NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

VPN

28 Topics

FVS318v3 slow speeds as Router fast as Hub what settings can I change (internally on netgear)
My FVS 318 v3 is only 7 & 8 Mbps as a Router but it speeds up to (94 & 67 Mbps when modem cable is moved from WAN to a LAN port. what inside the Netgear is slowing down speed. No Port Fwrd, no Rules, no VPN, just basic AUTO setup.
itdept_2
Jul 29, 2025 Place Business Pro Routers
28Views
0likes
2Comments
VPN gateway to gateway SRX5308 IPsec SA Established but no traffic
I have 2 srx5308 last firmware upgrated. i I have two SRX5308 connected gateway to gateway, connect IPsec SA Established but do no traffic. One of them runs the trafficbut the arrive to lan destiantion, if i can tray to monitoring--> ping the result is filed and i can tray Tracerute--> filed I attacced the log: ONE the make traffic: Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194 ->195.100.200.194 with spi=235890753(0xe0f6841) Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.223.231.194->195.88.99.194 with spi=45451481(0x2b588d9) Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation: 195.88.99.194 [0]<=>195.223.231.194[0] Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: Configuration found for 195.223.231.194. Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: Configuration found for 195.223.231.194. Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 10.1.10.0/24<->10.2.10.0/24 Mon Oct 09 18:29:08 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=198068733(0xbce49fd). Mon Oct 09 18:29:08 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=162319720(0x9accd68). Mon Oct 09 18:29:08 2017 (GMT +0200): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'. Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194 ->195.100.200.194 with spi=162319720(0x9accd68) Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.223.231.194->195.88.99.194 with spi=198068733(0xbce49fd) Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation: 195.88.99.194 [0]<=>195.223.231.194[0] Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: Configuration found for 195.223.231.194. Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: Configuration found for 195.223.231.194. Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 10.1.10.0/24<->10.2.10.0/24 Mon Oct 09 18:29:02 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=31270826(0x1dd27aa). Mon Oct 09 18:29:02 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=128931250(0x7af55b2). Mon Oct 09 18:29:02 2017 (GMT +0200): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'. SECOND firewall no-traffic: Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194->195.88.99.194- with spi=45451481(0x2b588d9) Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194-->195.88.99.194 with spi=235890753(0xe0f6841) Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 10.2.10.0/24<->10.1.10.0/24 Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 195.88.99.194[0]<=>195.88.99.194-[0] Mon Oct 09 18:30:33 2017 (GMT +0200): [SRX5308] [IKE] INFO: Phase 2 sa deleted 195.88.99.194-195.88.99.194- Mon Oct 09 18:30:33 2017 (GMT +0200): [SRX5308] [IKE] INFO: Sending Informational Exchange: delete payload[] Mon Oct 09 18:30:33 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] Flushing SAs for peer "195.88.99.194-" with spi 198068733 Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194->195.88.99.194- with spi=198068733(0xbce49fd) Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194-->195.88.99.194 with spi=162319720(0x9accd68) Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 10.2.10.0/24<->10.1.10.0/24 Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 195.88.99.194[0]<=>195.88.99.194-[0] Mon Oct 09 18:30:28 2017 (GMT +0200): [SRX5308] [IKE] INFO: Phase 2 sa deleted 195.88.99.194-195.88.99.194- Mon Oct 09 18:30:28 2017 (GMT +0200): [SRX5308] [IKE] INFO: Sending Informational Exchange: delete payload[ Mon Oct 09 16:30:28 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] Flushing SAs for peer "195.88.99.194-" with spi 31270826 grazie mille
marcobravissimo
Oct 16, 2017 Place Business Pro Routers
2.3KViews
0likes
3Comments
Need help setting up site to site VPN. Nothing works.
