How to Setup a VPN?

[usasma]

I'm having issues setting up a VPN from my wife's office to our house.
I've only tried using my system so far - but I've gotta work on the other 2 systems once mine is connected.
Suggestions? I keep getting errors that a device isn't working - but I'm way, way outta my depth here!!!
If you need details on the cable modems I'll have to search for the info (the office is 20 miles away from my work and home).

VPN Server: Windows XP at the wife's office. Comcast is the cable provider.
She has a Comcast cable modem (manufactured by SMC) and a Netgear ProSafe VPN Firewall FVS318v3 router

IPCONFIG /ALL from the Office computer (the Windows XP system):

Windows IP Configuration

Read More:

Host Name . . . . . . . . . . . . : GalesFerryAH3
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes

Ethernet adapter Local Area Connection 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dynex DX-E102 PCI 10/100Mb Network Adapter #4
Physical Address. . . . . . . . . : 00-21-27-EB-19-E2
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 68.87.71.230
68.87.73.246

VPN Clients:
All are Win7 - Starter, Ultimate (x64) and Ultimate (x86)
Cable provider is Metrocast (we are served by the Connecticut offices) http://portal.metrocast.net/
We have a cable modem provided by Metrocast and a Netgear ProSafe VPN Firewall FVS318v3 router

IPCONFIG /ALL from my computer (the Ultimate x64 system):

Windows IP Configuration

Read More:

Host Name . . . . . . . . . . . . : FUBAR-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
Physical Address. . . . . . . . . : 48-5B-39-01-D3-FE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 48-5B-39-01-D3-FF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::706f:9f76:14f0:8487%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, May 09, 2012 14:28:53
Lease Expires . . . . . . . . . . : Thursday, May 10, 2012 14:28:53
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 239622969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-FB-2D-B1-48-5B-39-01-D3-FF
DNS Servers . . . . . . . . . . . : 65.175.128.181
63.251.62.33
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-14-3E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d502:ab32:14fa:176c%19(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 470286375
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-FB-2D-B1-48-5B-39-01-D3-FF
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{72F31D52-2E68-4B96-A5F0-B010A97A4EE4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:59:2de3:3f57:fffa(Preferred)
Link-local IPv6 Address . . . . . : fe80::59:2de3:3f57:fffa%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4A724A0A-4CCC-4A15-B34A-B71306498636}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{398C53C5-ADCC-476A-A1A8-7ED2BEB0C7CB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

 

[usasma]

VPN Server Cable Modem info (says SMCD3G-CCR):
Still can't find the login info.


VPN Client Cable Modem info (says Motorola on the outside):

System: ARRIS DOCSIS 2.0 / PacketCable 1.0 Touchstone Telephony Modem HW_REV: 04
VENDOR: Arris Interactive, L.L.C.
BOOTR: 6.24
SW_REV: 6.1.72
MODEL: TM602G

 

[Trouble]

This may be over simplistic and lord knows I've had my own share of VPN issues, but have you tried running the VPN Wizard on both devices (FVS318v3) to create an end point to end point, box to box, VPN Gateway to VPN Gateway connections.
Looks like for the most part all you need is the remote WAN address and remote LAN Network address and subnet, a common name for the connection and preshared key on both ends. I don't have the particular router but there is an emulator here http://tools.netgear.com/landing/gui/security/fvs318v3/simulators/FVS318v3v3.0_19/default.htm that you can sort of get an idea from.
Regards
Randy

EDIT: Some additional help, possibly, starting on page 5-20 here http://www.manualowl.com/m/Netgear/FVS318/Manual/3993

 

[2xg]

Hi usasma,

Can please tell us the exact error message that your computer is getting?

Also, this type of VPN/Firewall device can be setup on different ways as mentioned by Trouble, it can be Client to Gateway or Gateway to Gateway. What type is your setup?
It's also worth try pinging both Gateway and Remote IP Address. For ex: I'd suggest: ping -t Gateway IP

 

[usasma]

I didn't keep track of my initial attempts to set it up. And once it started to beat me, I wiped everything (that I'd done) out of existence so I could start with a clean slate.

I'll be starting it all up again using your suggestions - and will document as much as possible. I'm not in a great rush as I backup the data manually using TeamViewer each night - and it only takes a few minutes to set it up.

Will the tunnel(s) connect to a gateway or a client. Which one are they referring to (if I setup the router at home, what's the remote client and what's the remote gateway - at the wife's office?) Do I point it at the PC at her office or at the router?

My home computer goes through my router to access the router at my wife's office and get into her office computer. Is this a Gateway to Gatway, a Client to Gateway, a Gateway to Client, or a Client to Client connection/VPN?

What should I ping - my home stuff or my wife's office stuff? Or both?
Ping to wife's office (WAN) from my home is 70-90 ms and TTL is 48

Do I need to forward ports? If so, what one's?
Wife's office also has a switch (but the office computer is connected directly to the Netgear FVS318 router). Dunno if that matters, but I figured that I should mention it.

 

[2xg]

It is better to start fresh. :smile9:

If you are trying to connect your home computer to an office, you may use the Client to Gateway configuration. Connecting a home office to the main office will be Gateway to Gateway. I don't know if this .pdf manual for your VPN router is the same as have been provided to you by Trouble, but I'd suggest reading from Chapter 4, it will give you a lot more information whether you'd prefer Client to Gateway or Gateway to Gateway and also how to configure your VPN. Let's hold on to the pinging part if you need to troubleshoot, this is also in the manual.

