D-Link Blog Home

Note: This example will demonstrate how to configure a LAN-to-LAN IPSec VPN tunnel between two D-Link DIR-130/DIR-330.

In this example:

Local Network is on 192.168.0.0/24
Remote Network is on 192.168.1.0/24

Configuration of Local Network

Step 1: Open your web browser and type in the IP address of the DIR-130 router (192.168.0.1 by default). Enter the username (admin by default) and password (blank by default), and then click OK.

Step 2: Click on SETUP and select VPN SETTINGS. Choose IPSec from the ADD VPN PROFILE dropdown menu and click Add.

Step 3: Configure the IPSec VPN as followed:

Enable Settings: check box to enable
Name: enter a name for the VPN
Encapsulation Mode: Tunnel
Remote IP: select Site to Site and enter the remote Gateway
Remote Local LAN Net /Mask: enter the remote LAN network and Subnet Mask
Authentication Protocol: enter a Pre-shared Key (must be the same as the Remote Side)
Phase 1 IKE Proposal List: leave as is
NAT-T Enabled: leave as is
PFS: check to enable
Phase 2 IPSec Proposal List: leave as is.

Step 4: Click Save Settings.

Configuration of Remote Network.

Note: Both sides cannot be on the same subnet.

Tags: DIR-130, DIR-330, IPSec, VPN

1.DIR-855 Media Router PPTP Setup

Choose PPTP (Point-to-Point-Tunneling Protocol ) if your ISP uses a PPTP connection. Your ISP will provide you with a username and password. This option is typically used for DSL services.

Address Mode:Select Static if your ISP assigned you the IP address, subnet mask, gateway, and DNS server addresses. In most cases, select Dynamic.

PPTP IP Address:Enter the IP address (Static PPTP only).

PPTP Subnet Mask:Enter the Primary and Secondary DNS Server Addresses (Static PPTP only).

PPTP Gateway:Enter the Gateway IP Address provided by your ISP.

PPTP Server IP:Enter the Server IP provided by your ISP (optional).

Username:Enter your PPTP username.

Password:Enter your PPTP password and then retype the password in the next box.

Reconnect Mode:Select either Always-on, On-Demand, or Manual.

Maximum Idle Time:Enter a maximum idle time during which the Internet connection is maintained during inactivity. To disable this feature, enable Auto-reconnect.

DNS Servers:The DNS server information will be supplied by your ISP (Internet Service Provider.)

MTU:Maximum Transmission Unit – you may need to change the MTU for optimal performance with your specific ISP. 1400 is the default MTU.

MAC Address:The default MAC Address is set to the Internet port’s physical interface MAC address on the Broadband Router. It is not recommended that you change the default MAC address unless required by your ISP. You can use the Clone Your PC’s MAC Address button to replace the Internet port’s MAC address with the MAC address of your Ethernet card.

2.DIR-855 Media Router L2TP Setup

Choose L2TP (Layer 2 Tunneling Protocol) if your ISP uses a L2TP connection. Your ISP will provide you with a username and password. This option is typically used for DSL services.

Address Mode:Select Static if your ISP assigned you the IP address, subnet mask, gateway, and DNS server addresses. In most cases, select Dynamic.

L2TP IP Address:Enter the L2TP IP address supplied by your ISP (Static only).

L2TP Subnet Mask:Enter the Subnet Mask supplied by your ISP (Static only).

L2TP Gateway:Enter the Gateway IP Address provided by your ISP.

L2TP Server IP:Enter the Server IP provided by your ISP (optional).

Username:Enter your L2TP username.

Password:Enter your L2TP password and then retype the password in the next box.

Reconnect Mode:Select either Always-on, On-Demand, or Manual.

Maximum Idle Time:Enter a maximum idle time during which the Internet connection is maintained during inactivity. To disable this feature, enable Auto-reconnect.

DNS Servers:Enter the Primary and Secondary DNS Server Addresses (Static L2TP only).

MTU:Maximum Transmission Unit – you may need to change the MTU for optimal performance with your specific ISP. 1400 is the default MTU.

Clone MAC Address:The default MAC Address is set to the Internet port’s physical interface MAC address on the Broadband Router. It is not recommended that you change the default MAC address unless required by your ISP. You can use the Clone Your PC’s MAC Address button to replace the Internet port’s MAC address with the MAC address of your Ethernet card.

Tags: DIR-855, L2TP, PPTP, VPN

1. Introduction

The objective of this document is to provide a guide describing how to configure the devices to achieve the same environment as show at the network topology. Users of this document are expected to already possess basic knowledge of D-Link devices and TheGreenBow VPN program, and are familiar with how to perform basic configurations. Only important configurations, such as those pertaining to interfacing and integrating, will be described in this document.

2. Product used

TheGreenBow_VPN_Client 4.61.003 and DFL-800 are used in the FAQ. The same applies to all other DFL products with Netdefend OS.

3. Network Diagram

Note: Router is set to allow IPSec pass through.

4. Configurations

In this document, we will only describe the main configurations for this Scenario. The configurations setting for all the D-Link products will not be described here and for more detail about the product you can download their user guide.

4.1 TheGreenBow VPN client and DFL-800

In this scenario the user can connect back to the headquarter database by using TheGreenBow VPN client tunneling to DFL-800.

