IPSec VPN with Netgear FVS318v3
My Belkin N1 Vision router decided to die the other day. So i realized it was time for an industrial strength router. Checked out a really nice one with Linux built in and great application support. It was a little prize for me right now, just got a new girlfriend and moved in with her…. 🙂
I finally decided for the Netgear FVS318v3 which comes with a built in IPSec VPN server for 8 concurrent connections. Netgear wants ~$50 for the client software which I wasn’t really happy about paying. So I started checking around for a free alternative. Finally I came across Shrew Soft VPN Client (http://www.shrew.net/). It’s free and really light weight. It took some figuring out how to configure it all so I thought it was a good idea to share it.
I presume that you already have DynDNS enabled. If you have a dynamic WAN address it’s a must to get this to work.
First you have to set up your FVS318 router to accept the connections.
- Log on to your router and go to the “VPN Wizard” in the left hand menu.
- Just click “Next”…
- You have to set a name for your connection and a pre-shared key (PSK). Select “A remote VPN client” as connection type.
- You will get a confirmation screen next. Just click “Done”.
Now your router is up to speed and you need to download the VPN client from http://www.shrew.net/download
Ones installed it’s time to set up your new connection.
- In the router admin page select “IKE Policies” in the left hand menu. The two pieces of information you are interested in is “Local ID” and “Remote ID”.
- Now start Shrew Soft VPN Access Manager and click “Add”.
- Now enter your DynDNS, or static WAN address if you have one, in the “Host Name or IP Address” field.
- Set “Auto Configuration” to “disabled”.
- Set “Local Host” – “Address Method” to “Use an existing adapter and current address”.
- Now go to the “Name Resolution” tab. If you know the addresses to wins server and/or dns server on the remote network enter them here. If not uncheck the check boxes.
- Now go to the “Authentication” tab and set “Authentication Method” to “Mutual PSK”.
- “Local Identity” should be the field “Remote ID” on the routers “IKE Policies” page. “Identification Type” should be “Fully Qualified Domain Name”.
- On the “Remote Identity” tab the “Identification Type” should be “Fully Qualified Domain Name” and “FQDN String” should be the “Local ID” from the routers “IKE Policies” page.
- Moving on to the “Credentials” tab fill in your PSK in the “Pre Shared Key” field. In this case “areallylamekey”.
- Then you go to main tab “Policy”.
- Uncheck the “Obtain Topology Automatically or Tunnel All” check box.
- Click the “Add” button.
- Type in your network. To route all the 192.168.0.x addresses over the VPN tunnel enter address 192.168.0.0 and netmask 255.255.255.0. If you have the same network address range at home and in your current location you can enter specific addresses or add an other topology entry that excludes those addresses.
- Then hit “Save” and you will return to the mane window.
- Dubbel click your connection and select “Connect”. That’s it!
Your now up and running with your own secure IPSec tunnel to your home or office!