Re: Dlink DI-804HV to IPCop VPN connection

Alan Johnston wrote:
<snip>
> In a nutshell, here's what I would like to know: how do I transfer my
> IPCop VPN settings over to the Dlink to establish a tunnel with a
> remote IPCop box?
<snip>

OK. Eventually figured it out. Hope this helps someone else:

DI-804HV admin interface:

Home > VPN page:
VPN Enable: checked
Tunnel Name: MyTunnel (or whatever you want)
Method: IKE

Click <More button>
Tunnel Name: (should by MyTunnel entered before)
Local Subnet: x.x.x.x
Local Netmask: x.x.x.x
Remote Subnet: y.y.y.y
Remote Netmask: y.y.y.y
Remote Gateway: z.z.z.z
Preshare Key: this is the Password on the IPCop side

Click <Select IKE Proposal>
Proposal ID: 1 (or a free one)
Proposal Name: freeswan (or whatever you want)
DH Group: Group 2
Encrypt Algorithm: 3DES
Auth Algorithm: SHA1
Life Time: 28800
Life Time unit: Sec

Bottom of the screen:
Select Proposal ID 1 (or whatever you used above)
<Click Add To> Proposal Index
Proposal Name should appear in IKE Proposal index at the top of the
screen.
<Click Apply>
<Click Back>

Click <Select IPSec Proposal>
Proposal ID: 1 (or a free one)
Proposal Name: freeswan (or whatever you want)
DH Group: Group 2
Encap Protocol: ESP
Encrypt Algorithm: 3DES
Auth Algorithm: MD5 <-- different from IKE proposal
Life Time: 28800
Life Time unit: Sec

Bottom of the screen:
Select Proposal ID 1 (or whatever you used above)
<Click Add To> Proposal Index
Proposal Name should appear in IPSec Proposal index at the top of the
screen.
<Click Apply>
<Click Back>

On the IPCop side (the remote end), one thing we had to change was the
Next Hop for the remote end (my local end) had to be set to
%DefaultRoute% instead of the real gateway IP address. Using the real
IP address would not work. In the end, this was the main problem after
finally getting all the IPSec and IKE proposal stuff set right.

Hope this helps.

Alan
Received on Thu Sep 29 19:57:16 2005