2
Choose style:

Author Topic: Connecting to a VPN - IPSec  (Read 9453 times)

0 Members and 1 Guest are viewing this topic.

Offline pitchdarkice

  • Backer
  • *
  • Posts: 13
  • Thanks: 0
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYears
Connecting to a VPN - IPSec
« on: July 11, 2014, 12:37:55 am »
I initially had trouble connecting to a IPSec VPN.

After browsing around everywhere, I went into the OpenWRT -> Services -> ALG -> IPSec -> uncheck to disable

After disabling this setting, I was now able to connect to the VPN.

I've never had to do this with any router, what is this setting?


Thanks!

LGNilsson

  • Guest
Re: Connecting to a VPN - IPSec
« Reply #1 on: July 11, 2014, 12:42:26 am »
That's really peculiar, as unchecking it should disable IPSec.
To be honest, I don't know what the setting does, as it's unique to the build of OpenWRT that we were provided from our chipset partner, but I'll try to find out what it's supposed to do.
My guess is that it enables the VPN server on the Almond+ and this might've caused some kind of issue if you were connecting to another IPSec server.

jjoepaulines

  • Guest
Re: Connecting to a VPN - IPSec
« Reply #2 on: July 11, 2014, 02:37:33 am »
ALG - Application-level gateway is a kind of feature will be used for allowing client applications to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports used by the server applications, even though a firewall configuration may allow only a limited number of known ports. here there were some misconfigured rule. It will be correct in future. Thanks

when you do disable ALG from UI it will delete the rules that we added by default,

Rules been added before was

root@AlmondPlus:~# cat /etc/alg-rules/ipsec.rules
# This file is sourced as a shell script
#
# Rules for opening the firewall for IPSec
#
iptables -t nat -A POSTROUTING -p udp --dport 500 --sport 500 -j ACCEPT 2>/dev/null
iptables -A FORWARD -p udp --dport 500 --sport 500 -j ACCEPT 2>/dev/null
iptables -t nat -A POSTROUTING -p udp --dport 4500 --sport 4500 -j ACCEPT 2>/dev/nullT
iptables -A FORWARD -p udp --dport 4500 --sport 4500 -j ACCEPT 2>/dev/null
iptables -t nat -A POSTROUTING -p 50 -j ACCEPT 2>/dev/null
iptables -A FORWARD -p 50 -j ACCEPT 2>/dev/null
iptables -A FORWARD -p 51 -j ACCEPT 2>/dev/null
iptables -A FORWARD -p 51 -j ACCEPT 2>/dev/null



Offline johnyeros

  • Backer
  • *
  • Posts: 26
  • Thanks: 0
  • Registered : 12/07/2014
    YearsYearsYearsYearsYearsYears
Re: Connecting to a VPN - IPSec
« Reply #3 on: July 12, 2014, 10:51:15 am »
Im still having some problem trying various VPN setting. I tried all 3 with my iphone and has no luck. I disable this IPSec and still can't connect? any ideas?

jjoepaulines

  • Guest
Re: Connecting to a VPN - IPSec
« Reply #4 on: July 12, 2014, 10:59:56 am »
can you please describe you network setup ? . 


Offline mrv777

  • Backer
  • *
  • Posts: 52
  • Thanks: 0
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYears
Re: Connecting to a VPN - IPSec
« Reply #5 on: July 15, 2014, 10:18:24 am »
I can't seem to get VPN to work either.
I just noticed however, that I can't ping my external IP from work.  Interesting...
Any reason for that?  They could have changed something on my work network, but seems very odd it happened at the same exact time I got my Almond+.  I verified the IP address, so I know I have the correct one.
I can connect to the computer through TeamViewer too so I know the internet is working good.

jjoepaulines

  • Guest
Re: Connecting to a VPN - IPSec
« Reply #6 on: July 15, 2014, 11:19:41 am »
There are some functional bug that we aware in VPN and those will be fixed in upcoming firmware.

list of bug's in VPN are

      1. wont be able to make a tunnel from wan side with L2TP and Ipsec .

      2. Some time Client wont able to access it local resources after establishing vpn tunnel With PPTP.

I believe that you had some other issue with VPN Pass-through in almond plus .Am i correct ?

Can you help me understand the problem ?
« Last Edit: July 15, 2014, 11:22:40 am by Joe »

Offline mrv777

  • Backer
  • *
  • Posts: 52
  • Thanks: 0
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYears
Re: Connecting to a VPN - IPSec
« Reply #7 on: July 15, 2014, 11:32:12 am »
Is the Almond+ blocking pings from the WAN side?  It would make sense from a security point of view.  I'm trying to troubleshoot my VPN, I am trying PPTP now, but seems to make no difference.

Thanks

jjoepaulines

  • Guest
Re: Connecting to a VPN - IPSec
« Reply #8 on: July 15, 2014, 11:38:38 pm »
we are trying to troubleshoot this in our environment . Can you please help us on creating a same kind of network setup ?

Offline mrv777

  • Backer
  • *
  • Posts: 52
  • Thanks: 0
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYears
Re: Connecting to a VPN - IPSec
« Reply #9 on: July 17, 2014, 11:57:06 am »
I don't have anything special.  I changed the default ip range to 192.168.x.x and I've heard there is an issue with using certain symbols in your Wi-Fi password (which is being worked on)
I do find it odd that I cannot ping my home external IP from work.
Edit:  I just tried pinging my external IP address from my phone on LTE too and it also drops all packets.
« Last Edit: July 17, 2014, 11:58:57 am by mrv777 »

Offline jim

  • Backer
  • *
  • Posts: 11
  • Thanks: 0
  • Registered : 15/07/2014
    YearsYearsYearsYearsYearsYears
Re: Connecting to a VPN - IPSec
« Reply #10 on: July 17, 2014, 02:18:42 pm »
I don't have anything special.  I changed the default ip range to 192.168.x.x and I've heard there is an issue with using certain symbols in your Wi-Fi password (which is being worked on)
I do find it odd that I cannot ping my home external IP from work.
Edit:  I just tried pinging my external IP address from my phone on LTE too and it also drops all packets.

I have also been unable to get VPN working.  I previously had OpenVPN working on my router running Tomato. 

jjoepaulines

  • Guest
Re: Connecting to a VPN - IPSec
« Reply #11 on: July 18, 2014, 04:28:39 am »
Quote
I do find it odd that I cannot ping my home external IP from work.
Edit:  I just tried pinging my external IP address from my phone on LTE too and it also drops all packets.

 Ping to the wan side of ALmond Plus been blocked to avoid ICMP flood attack . it will just drop all the ICMP request which is coming from wan side . All the routers will block ICMP in WAN side by default.

 

Page created in 0.055 seconds with 21 queries.