Please update us with your progress.

 

[usasma]

I only want to connect to one computer at the office, and will be using 3 different computers from home:
- the netbook (Win7 Starter) for the backups
- my wife's computer for accessing office work (Win7 Ultimate x86)
- my computer (Win7 Ultimate x64) for troubleshooting.

So I presume that I want a Gateway to Client from my home (and a Client to Gateway from the office)?

I'll read up on it in the manual and will see what I can do.
Rest assured that I'll be sure to post back about any success' or failures.

Again, there's no rush with this as I don't have a bunch of free time to work on it.

 

[TheCyberMan]

Client to gateway i think will be the way to go and install the Netgear Pro safes's VPN client software on remote pc.

 

[usasma]

Just to let you know that I haven't forgotten this. Hope to work on it tomorrow or the next day (wife's not at work and I don't have anyone to initiate a remote connection). It's either that, or I've gotta drive over to the office to set it up - and I'm too lazy for that!

Wife is stopping by the office this evening. I hope to get her to restart TeamViewer then.

 

[TheCyberMan]

No worries we will await your update.

 

[Temmu]

first thing you need to do is download the vpn client software - now it's a 30-day free trial - u prolly have to pay later.
http://support.netgear.com/app/answ...netgear vpn client software download FVS318v3

and install it on each and every computer at the house.

the software must be configured with the exact same settings as the netgear box at the office or it won't work.

at the house, you must first establish an internet connection (duh! but you'd be surprised how many don't get that)
then launch your netgear vpn client (software) and provide your username / password (that you configured on the netgear at-work box)

some thoughts -
if your have signed the united states won't export paper, use triple des (3des) encryption instead of des.
you can certainly use des, or aes-256. after all, what's the chance of anyone trying to hack u and your work anyway?

your hash should be sha1, it is better than md5

your pre-share key should be 8 or more non-word characters, to include upper and lower case, nrs, symbols.

and did i say everything has to match at both ends of the tunnel won't stand up.

to test, ping from a device at one end of the tunnel to a device at the other end of the tunnel.
this creates "interesting traffic" which tells the tunnel to form.
if you have a command for your netgear device like "show crypto isakmp sa" (security associations) then you can see if your tunnel is up.
but you already know it is up if you got a response from the ping.

sorry i don't know crap about netgear's vpn stuff, but that's some good dope on vpns in general. read the manual (pdf) posted above for details.

 

[Vir Gnarus]

What Temmu covered may be oversight, but he's correct. One needs to understand that VPN merely establishes a encrypted connection between two computers. Both endpoints must have the ability to both encrypt and decrypt information as it is received and sent out. Without both being equipped for the job, the one lacking it will receive the incoming data as junk and discard it. That's why a software VPN client must be available on one end while the VPN router can be used on the other. This also goes for why both ends must be configured identically as the traffic must be familiar to both endpoints.

I understand this may be a redundant statement, but I know many people attempt to utilize things through knowledge of their purpose but neglecting their function.

 

[usasma]

Phone connects but computer doesnt
Phone uses wifi if available
Turns out my wifi isn't accessible
I have a draft wireless N router that I'm using as an access point - I think that it may have died on me

I'll get another one tomorrow, then will do spring cleaning on my system and cabling

 

[Temmu]

the thing is, you must download that client i linked to and install it.
my notes are more that a high-level view.
there are some specifics you ought to heed.

but, to each his own...

 

[usasma]

@temmu - I understand about the need for the client. That's what started all this a long time ago. I go the old client and never used it. When I was finally ready to use it, it wasn't compatible with Win 7.

Still haven't fixed the network and am still looking at different options (VPN vs Remote Desktop vs TeamViewer vs LMI, etc)
Gonna call the ISP today and have them check to see if they can access Sysnative (and the office network also).

 

[usasma]

I'm back (but not for long)!
Connected directly to modem (bypassing router), did release/renew and I'm able to access Sysnative.
FYI - the Tech Support at my ISP says they don't block any IP address'
He was suspicious that it was URLJet blocking me - since my pings wouldn't complete and my tracert was denied as soon as it hit URLJet

 

[2xg]

I'd try using Public DNSs, add it in your router's DNS setting, keep DHCP setting from your LAN and WLAN computers setting, looks like DNS issue. What other sites are affected aside from Sysnative?
BTW...You may use Google DNSs

If that didn't help, backup your router's setting and proceed to a reset to the factory setting. I would suggest to start from scratch re-configuring your router setting.

Please give us another update.

 

[usasma]

Already reset the router to factory without any success.
I had a public DNS set in my network connection in Windows

AFAIK there's no problem with any other website other than Sysnative. I'm still able to surf anywhere and so is the wife.

Just replugged the router into the modem (and my computer) - the durned thing lit up like a Christmas tree going through the tests.
Once it stopped flashing all over, I tried to access the web - and it told me I had an invalid IP configuration (it's set on auto in Windows and the router was setup by the inbuilt routine that Netgear uses.

I'm about positive that this router is dead, so I'm going to try the new one that I bought yesterday.

 

[2xg]

Let's hope that a new router will fix the issue. Do you need assistance on setting up your new router?

 

[usasma]

New router is installed and I'm using it now.
Just gotta setup my wireless access point router again - I need it for the kids and for the extra ports. I'll have 2 wireless networks and 8 wired ports (I need 6 of them)