Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[FlopShot]

I have a DIR-655_RevB updated with the latest firmware 2.03NA.  I have two VPN devices in my house trying to get to my corporate office: a VPN phone and my laptop with a VPN client, both use IPSec.  Either device has no problem making a solid VPN connection separate from each other.  Meaning that when my laptop is not connected, I can connect the VPN phone with no problem.  And when the VPN phone is disconnected, the laptop also has no problem making a solid and stable VPN connection.  So I know the router is configured correctly to let thru VPN traffic for either device.  i.e. IPSec is enabled, UDP/TCP Endpoint Filtering are both set to Endpoint Independent (and I've tried every other combo), SPI is disabled. 

The problem is that I need to have both devices connected simultaneously, which this router is supposed to handle.  If I have the VPN phone connected first, then when I launch the laptop VPN client, the VPN phone gets disconnected.  I'm assuming that at this point, all VPN traffic is being tunneled back to the laptop.  I cannot re-establish the VPN phone connection until I disconnect the laptop client, at which point the VPN phone "automatically" reconnects (meaning I don't have to reboot it, the VPN traffic just somehoe gets redirected back to this device)

I've spoken to multiple techs at D-Link that haven't been able to help me.  I thought this router was supposed to handle multiple VPN passthru out-of-the-box?  Can anyone give me some hints?  Do I need to manually configure some type of encapsulation?  I can't do port forwarding since I want multiple VPN connections, and I already know that I'm making valid VPN connections anyway.

I'm nearing my 30-day window to return this router, so if I can't get this working by this week, I'll return and get a Linksys instead.  Thanks.

[FurryNutz]

How do you have your devices set up on the router?
Using any virtual server or QoS rules set up?

Lets get some info going and go from there...
What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?
What ISP Modem make and model do you have?
If this modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems.

Ensure DNS IP addresses are being filled in under Setup/Internet/Manual?
Turn off QoS options.
Turn off Advanced DNS Services if you have this option.
Turn on DNS Relay under Setup/Networking.
Setup DHCP reserved IP addresses for all devices on the router.
Ensure devices are set to auto obtain an IP address.


What wireless modes are you using?
Try single mode G or mixed G and N?
What security mode are you using? WEP, WPA or WPA2? Preferred is WPA-Personal. Auto TPIK and AES.

Turn off all anti virus and firewall programs on PC while testing.
Turn off all devices accept for one wired PC while testing.

[FlopShot]

Thanks for trying to help.  I was at the store this morning staring at Cisco/Linksys routers wondering if I should just bite the bullet, but I held out... barely.

How do you have your devices set up on the router?

Not sure what you mean by this.  Everything is wired (including the laptop), nothing is connected wireless.  As far as network diagram, the router is in my main distribution panel.  The router is connected to multiple switches around my house.  Both VPN devices are connected to the same switch in my home office.

Using any virtual server or QoS rules set up?

Nope, neither are setup.

Lets get some info going and go from there...
What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?
What ISP Modem make and model do you have?
If this modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems.

None of the above apply.  It's a fiber link into the house.  The fiber gateway is outside the house (and out of my control).  I basically have a live CAT6 cable coming into my wall, and it is plugged straight into the router.
 

Ensure DNS IP addresses are being filled in under Setup/Internet/Manual?

Verified they were populated.

Turn off QoS options.

This was already off

Turn off Advanced DNS Services if you have this option.

This was enabled, I disabled it.

Turn on DNS Relay under Setup/Networking.

This was already enabled.

Setup DHCP reserved IP addresses for all devices on the router.

That was previously done.

Ensure devices are set to auto obtain an IP address.

Done.

What wireless modes are you using?
Try single mode G or mixed G and N?
What security mode are you using? WEP, WPA or WPA2? Preferred is WPA-Personal. Auto TPIK and AES.

None of the VPN devices are wireless.  And during my office hours, no wireless devices are attached.  However, just for reference, I am running mixed mode with WPA-Personal TPIK and AES.  Also note that even if my laptop is connected wirelessly, it still has no problem establishing a VPN tunnel to my corporate VPN server.

Turn off all anti virus and firewall programs on PC while testing.
Turn off all devices accept for one wired PC while testing.

The single change I made above to disable Advanced DNS did not resolve the issue.  So I can continue testing as per your above suggestions.  But I don't see how these are relevant when the laptop can make a solid VPN tunnel.  I'm just trying to prevent it from hijacking the tunnel previously established by the VPN phone.

[FurryNutz]

It's possible that you might need to set up a QoS rule and see if this help maintain the VPN. Do you know if there are specific ports your VPN uses?

[Hard Harry]

First, who is your ISP? A direct fiber feed and not Verizon? Thats either business grade service, or not in the  States.

Second, where are you reading that this router does multiple IPsec sessions? I thought it only did multiple PPPTP. I think you should contact your IT and talk with them.

[FlopShot]

First, who is your ISP? A direct fiber feed and not Verizon? Thats either business grade service, or not in the  States.

Comporium Communications in Sourth Carolina.  This is residential 15Mbps x 15Mpbs service, although I regularly have 25Mpbs download and 20Mbps upload.  BTW, lots of communication companies (other than Verizon FIOS) now offer residential fiber, especially in newly constructed housing developments where they can lay the fiber before the streets are paved.

Second, where are you reading that this router does multiple IPsec sessions? I thought it only did multiple PPPTP. I think you should contact your IT and talk with them.

It doesn't say anywhere that it handles multi-IPSec.  But that's the problem, D-Link and most other router manufacturers don't document a lot of the functionality.  All the D-Link documentation says "multisession VPN passthru (PPTP/L2TP/IPSec)" but doesn't go into what combinations, and I've also seen "Simultaneous IPSec sessions: Unknown" on many review sites.  So it's impossible to determine simply by reading if a multiple-IPSec feature "exists but isn't documented" or if the feature doesn't exist at all.  If the router truly only supported a single IPSec tunnel, you would think that D-Link 2nd level support would have already given me that answer, but they haven't.  That's why I posted here hoping that somebody already discovered the answer to this.

And I am the IT, which is why I'm trying to troubleshoot this.  

[Hard Harry]

Yes, but most FTTH/FTTP still use customer gateways of some kind. Verizon(FIOS) for example usually uses a wireless modem/router gateway that has it's own NAT, hence the question. What kind gateway do you have? Basically, what does the WAN port of the DIR-655 plug into?

But basically I don't think you can do it with this equipment. I assume your helping set up some kind of buisness or home office?

[FlopShot]

Yes, but most FTTH/FTTP still use customer gateways of some kind. Verizon(FIOS) for example usually uses a wireless modem/router gateway that has it's own NAT, hence the question. What kind gateway do you have? Basically, what does the WAN port of the DIR-655 plug into?

But basically I don't think you can do it with this equipment. I assume your helping set up some kind of buisness or home office?

Yes, this is a home office setup.  As mentioned earlier, the fiber gateway is somewhere outside the house and managed by the ISP.  There is no modem/router/anything inside the house, the homeowner simply has a CAT6 cable sticking out of the wall inside the distribution panel, and the cable is hot.  i.e. you can plug it straight into a laptop and pull a DHCP address and be on the internet.

I was afraid that the DIR-655 might not handle multi-IPSec, but luckily we are still inside the 30-day return window!

Thanks.