Knowledgebase: VPN and Remote Access
IPSec VPN for SnapGear
Posted by on 27 January 2012 12:33 PM

1         INTRO

The document describes how to setup VPN IPSEC tunnel from Vigor to SnapGear. Suppose we have the following scenario.

 http://whttp://www.draycare.com.au/dfaq/image/VPN/08/vpn_19.JPGww.draycare.com.au/dfaq/image/VPN/08/vpn_18.JPG

2         SETTINGS

2.1       Setup DrayTek Vigor 2700 router

On the 2700 we setup an IPSEC tunnel profile with:

  1. Profile Name.
  2. Preshared key. It must be the same as in SnapGear.
  3. Enter SnapGear's wan IP address in the Server IP/Host Name for VPN field.
  4. Select ESP and 3DES with Authentication.
  5. Under TCP/IP Network Settings we input LAN network on the SnapGear side, which is 192.168.1.0/255.255.255.0.
    http://www.draycare.com.au/dfaq/image/VPN/08/vpn_20.JPG
  6. We click on the ADVANCED button. We select Main Mod and set the Key Lifetime. In Proposal we choose 3DES_SHA1_G2 for phase 1 and 3DES_SHA1 for phase 2. Then enable Perfect Forward Secret.
    http://www.draycare.com.au/dfaq/image/VPN/08/vpn_21.JPG
  7. From VPN Connection Management page you may monitor the status.

http://www.draycare.com.au/dfaq/image/VPN/08/vpn_22.JPG

 

SnapGear IPSec settings

  1. Create a profile under IPSec VPN Setup page.
     http://www.draycare.com.au/dfaq/image/VPN/08/vpn_23.JPG
  2. Give this profile a name by setting up Tunnel name. Check Enable this tunnel. Select the correct wan interface as local VPN gateway IP address in Local Interface. Select Main mode and Preshared Secret. Then press Next.
     http://www.draycare.com.au/dfaq/image/VPN/08/vpn_24.JPG
  3. In this page just check Initiate Phase 1 & 2 rekeying. Don't enable Initiate Tunnel Negotiation. Dead Peer Detection is optional. Then press Next.
     http://www.draycare.com.au/dfaq/image/VPN/08/vpn_25.JPG
  4. In this page enter 3300V's WAN IP address in The remote party's IP address field. Then press Next.
    http://www.draycare.com.au/dfaq/image/VPN/08/vpn_26.JPG
  5. For Preshared Secret we input a key which must be the same as in Vigor 2700's vpn profile. Select 3DES-SHA-DH Group2 as Phase 1 Proposal. Then press Next.
    http://www.draycare.com.au/dfaq/image/VPN/08/vpn_27.JPG
  6. For Local Network we input the network of SnapGear , For Remote Network we input LAN network on the Vigor 2700 side. For Phase 2 Proposal we choose 3DES-SHA. Enable Perfect Forward Secrecy and make sure DH Group 2 is selected.

http://www.draycare.com.au/dfaq/image/VPN/08/vpn_28.JPG

(1 vote(s))
Helpful
Not helpful

Comments (0)