Topic: DFL-210 L2TP/PSK Setup (Read 14245 times)

rfalken · « **on:** August 13, 2009, 10:52:14 AM »

Hi,

I need to setup L2TP/PSK Roaming Clients.

I followed the manual and the configuration example.

But when i configure the IPSec part of the setup and save the config the following happens.

I can connect from my external client to the DFL210, that part is oki. But from the internal side i cannot browse the internet. I can see in the log that all packets are dropped (Default policy).

This is how the IPSec has been configured. (When i disable the rule i can browse the internet again)

1. Go to Interfaces > IPsec > Add > IPsec Tunnel
2. Enter a name for the IPsec tunnel, eg. l2tp_ipsec
3. Now enter:
a. Local Network: wan_ip
b. Remote Network: all-nets
c. Remote Endpoint: none
d. Encapsulation Mode: Transport
e. IKE Proposal List: ike-roamingclients
f. IPsec Proposal List: esp-l2tptunnel
4. Enter 3600 in the IPsec Life Time seconds control
5. Enter 250000 in the IPsec Life Time kilobytes control
6. Under the Authentication tab, select Pre-shared Key
7. Select MyPSK in the Pre-shared Key control
8. Under the Routing tab, check the following controls:
• Allow DHCP over IPsec from single-host clients
• Dynamically add route to the remote network when a tunnel is established
9. Click OK

NovaE · « **Reply #1 on:** August 13, 2009, 05:10:32 PM »

Please post a copy of the logfile showing the drops.

rfalken · « **Reply #2 on:** August 13, 2009, 11:12:31 PM »

2009-08-13 16:38:15 Warning RULE 6000051 Default_Rule TCP lan 192.168.0.100 78.84.222.99 58774 80 ruleset_drop_packet drop
ipdatalen=32 tcphdrlen=32 syn=1

Fatman · « **Reply #3 on:** August 14, 2009, 03:16:28 PM »

Do you have an IP Rule NATing the outbound traffic from your L2TP hosts?

rfalken · « **Reply #4 on:** August 15, 2009, 02:49:08 AM »

Yes i have.

But can the L2TP hosts not be a part of the same subnet af the LAN ?

I have a LAN side called 192.168.0.0/24 and then i have defied an IP POOL of 192.168.0.200-192.168.0.210

Fatman · « **Reply #5 on:** August 17, 2009, 08:28:22 AM »

They can be, though it is not advised. In order for that to work you will need to enable proxy ARP on your L2TP server for the LAN interface.

rfalken · « **Reply #6 on:** August 19, 2009, 10:56:36 PM »

And if i have Proxy ARP enable and selected LAN interface ?

Fatman · « **Reply #7 on:** August 20, 2009, 08:10:48 AM »

Then it should work, did you do that? Are you still having issues?

rfalken · « **Reply #8 on:** August 20, 2009, 11:10:13 PM »

Yes i did that, and there is still issues. Does anyone now if it's possible to get support from DLINK on such issues ? I tried mailing them direct but no contact.

Fatman · « **Reply #9 on:** August 21, 2009, 08:37:13 AM »

Raise the metric on your IPsec tunnel, that might also explain things. I had read your issues backwards originally.

Yes D-Link should support you, unfortunately I don't think you are in the realm of D-Link US support. Your local D-Link office should be able to help.

rfalken · « **Reply #10 on:** August 26, 2009, 02:40:03 AM »

I deleted the config and followed this guide.:

http://www.dlink.com/support/faqDetail/?prod_id=3248&print=1

it worked..

Fatman · « **Reply #11 on:** August 26, 2009, 08:19:20 AM »

Glad to hear it!

D-Link Forums

News:

Author Topic: DFL-210 L2TP/PSK Setup (Read 14245 times)

rfalken

DFL-210 L2TP/PSK Setup

NovaE

Re: DFL-210 L2TP/PSK Setup

rfalken

Re: DFL-210 L2TP/PSK Setup

Fatman

Re: DFL-210 L2TP/PSK Setup

rfalken

Re: DFL-210 L2TP/PSK Setup

Fatman

Re: DFL-210 L2TP/PSK Setup

rfalken

Re: DFL-210 L2TP/PSK Setup

Fatman

Re: DFL-210 L2TP/PSK Setup

rfalken

Re: DFL-210 L2TP/PSK Setup

Fatman

Re: DFL-210 L2TP/PSK Setup

rfalken

Re: DFL-210 L2TP/PSK Setup

Fatman

Re: DFL-210 L2TP/PSK Setup