All configurations are based on DFL-800 and TheGreenBow
VPN Client (F/W: 4.61.003)
The steps in this configuration are:
• Setup DFL-800 for VPN tunneling
• Setup Pre-shared Key
• Phase 1 and Phase 2 algorithms setup
• Setting up IPSec-Tunnel
• Setup IP Rules
• Setup TheGreenBow VPN client
• Setup Phase 1
• Setup Phase 2

4.1.1) Setup DFL-800 for VPN tunneling
4.1.1.1) Setup Pre-Shared Key

1) Login to the DFL-800 and click “Authenticate Objects” and add a new “Pre-shared Key” and fill in the passphrase and name

4.1.1.2) Phase 1 and Phase 2 algorithms setup

1) At the “IKE Algorithms”, select the Encryption and Integrity algorithms for your phase 1 authenticate.

2) Next is the “IPSec Algorithms”, select the Encryption and Integrity algorithms for the phase 2.

4.1.1.3) Setting up IPSec-Tunnel

1) After we finish setting up the algorithms, next we will need to create the “IPSec-Tunnel” as show below.

2) Next, click on the “Authentication” tab and select the “PreShared Key” you have setup at the steps 1.

3) After selecting the Pre-Shared Key, next is to enable the “Dynamically add route” at the routing tab.

4) Last step is to make sure the DH Group at the IKE setting is the same setting for the TheGreenBow Client.

4.1.1.4) Setup IP Rules

Now is to setup the IP Rules so there the DFL-800 knows where to direct all the traffic to.

1) First add a new interface group name “IPSec-LAN” by grouping up “IPSec-Tunnel” and “LAN”

2) Next, click “IP Rules” and add a new IP rule as show below.

4.1.2) Setup TheGreenBow VPN Client
4.1.2.1) Setup Phase 1

1) Right click on the “Root” to add a new “Phase1”, next fill in the IP address for this VPN client and Remote gateway IP follow by Preshared Key and IKE setting.

Note: the Preshared Key and IKE must be the same setting set in the DFL-800

4.1.2.2) Setup Phase 2

1) Right click on the “Phase1” to add a new “Phase2”, next fill in the VPN Client address for this VPN client and Remote gateway IP follow by ESP setting.

Note: the ESP Encryption and Authentication setting must be the same in the DFL-800 IPSec-Tunnel.

5.1) Test Result

a. The VPN tunnel will be open at any negotiate mode set in Phase 1 and Phase 2.

b. The DFL will show the tunnel is up at their VPN status.

c. Client is able to Ping to the remote network.

Tags: Firewall, IPSec, TheGreenBow, VPN

This FAQ is for the DI-514, DI-524, DI-604, DI-614+, DI-624, DI-624S, DI-754, DI-764, DI-774, and DI-784 routers.

Nortel Contivity will work with the your D-Link router, however its functionality depends on the authentication type (AH will not work), NAT compatibilty mode, and disabling keep alives on the server. Contact your Network Administrator to find out how your VPN is configured.

Step 1: Verify that you are using the latest version of firmware on your router.

Step 2: Login to the Web Management for your router by entering its IP address (192.168.0.1) in your web browser. The default username is admin, and the password is blank.

Step 3: Click the Advanced Tab to access the Virtual Server Settings. There is a list of pre-defined Virtual Server Rules towards the bottom of the page. Find the IPSec Rule. Click the pen and paper icon to edit its settings. Enable the rule, enter the IP address of the computer attempting to connect to the VPN in the Private IP field, then Apply the changes.

Step 4: Create a new Virtual Server entry. Name the Virtual Server, “NortelVPN“. Enter the IP address of the computer attempting to connect to the VPN in the Private IP field. For the Protocol Type, select Both. Enter 9550 for both the Public and Private Ports. Set the Schedule to always, then Apply the settings.

Step 5: Access the Tools Page, then click the Misc button. Disable IPSec Pass-through, then click Apply.

If the VPN Server is properly configured to work with clients behind NAT routers you should be able to connect to the VPN.

Tags: DI-604, DI-624, Nortel Contivity, VPN

1.Configuration of D-Link DFL-200/700/1100

Step 1: Make sure the firewall is using at least firmware 1.30 If the firmware is lower than 1.30 download and install the firmware from the support site.

Step 2: Click on Firewall at the top then VPN on the left hand side.

Step 3: Click on Add new PPTP Server. Give the server a friendly name, set the client IP pool outside of the DHCP scope, and enable proxy arp. Hit the apply button.

Step 4: Click on Users on the left hand side.

Step 5: Click on Add new in the Local User Database.

Step 6: Create a username(Dlink) and password, then hit apply.

Step 7: Click on the Activate Changes button in the lower left corner.

Step 8: Click on the Activate Changes button in the middle of the screen.

2.Configuration of Win2k/WinXP PPTP client

Step 1: Right-click My Network Places and select Properties.

Step 2: Create a New Connection.

Step 3: The Network Wizard will appear. Click on Next to continue.

Step 4: Choose your Network Connection Type (You will be connecting to a private network). Click Next.

Step 5: Enter the Destination Address. This will be your public IP address found on the Status tab of the DFL.

Step 6: Select All Users for the Connection Availability and click Next.

Step 7: Add a shortcut to your desktop and click on Finish.

Step 8: Enter your Username and Password to connect to the virtual private connection. Click the Connect button to authenticate to the DFL. You will see a balloon pop-up indicating that you have connection.

Tags: DFL-700, Firewall, PPTP client, VPN