D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: vax on January 08, 2010, 02:41:32 AM

Title: DFL-210 please help with VPN - SOLVED
Post by: vax on January 08, 2010, 02:41:32 AM
Hello.

Probl.: I get VPN connect to provider but no internet access.
firmware 2.26.00

Details:

from my provider:
IP 10.0.xxx.xxx
Endpoint 10.0.0.1
Mask 255.255.255.0
GW 10.0.xxx.1
DNS1,DNS2, username and pass

Windows lan setup:
ip 192.168.1.2
mask 255.255.255.0
GW 192.168.1.1
DNS 1 87.224.xxx.xxx

DFL-210 Setup:

1. Go Interfaces->Ethernet and enter:
(http://i058.radikal.ru/1001/9a/36f3889ea0a0.jpg)
2. Go Interfaces->PPTP/L2TP clients and enter:
(http://i056.radikal.ru/1001/98/18a7519a1aca.jpg)
if i add to Remote Network: all-nets (no connection establ.)
3.Routing->main
(http://i080.radikal.ru/1001/6e/7d2ba7f79df0.jpg)
4. Rules->IP rules:
(http://s14.radikal.ru/i187/1001/4d/cae8119d537a.jpg)
4.1. Rules->IP rules->lan to wan and edit "Destination interface":
(http://i037.radikal.ru/1001/3d/ab63de9e8da5.jpg)
5.DNS and enter:
(http://s46.radikal.ru/i111/1001/cc/a0f4bdda4e1f.jpg)
6. Interface Status:
(http://s56.radikal.ru/i154/1001/34/bc0765ccd9aa.jpg)

But no access internet, no ping to internet... need help.

current log
(http://s51.radikal.ru/i132/1001/94/1124dceeb56f.jpg)
Title: Re: DFL-210 please help with VPN
Post by: Fatman on January 08, 2010, 08:41:45 AM
The network specified for your wan interface should be 10.0.xxx.0/24, not the subnet mask.

Then you need to change the remote network on your PPTP tunnel to all-nets.

I would also remove the GW specified for your WAN (since your PPTP endpoint is on the same network it can only serve to cause routing issues) or at the very least remove the "Automatically Add Route For Default GW" option on the advanced tab of your WAN interface.

At this point you will most likely be on-line, but even if you aren't another round like this one should light the way.
Title: Re: DFL-210 please help with VPN
Post by: vax on January 08, 2010, 10:27:18 AM
But if change the remote network on PPTP tunnel to "all-nets", i've no VPN connection. They established only with "subnet mask".

i modified: Routing->main
(http://s43.radikal.ru/i102/1001/cc/0b4ea9cdbcd8.jpg)

and i can ping all internet from DFL

(http://s47.radikal.ru/i115/1001/0a/8a7808fe536a.jpg)

but still have no access to inet from PC (when dns_relay is enabled (on dfl210), i can ping all inet from PC without access to sites)

dfl log ->

(http://s49.radikal.ru/i124/1001/60/1c2def26b6f9.jpg)



how to modify Routing tables to get access from PC? HELP

Title: Re: DFL-210 please help with VPN
Post by: Fatman on January 08, 2010, 01:55:37 PM
If you want to do this the right way ensure that your WAN interface route has a lower metric than your VPN and follow my previous instructions.

The DFL-210 does not do DNS relay, if you are on-line (even if it is the wrong way) and are just not resolving DNS, set a valid DNS server on your PCs directly or through their DHCP server and be on your way.
Title: Re: DFL-210 please help with VPN
Post by: vax on January 09, 2010, 09:38:07 AM
Perhaps this helps to run VPN client on DFL-210 to someone else.

My provider was given me:
(examples)
Static IP 88.222.123.123
Subnet mask 255.255.255.0
GW 88.222.123.1
DNS1 88.222.222.1
DNS2 88.222.111.1
These details i can use directly in windows and use inet.

If i want to get VPN protected inet, a provider can autogenerate VPN details:
IP 10.0.123.125
Subnet mask 255.255.255.0 (the same as in my static ip)
GW 10.0.123.1
Endpoint 10.0.0.1

DFL 210 setup, see how to fill:

(http://i078.radikal.ru/1001/10/bd1dad7b10b0.jpg)

(http://s13.radikal.ru/i186/1001/2b/f09c511ce5eb.jpg)

(http://i061.radikal.ru/1001/32/2226dbd3b537.jpg)

and all will work fine.

Thanks to Fatman

Title: Re: DFL-210 please help with VPN - SOLVED
Post by: Fatman on January 11, 2010, 08:48:07 AM
your wan_gw should be 10.0.123.1.

remove all additional routes you have written and use just the routes provided automatically on your interfaces.

If you are still having problems please call the Business Class Support number for your country.
Title: Re: DFL-210 please help with VPN - SOLVED
Post by: vax on January 11, 2010, 10:52:29 AM
your wan_gw should be 10.0.123.1.

remove all additional routes you have written and use just the routes provided automatically on your interfaces.

Maybe, but with that GW(10.0.123.1) - connection is not established.
And all work only with all additional routes i have written.

If the above settings for Internet access using VPN to use in windows, the GW 10.0.123.1 also automatically replaced by the static ip address 88.222.123.123 (in the details of the connection).