well well well...wonders will never cease
)
I finally got the router to connect properly. What did it? I'm not really sure to be honest with you. After upgrading/downgrading the firmware I made sure to reset the router to the factory defaults by pressing and holding the reset button for 30 seconds and then unplugging the router for 5 seconds. I messed around with my ipsec.conf (I connect to a Linux FreeS/WAN gateway) until I hit a combination that worked.
For the benefit of anyone else who gets stuck the way I was, here are my various config files :
BEFVP41 (firmware is 1.39.64) :
Tunnel name: office
Local Secure Group: Subnet IP: 192.168.0.0
MASK: 255.255.255.0
Remote Secure Group: Subnet IP: 192.168.110.0
MASK: 255.255.255.0
Remote Security Gateway: IP Address: 999.999.999.999 (obviously not my real IP)
Encryption: 3DES
Authentication: MD5
Key Management: Auto (IKE)
PFS is checked
Pre-Shared Key = "my PSK key"
Lifetime = 3600
In the IPSecAdvance.htm screen I changed the Phase I and Phase 2 proposals to match the above (after all, I know for a fact exactly what format it's set up for on the other end -- why would I need optional methods?). I unchecked the NETBIOS Broadcast packets (I have a WINS server set up at the other end), the anti-replay (anti-relay?) and the "IKE fails more than x times".
My home network (cable modem connection) is setup as a roadwarrior in my FreeS/WAN v1.95 configuration. Here are the contents of the /etc/freeswan/ipsec.conf file on the FreeS/WAN gateway:
# basic configuration
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
keyingtries=1
authby=secret
# office VPN connection
conn home-office
type=tunnel
left=nnn.nnn.nnn.178
leftsubnet=192.168.110.0/24
leftnexthop=nnn.nnn.nnn.177
right=%any
rightsubnet=192.168.0.0/24
keyexchange=ike
ikelifetime=240m
keylife=60m
pfs=yes
compress=no
authby=secret
auto=add
I stopped/started IPSEC, fired up the connection from the BEFVP41 and tried a ping from my home network to the office :
Pinging 192.168.110.3 with 32 bytes of data:
Reply from 192.168.110.3: bytes=32 time=68ms TTL=127
Reply from 192.168.110.3: bytes=32 time=85ms TTL=127
Reply from 192.168.110.3: bytes=32 time=67ms TTL=127
Reply from 192.168.110.3: bytes=32 time=82ms TTL=127
Ping statistics for 192.168.110.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 67ms, Maximum = 85ms, Average = 75ms
I connected with Remote Anything (like PCAnywhere but 10000% better) and latched into my bosses desktop. Perfect. Fired up the web cam from my desktop & connected to the bosses thru the tunnel. Got dizzy watching myself watch myself. EVERYTHING works.
After an hour elapsed (my 3600s lifetime in my BEFVP41 config) the SA expired, the tunnel dropped, a new one negotiated, and the BEFVP41 reported success. Yeah, sure. ..I'd seen this before. Except this time it actually worked. I could ping across the networks, browse the network neighbourhoods, map drives...everything. I've brought the tunnel up/down a couple of dozen times already & it's working perfectly.
Anyways....good luck to those of you trying to get this thing working. All it takes is some patience and common sense.
Jim