I've gone through every tutorial I can find online along with following every bit of documentation and I still cannot get site to site VPN working between these two identical routers. Both sites have static IPs. Is anyone available to help me out? Thanks!
bigbagofthings
Sep 27, 2017 Place Business Pro Routers
1.4KViews
0likes
2Comments
FVS336Gv3 PPTP VPN for macOS Sierra
Hi Netgear community, One of our sites has a NETGEAR ProSafe™ Gigabit Dual WAN SSL VPN Firewall FVS336Gv3 which has PPTP Server enabled and setup with working users for Windows OS, there is 1 user that uses MAC OS. Since that 1 user upgraded their macOS to Sierra the option for PPTP has been removed (Apple reports the reason is for security). I have tried enabling SSLVPN in the firewall but have struggled to get that working. As a fallback, we are looking at 3rd party clients that can create the VPN using PPTP again. I've looked at some suggested clients (FlowVPN, VPN Tracker, user is trying TunnelBlick) but not getting very far. Ideally, we want a freeware that can do PPTP (unless there is a free SSLVPN option). Any suggestions or if you have got around this issue with macOS Sierra. Many thanks in advance.
sedcom_pm
Aug 24, 2017 Place Business Pro Routers
6.6KViews
0likes
10Comments
Is there a good explanation of vpn options?
I am working my way through setiing up a VPN tunnel, and I am a bit stymied by the whole process. Is there a good explanation somewhere how this all works on my netgear router? Let's take for example L2TP. When I try to set that up, there are IKE policies, VPN policies, User setups, there is a VPN Wizard, etc. Nowhere can I find an explanation what I need or what is necessary or where the pitfalls are. For example, I have to select FQDN but then have to enter 0.0.0.0? That doesn't make sense. How does this all fit together? What are the dependencies? For example, I have set up an L2TP user. So, if I connect with the right credentials, what is next? VPN pilicies? IKE policies? When I look at the VPN policies, I see that I can select an "Auto Policy", but then at the bottom I can (have to?) selct an IKE policy. What's more, I can select various parameters that seem to duplicate in the VPN policy and the IKE policy. I admit that it is probably my lack of understanding that gets me in trouble, and that is why I am asking if there is a good explanation of all these different options and how they all intract to get to a stable and efficient VPN connection. Appreciate any help.
bzness
Jul 30, 2017 Place Business Pro Routers
3KViews
0likes
2Comments
FVS336Gv3 - L2TP/IPsec on Windows 10
I have a Windows Server running RRAS with PPTP. The FVS forwards this with no problem. The problem is we now need to move to L2TP. I have created this on the Windows server, and from within the LAN, a client machine (my laptop) can connect directly to the server(using the internal server name). But as soon as I go outside the network it doesn't work (using external address). We do have a site to site IP SEC VPN running between this FVS and one in another site. I hope this isn't causing the problem?? I have forwarded UDP 500, 4500, 1701 and pretty much every other port in desperation. I have enabled L2TP Passthrough. I have made sure the external address is pingable. I have upgraded the firmware today to 4.3.4-1. Any suggestions greatfully welcome! thanks, Arron
Arronj
Jul 04, 2017 Place Business Pro Routers
7.1KViews
0likes
9Comments
How to choose best VPN services
Are you looking for Best VPN Service in This Year. Its very simple just go to link below http://www.top10sitesinfo.com/c/top-vpn
Smdshoaib
May 10, 2017 Place Business Pro Routers
3.3KViews
0likes
0Comments
Remote Client Full Tunnel VPN with SRX5308 and Shrew Soft - Some Websites Don't Load
