NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
VPN Tunnel Connects but No Traffic Over LTE Connection
Hi, I'm trying to connect a windows pro 7 laptop running prosfae vpn client professional to an FVS338. The FVS338 is behind a DG834 router and I can successfully connect if I take the laptop home...
Hi brianstorm,
Welcome to the community! :)
Kindly answer the questions below:
a. As I understand your initial post, I assume that the FVS338 behind the DG834 is located somewhere (possibly at work) and you are able to established VPN connection just fine using your laptop with your ADSL connection at home, am I correct?
b. Since you mentioned that the FVS338 is behind the DG834, is the DG834 set as a modem-only device (configured as bridge mode) making the FVS338 the main router?
c. Is the internet service provider (ISP) on your 3G/4G LTE router the same as the ISP on the where the FVS338 is deployed?
d. Is the LAN subnet on the FVS338 different from the LAN subnet on the 3G/4G LTE router? For example: the LAN subnet on the FVS338 is 192.168.1.0 and the LAN subnet on the 3G/4G LTE router is 10.10.10.0.
Regards,
DaneA
NETGEAR Community Team
Hi,
thanks for the response, I've added my answers below your questions...
a. As I understand your initial post, I assume that the FVS338 behind the DG834 is located somewhere (possibly at work) and you are able to established VPN connection just fine using your laptop with your ADSL connection at home, am I correct?
** Yes, the FVS338 is at work, and I was able to establish a vpn connection from my home over an adsl connection
b. Since you mentioned that the FVS338 is behind the DG834, is the DG834 set as a modem-only device (configured as bridge mode) making the FVS338 the main router?
** the DG834 is our main office modem/router and I have setup the FVS338 behind it, with the WAn port connected to the DG834 system. I had to open an extra port on the DG834 to get the connection working, vpn traffic is passed onto the FVS338
c. Is the internet service provider (ISP) on your 3G/4G LTE router the same as the ISP on the where the FVS338 is deployed?
** the LTE, my home ADSL, and work ADSL all use different ISP's (giffgaff on 02, ee, and bt respectively)
d. Is the LAN subnet on the FVS338 different from the LAN subnet on the 3G/4G LTE router? For example: the LAN subnet on the FVS338 is 192.168.1.0 and the LAN subnet on the 3G/4G LTE router is 10.10.10.0.
** the dhcp lan side of the LTE router is assigning addresses in te range 192.168.1.x
the fvs338 dhcp lan addresses are in the range 192.168.10.x
the mode config setup of the fvs338 is assigning addresses 192.168.30.x and it appears that the laptop receives an address in this range when the vpn connects
I've had a look at the log files comparing a successful connectiuon, and an open vpn with no traffic and it seems that this (marked with asterisks) is where the logs differ, the successful adsl connection moves into a DPD _R-U-THERE series of acknowlodgements
2017 May 4 18:54:22 [FVS338] [IKE] IPsec-SA expired: ESP/Tunnel 95.145.99.146->192.168.0.75 with spi=43099881(0x291a6e9)_
2017 May 4 18:41:52 [FVS338] [IKE] 192.168.30.2 IP address has been released by remote peer._
2017 May 4 18:41:52 [FVS338] [IKE] ISAKMP-SA deleted for 192.168.0.75[4500]-95.145.99.146[4500] with spi:62bd7c46892d0fe9:e806e79130c7e000_
2017 May 4 18:41:51 [FVS338] [IKE] Purged ISAKMP-SA with proto_id=ISAKMP and spi=62bd7c46892d0fe9:e806e79130c7e000._
2017 May 4 18:41:51 [FVS338] [IKE] Purged IPsec-SA with proto_id=ESP and spi=1865101597(0x6f2b311d)._
2017 May 4 18:41:51 [FVS338] [IKE] an undead schedule has been deleted: 'pk_recvupdate'._
**********2017 May 4 18:41:51 [FVS338] [IKE] Deleting generated policy for 95.145.99.146[0]_ **************************
2017 May 4 18:41:36 [FVS338] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 192.168.0.75->95.145.99.146 with spi=1865101597(0x6f2b311d)_
2017 May 4 18:41:36 [FVS338] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 95.145.99.146->192.168.0.75 with spi=97374627(0x5cdd1a3)_
2017 May 4 18:41:36 [FVS338] [IKE] Adjusting peer's encmode 61443(61443)->Tunnel(1)_
2017 May 4 18:41:35 [FVS338] [IKE] No policy found, generating the policy : 192.168.30.2/32[0] 192.168.10.0/24[0] proto=any dir=in_Based from your answers, the problem is isolated because the client-to-box VPN works fine between the FVS338 located at work and your laptop when you are using the ADSL connection at your home. It seemed that the problem is in the LTE connection.
Kindly try the steps below:
a. On the ProSAFE VPN Client Professional installed on your laptop, kindly set the VPN Client address to a different IP range such as 172.16.1.2. Refer to the image below as reference:
b. Check if you will be able to establish the VPN tunnel between the FVS338 at work and your laptop using the LTE connection.
Regards,
DaneA
NETGEAR Community Team
I just want to follow-up on this. Were you able to try my suggestion about setting the VPN Client address to a different IP range on the ProSAFE VPN Client Professional software installed on your laptop? If yes, what is the result?
Regards,
DaneA
NETGEAR Community Team
Hi DaneA,
did you get a chance to read my responses? I'm still stuck on this and any help would be much appreciated...
Thanks in advance
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
