NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
VPN Tunnel Connects but No Traffic Over LTE Connection
Hi, I'm trying to connect a windows pro 7 laptop running prosfae vpn client professional to an FVS338. The FVS338 is behind a DG834 router and I can successfully connect if I take the laptop home...
Hi,
thanks for the response, I've added my answers below your questions...
a. As I understand your initial post, I assume that the FVS338 behind the DG834 is located somewhere (possibly at work) and you are able to established VPN connection just fine using your laptop with your ADSL connection at home, am I correct?
** Yes, the FVS338 is at work, and I was able to establish a vpn connection from my home over an adsl connection
b. Since you mentioned that the FVS338 is behind the DG834, is the DG834 set as a modem-only device (configured as bridge mode) making the FVS338 the main router?
** the DG834 is our main office modem/router and I have setup the FVS338 behind it, with the WAn port connected to the DG834 system. I had to open an extra port on the DG834 to get the connection working, vpn traffic is passed onto the FVS338
c. Is the internet service provider (ISP) on your 3G/4G LTE router the same as the ISP on the where the FVS338 is deployed?
** the LTE, my home ADSL, and work ADSL all use different ISP's (giffgaff on 02, ee, and bt respectively)
d. Is the LAN subnet on the FVS338 different from the LAN subnet on the 3G/4G LTE router? For example: the LAN subnet on the FVS338 is 192.168.1.0 and the LAN subnet on the 3G/4G LTE router is 10.10.10.0.
** the dhcp lan side of the LTE router is assigning addresses in te range 192.168.1.x
the fvs338 dhcp lan addresses are in the range 192.168.10.x
the mode config setup of the fvs338 is assigning addresses 192.168.30.x and it appears that the laptop receives an address in this range when the vpn connects
I've had a look at the log files comparing a successful connectiuon, and an open vpn with no traffic and it seems that this (marked with asterisks) is where the logs differ, the successful adsl connection moves into a DPD _R-U-THERE series of acknowlodgements
2017 May 4 18:54:22 [FVS338] [IKE] IPsec-SA expired: ESP/Tunnel 95.145.99.146->192.168.0.75 with spi=43099881(0x291a6e9)_
2017 May 4 18:41:52 [FVS338] [IKE] 192.168.30.2 IP address has been released by remote peer._
2017 May 4 18:41:52 [FVS338] [IKE] ISAKMP-SA deleted for 192.168.0.75[4500]-95.145.99.146[4500] with spi:62bd7c46892d0fe9:e806e79130c7e000_
2017 May 4 18:41:51 [FVS338] [IKE] Purged ISAKMP-SA with proto_id=ISAKMP and spi=62bd7c46892d0fe9:e806e79130c7e000._
2017 May 4 18:41:51 [FVS338] [IKE] Purged IPsec-SA with proto_id=ESP and spi=1865101597(0x6f2b311d)._
2017 May 4 18:41:51 [FVS338] [IKE] an undead schedule has been deleted: 'pk_recvupdate'._
**********2017 May 4 18:41:51 [FVS338] [IKE] Deleting generated policy for 95.145.99.146[0]_ **************************
2017 May 4 18:41:36 [FVS338] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 192.168.0.75->95.145.99.146 with spi=1865101597(0x6f2b311d)_
2017 May 4 18:41:36 [FVS338] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 95.145.99.146->192.168.0.75 with spi=97374627(0x5cdd1a3)_
2017 May 4 18:41:36 [FVS338] [IKE] Adjusting peer's encmode 61443(61443)->Tunnel(1)_
2017 May 4 18:41:35 [FVS338] [IKE] No policy found, generating the policy : 192.168.30.2/32[0] 192.168.10.0/24[0] proto=any dir=in_
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
