Help with getting VPN connection for Windows File Sharing between two DG834G routers

I am having a lot of difficulty in getting the vpn functionality
available on the Netgear DG834G to work as gateway-to-gateway.

I have two identical routers each with similar vpn and firewall rules
setup and the best I managed to achieve was for the vpn connection to
allow access to the other router from either location but never
managed to get file sharing to be accessible by use of "net use \\ip
address\sharename" from either end.

Even what I got to work is very intermittent and sometimes it does not
get established ok. I want to start from scratch again and see help
from anyone who has experience of getting this to work. Previously I
was making use of dynamic dns - now i decided to concentrate on using
fixed WAN ip.

Netgear support were not prepared to help for file sharing and said it
was outside their scope of support.

The setup is as follows

Location A subnet 192.168.0.0 has 1st DG834G and using a fixed WAN IP
address

Location B subnet 192.168.1.0 has 2nd DG834G and using a fixed WAN IP
address

Both routers are on latest UK firmware available which is V3.01.31.

The VPN is setup using Auto Policy.

Options:

Remote VPN Endpoint: Fixed IP address

Address Data xx.xx.xx.xx being the WAN IP address from the remote
location ISP

IKE Keep Alive Ping 192.168.1.1

Local Lan

Range IP Address 192.168.0.0 to 192.168.0.127

Remote Lan

Range IP Address 192.168.1.0 to 192.168.1.127

IKE

Direction: Initiator and Responder

Exchange Mode: Main Mode

Diffie-Hellman (DH) Group: Group 2 (1024 Bit)

Local Identity: WAN IP Address

Remote Identity Type: IP Address

Parameters

Enryption Algorithm: 3DES

Authentication Algorithm: SHA-1

Pre-Shared Key: xxxxxxxxxxxxxxxxxxx

SA LifeTime: 3600 seconds

Perfect Forward Security (PFS) : Enabled

The setup on the 2nd DG834G is identical - with subnets being the
other way round and approriate Remote VPN Endpoint Fixed IP address

For firewall Rules I was trying with UDP and TCP ports 50, 51 and 500,
501 and 1723, 1724. Allowing all outbound and for inbound giving the
local network IP Address of a NAS server at each location

The problem is probably in the firewall rules. I also tried the
Netgear built-in rules VPN-PPTP and VPN-L2TP and VPN-IPSEC but no
joy.

I also tried creating a manual vpn policy and that did not work
either.

Any help would be much appreciated

Simon

Re: Help with getting VPN connection for Windows File Sharing betweentwo DG834G routers

xxsajina@ajina.dircon.co.uk wrote:
> I am having a lot of difficulty in getting the vpn functionality
> available on the Netgear DG834G to work as gateway-to-gateway.
>
> I have two identical routers each with similar vpn and firewall rules
> setup and the best I managed to achieve was for the vpn connection to
> allow access to the other router from either location but never
> managed to get file sharing to be accessible by use of "net use \\ip
> address\sharename" from either end.
>
> Even what I got to work is very intermittent and sometimes it does not
> get established ok. I want to start from scratch again and see help
> from anyone who has experience of getting this to work. Previously I
> was making use of dynamic dns - now i decided to concentrate on using
> fixed WAN ip.
>
> Netgear support were not prepared to help for file sharing and said it
> was outside their scope of support.
>
> The setup is as follows
>
> Location A subnet 192.168.0.0 has 1st DG834G and using a fixed WAN IP
> address
>
> Location B subnet 192.168.1.0 has 2nd DG834G and using a fixed WAN IP
> address
>
> Both routers are on latest UK firmware available which is V3.01.31.
>
> The VPN is setup using Auto Policy.
>
> Options:
>
> Remote VPN Endpoint: Fixed IP address
>
> Address Data xx.xx.xx.xx being the WAN IP address from the remote
> location ISP
>
> IKE Keep Alive Ping 192.168.1.1
>
> Local Lan
>
> Range IP Address 192.168.0.0 to 192.168.0.127
>
> Remote Lan
>
> Range IP Address 192.168.1.0 to 192.168.1.127
>
> IKE
>
> Direction: Initiator and Responder
>
> Exchange Mode: Main Mode
>
> Diffie-Hellman (DH) Group: Group 2 (1024 Bit)
>
> Local Identity: WAN IP Address
>
> Remote Identity Type: IP Address
>
> Parameters
>
> Enryption Algorithm: 3DES
>
> Authentication Algorithm: SHA-1
>
> Pre-Shared Key: xxxxxxxxxxxxxxxxxxx
>
> SA LifeTime: 3600 seconds
>
> Perfect Forward Security (PFS) : Enabled
>
> The setup on the 2nd DG834G is identical - with subnets being the
> other way round and approriate Remote VPN Endpoint Fixed IP address
>
> For firewall Rules I was trying with UDP and TCP ports 50, 51 and 500,
> 501 and 1723, 1724. Allowing all outbound and for inbound giving the
> local network IP Address of a NAS server at each location
>
> The problem is probably in the firewall rules. I also tried the
> Netgear built-in rules VPN-PPTP and VPN-L2TP and VPN-IPSEC but no
> joy.
>
> I also tried creating a manual vpn policy and that did not work
> either.
>
> Any help would be much appreciated
>
> Simon
>

If you are trying to use "simple file sharing" (?) then you should not
be in a "domain". I just went through similar issues with a VPN.

Re: Help with getting VPN connection for Windows File Sharing between two DG834G routers

Rick

The userid's I would use for the net use command would be local to the
NAS and would either be a local PC userid or a domain ID - depending
on which PC i connect to the NAS from - either way the NAS would have
an identical userid so i should not need to worry about domain name.

I need to know what UDP and what TCP ports need to be open outwards
and inwards

regards

simon


On Apr 5, 3:38 pm, Rick Merrill
wrote:
>
> > Simon
>
> If you are trying to use "simple file sharing" (?) then you should not
> be in a "domain". I just went through similar issues with aVPN.- Hide quoted text -
>
> - Show quoted text -

Re: Help with getting VPN connection for Windows File Sharing betweentwo DG834G routers

xxsajina@ajina.dircon.co.uk wrote:
> Rick
>
> The userid's I would use for the net use command would be local to the
> NAS and would either be a local PC userid or a domain ID - depending
> on which PC i connect to the NAS from - either way the NAS would have
> an identical userid so i should not need to worry about domain name.
>
> I need to know what UDP and what TCP ports need to be open outwards
> and inwards
>
> regards
>
> simon
>
>
> On Apr 5, 3:38 pm, Rick Merrill
> wrote:
>>> Simon
>> If you are trying to use "simple file sharing" (?) then you should not
>> be in a "domain". I just went through similar issues with aVPN.- Hide quoted text -
>>
>> - Show quoted text -
>
>

AFAIK you do not need to open any additional ports at the client end
(your end) We use SonicWall 170 and the SW client and it required
no changes in ports at my end (using a linksys router with NAT and all
regular ports closed).