPN Connection between Netgear FVS318 and Draytek Vigor 2900

I have just managed to connect a Draytek Vigor 2900 and a Netgear FVS318 router successfuly per VPN using 3DES encryption.

The setup is pretty easy (as it always is once you've got it running).

In this scenario the Draytek will be connecting to the Netgear router. The Draytek router is behind our ISP's router which has a static IP and full portforwarding towards the Draytek router enabled. Since this one will be making the call we don't need to know which ports are needed for VPN/IPSEC.

The Netgear router has a dynamic IP, a full qualified domain name registered with dyndns and Dynamic DNS set up in the configuration menu.

The Netgear-router is on a subnet. The Draytek-router is on a subnet.

================================================================== Netgear:

Go to VPN-settings and select an empty slot.

Connection Name: FeelFree Local IPSec Identifier: Remote IPSec Identifier: Tunnel can be accessed from: a subnet of local address Local LAN start IP Address: Local LAN IP Subnetmask :

!!This is an important part. It seems that there is a bug if you tell the router that it can access a subnet. So in this case you have to define a range of IPs otherwise you will receive the strange " #hahaha.... next payload type of ISAKMP Hash Payload has an unknown ... " error in the vpn-log.

Tunnel can access Remote LAN start IP Address: Remote LAN finish IP Address:

Remote WAN IP or FQDN: yourhost.homelinux.org

Secure Association: Main Mode Perfect Forward Secrecy: Disabled Encryption Protocol: 3DES PreShared Key: YourPresharedKey Key Life 28800 IKE Life Time 86400

NETBIOS Enable: (I turned it off) ====================================================================

==================================================================== Draytek Vigor 2900 (I'm translating this from the german menu, so some terms might not be 100% identical to the english menu)

  1. Go to VPN / LAN-LAN Connection and select an empty slot

  1. Set connection to "Always on". This automatically changes the connection-direction to "out"

  2. Under connection to external LAN select "IPSec tunnel". This will automatically activate the IPSec-Key-button.

  1. Press the IPSec-Key button and type in the same IPSec-key which used in Preshared-Key in the Netgear configuration.

  2. Set Security to "High security (ESP)" and select "3DES (authenticated)"

  1. Press "Advanced" (button under high security) and set phase 1 mode to "Main Mode" set Phase 1 Proposal to "3DES_MD5_G1" set Phase 1 Key lifetime to 28800 set Phase 2 Key lifetime to 86400 perfect foward secret "OFF" !!! leave Local ID empty

  2. Proceed to TCP/IP settings set remote IP to an unused IP from the Netgear subnet (e.g. set remote router to the netgear router IP (e.g. set remote network IP to the Netgear subnet (e.g. set subnet mask to


This worked for me.

I also downgraded the Netgear firmware to 2.3 and haven't checked if the 2.4 will still do the job. I also find the 2.3 firmware faster than the 2.4-version. There are quite a few negative comments concerning the FVS318 around and they seem to have their reason. So if you read this before buying the FVS318/FVM318 and want to use it for VPN ->don't buy it

Reply to
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.