Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connection to a Netgear FVS318 v2.4

    Scheduled Pinned Locked Moved IPsec
    5 Posts 3 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mspeener
      last edited by

      I've had a bear of a time with this and just can't get it going.

      Netgear Config Options:

      Connection Name
      Local IPSec Identifier - Set to Local WAN IP 71.x.x.x
      Remote IPSec Identifier - Set to Remote WAN IP 209.x.x.x
      Tunnel can be accessed from - Set to Local LAN Subnet
      Tunnel can access - Set to remote LAN subnet
      Remote WAN IP or FQDN - Set to Remote WAN IP
      Secure Association - Main (can be Manual or Aggressive)
      Perfect Forward Secrecy - Enabled
      Encryption Protocol - 3DES
      PreShared Key - XXXXXXXXXXXX
      Key Life - 28800 seconds
      IKE Life Time - 86400 seconds

      After going thru the VPN wizards it suggests these settings:
      Secure Association Main Mode
      Authentication Method: Pre-shared Key
      Encryption Protocol: 3DES
      Authentication Protocol: SHA-1
      Key Life: 8 hours
      IKE Life Time: 24 hours
      NETBIOS: Enabled

      PFSense Settings:

      Interface - WAN
      Local Subnet - LAN
      Remote Subnet - Remote LAN Subnet
      Remote Gateway - Remote WAN IP 71.x.x.x
      Negotiation Mode - Main
      My Identifier - My IP Address
      Encryption algorithm - 3DES
      Hash algorithm - SHA1
      DH Key Group - 2
      Lifetime - 86400
      Authentication method - Pre-Shared Key
      Pre-Shared Key - XXXXXXXXXXX

      Phase 2
      Protocol - ESP
      Encryption algorithms - 3DES
      Hash algorithms - SHA1
      PFS key group - Off
      Lifetime - 28800

      I get the error "racoon: INFO: unsupported PF_KEY message REGISTER". Searches say that this means something doesn't match but I can't tell what. The settings above are the current settings and don't reflect the hours I've spent switching things around.

      Help! Please!

      1 Reply Last reply Reply Quote 0
      • D Offline
        dusan
        last edited by

        Try to turn off PFS (perfect forward secrecy) on both sides. Don't turn it on until your VPN works without it. PFS may cause interoperability problem in some configurations.

        1 Reply Last reply Reply Quote 0
        • M Offline
          mspeener
          last edited by

          I've turned PFS on and off, tried aggressive and main modes, tried md5 and sha1. I'm not sure what to try next.

          I was hoping someone had some experience with this Netgear.

          1 Reply Last reply Reply Quote 0
          • C Offline
            covex
            last edited by

            i have about 10 of fvs318v3 with fw 3.0_26 connected to the pfsense box…
            im using main mode with 3dec/md5

            1 Reply Last reply Reply Quote 0
            • M Offline
              mspeener
              last edited by

              I got it to work finally.

              I think I got caught thinking the tunnel would create automatically rather than waiting until a request was made on it. Some pings to the remote network forced it up and it worked fine.

              Thanks to all for their help.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.