Orbi WiFi 7 RBE973
Reply

SRX5308 vpn for iphone, laptop

bzness
Aspirant

SRX5308 vpn for iphone, laptop

I am not sure this is the right board, but I didn't see another board that was closer.

I have an SEX5308 at my office, and an older FV2318g (??) at my home. Both are connected to Xfinity cable modems that are set to "bridge mode". The 2 routers are connected through an IPsec VPN tunnel, which works fine under normal circumstances. The office router (5308) also used to work as a PPTP VPN server for people who were on the road and needed to connect to the network. Everything was fine.

Then apple decided in there unfathomable wisdom the PPTP was not secure enough and stopped supporting it. Not only are the iphones and tablets not able to connect anymore, but neither is it possible to tehter a laptop to the iphone and connect, as Apple also stopped the passthrough of PPTP.

So, now I am scrambling to get people to connect again. The first thing I tried was to set up a separate IPSec channel for devices (by going through the mode configuration, setting up an Ike policy and user accounts. That works (at least for the iphones), but only for a few hours. After that it stops working, and it breaks the VPN tunnel with the other modem, and the srx5308 has to be rebooted. I don't know what the problem is, but obviously that is not a solution.

Then I tried to use L2TP. I set that up, which is essentially just the DHCP part and the definition of handshake protocols. Then, when I try to set that up on my iPhone, I get a message that L2TP requires a "secret" (just like IPsec), but there is no way to enter one in the srx5308. So, no connection either.

So, how do I get this to work? How do I keep my VPN tunnel between the 2 netgear boxes humming, and also allow iphones and laptopd to connect?

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 1 of 4
JohnC_V
NETGEAR Moderator

Re: SRX5308 vpn for iphone, laptop

Hi bzness,

 

Welcome to the community!

 

For you to be able to have the SRX5308 and FVS318G connected is to use a box-to-box connection tunnel. Please follow the instructions here. For the Iphone / Ipad, we can only use the mode config, which is the one that you setup already. You may check the link here.

 

Regards,

Message 2 of 4
bzness
Aspirant

Re: SRX5308 vpn for iphone, laptop

Thanks, but that is not my question. I have played around with the settings a bit, and I have made some progress, but I am not thre yet.

 

I have a stable VPN between my 2 netgear routrs. Everything works fine there. I now need to allow users to VPN into the SRX5308 from various devices. The setup I am having trouble with is if users thther their laptops (Windows) to their iphones to get access (for example if they are in the field and have no other internet). After a lot of trial and errors, I have set up an ipsec connection that the ihones can connect to (When I open the VPN tunnel, the iphone asks for the password, and then shows "connected".) When I then DISCONNECT the iPhone and use my Windows laptop thethered to the iphone to use the same VPN connection, it also connects. I do have internet access then, and I can pink internal resources, but when I try to open a folder on those resources, I can see some, but not others. I typically see an error message that "the resource is not accessible, and that I might not have permission to use the resource". In some instances I can access the first 2 llayers of folders, but when I try to access a sub-folder from there, I get this message (after quite some time). I am using the Windows VPN client. Why would that happen?

Message 3 of 4
bzness
Aspirant

Re: SRX5308 vpn for iphone, laptop

Ok, after spending all day to get this working it gets ridiculous. Where can I find information? I have described my issues here, and nobody cares to respond. So, I started all over again. And again. And again. Multiple reboots. And this is where I am now:

 

I can connect my iphone. It says it is connected. So I believe it.

 

I then set it into Hotspot mode and connect my laptop. the laptop does connect to the iphone and I can surf the web.

 

But the laptop will not set up a VPN channel with the Router using the same settings I use for the iphone. Typcally, what I see in the log is this:

 

ERROR:  Failed to get matching proposal for <<ipaddress>>[28606].
Sun Jul 23 15:47:19 2017 (GMT -0600): [SRX5308] [IKE] ERROR:  No suitable proposal found for <<ipaddress>>[28606].
Sun Jul 23 15:47:19 2017 (GMT -0600): [SRX5308] [IKE] WARNING:  Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Sun Jul 23 15:47:19 2017 (GMT -0600): [SRX5308] [IKE] WARNING:  Rejected phase 1 proposal as Peer's dh_group "2048-bit MODP group" mismatched with Local "1024-bit MODP group".
Sun Jul 23 15:47:19 2017 (GMT -0600): [SRX5308] [IKE] WARNING:  Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Sun Jul 23 15:47:19 2017 (GMT -0600): [SRX5308] [IKE] WARNING:  Rejected phase 1 proposal as Peer's dh_group "2048-bit MODP group" mismatched with Local "1024-bit MODP group".

 

So, I guess that the iphone and my Windows laptop require non-compatible communications parameters. Unfortunately, I don't seem to be able to change the paramters in Windows. So, I seem to be stuck, unless there is a way to have multiple different IPSEC chanels on the router. How would I set that up, so that when I try to establish a tunnel with the iphone the router uses one set of policies, and when I try to use my laptop, it uses a different set of policies?

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 4 of 4
Discussion stats
  • 3 replies
  • 3814 views
  • 0 kudos
  • 2 in conversation
Announcements