Hi everyone, I've really been scratching my head on this one. Any help would be greatly appreciated. Remote users need to access remote servers through the office, which is whitelisted for access. Since the remote servers are dynamic IPs (AWS), I'm trying to send all remote traffic through the office while we investiage better solutions. SSL VPN is not an option due to compatibility issues with modern browsers and OSes. I have configured an IPSEC VPN for remote users. It connects, but only some websites load. Others will time out. DNS does not seem to be the issue, as a ping will resolve the IP (and some sites load). I thought it might be related to fragmentation, but my tests (ping with different packet sizes) indicate the MTU should be 1500. Shrew Soft Client --VPN--> Office --Whitelist--> Remote Servers Info VPN policy Local IP: Any Shrew Soft Client: Policy - Obtain Topology Automatically or Tunnel All Testing/Troubleshooting Mode Config Connects, but local traffic only. IP Ranges of Servers I backtracked the ranges the servers could use, but it was the same results as tunneling all (page times out) Netgear VPN client Internet traffic didn't flow when I tried to set the range for the entire Internet (if I remember correctly). L2TP (MSCHAPv2) with built-in Windows 10 client PSK, but blank Computers that have previously been on the internal network behind the SRX5308 will connect. Computers that have not been on the internal network behind the SRX5308 get an error "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." Error 789 in event logs Certifcate Did some research, but it seemed complicated. Will likely research further. I know I'm close, since some websites do load when connected. I'm leaning towards it still being a fragmentation/MTU issue, but I can only change that in Shrew Soft with using Mode Config. I have not tested changing the MTU on the SRX5308 yet. This is the first time I've attempted a full tunnel this way. I'm open to any suggestions for getting this working, except for PPTP due to security concerns and SSL due to compatibility. Thanks in advance!
Solved
MattMS
May 01, 2017 Place Business Pro Routers
3KViews
0likes
2Comments
FVS318N csr signed by Openssl intermediate CA not accepted
Hello all, I have a FVS318N router, frmware 4.3.4-2. I have generated a certificate signing request (CSR) from the firewall (SHA-1 + RSA2048). I have issued certificates: using openssl and my Intermediate CA certificate & PK. The firewal refuses to load this certificate. using openssl and an Root CA certificate. The firewal accepts this certificate. In both cases: no extended key usage SHA1 + RSA2048 both the Root and Intermediate CAs certificates are loaded as trusted CAs in the firewall both the Root and Intermediate CAs certificates are SHA1 + RSA2048 Questions: Are Intermediate CAs issued certificates supported the Netgear CSR? If yes, any tips? The certificate I have uploaded is used now for the administration interface, which is unwanted. I would want to add an IPSEC only certificate which does not interfere with the SSL certificate. What keyUsage/Extended key usage to add or exclude? The documentation refers to IPSEC VPN extKeyUsage (EKU). AFAIK the IPSEC specific EKUs have been deprecated long ago and should no longe be used. The IPSEC VPN OIDs are not mentioned in the Netgear doc, does anyone know what do they mean? Is there any way to grab more information (ie: logs) of what happens inside for certificate management? The firewall has a serial port and I still have a PC with a serail port on. Can it be told to log anything usefull there (or elsewhere)?
rtr
Feb 26, 2017 Place Business Pro Routers
5.3KViews
0likes
7Comments
Fritz Box 7490 to SRX5308 - VLAN over VPN
Hi, I hope you can help me. I've got a business network with an SRX5308, and home office with an AVM Fritz Box 7490. On the business side, I've got VLAN Default 10.0.0.0/24 VLAN 72 192.68.72.0/24 other VLANS of no interest VPN to another branch office SRX5308 as 192.168.55.0/24 Now ideally, I'm trying to access the default VLAN, VLAN 72 and the VPN to the 55 network from my Box at home. I've managed to get the Fritzbox to connect to the SRX (only took about a day playing with their stupid settings) but can't for example access the 72 VLAN. The setting used on the Fritzbox (from their manual) is set as accesslist = "permit ip any 10.0.0.0 255.255.255.0", "permit ip any 192.168.72.0 255.255.255.0"; Now, on the SRX I can only specify one local network in the VPN policy - how to I tell the SRX to allow access to the VLANs or VPNs? Any help would be greatly appreciated. Thanks
Solved
externaluse
Jan 26, 2017 Place Business Pro Routers
8.8KViews
0likes
12Comments