Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting up IPsec VPN pfsense to dsr dlink-1000 router

    Scheduled Pinned Locked Moved IPsec
    32 Posts 5 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gap @kiokoman
      last edited by

      @kiokoman Hi sir I think I just need to open port 500 because I dont do NAT traversal and this port 4500 is for NAT traversal right?

      1 Reply Last reply Reply Quote 0
      • G
        Gap @kiokoman
        last edited by

        @kiokoman right now I'm getting this logs from pfsense

        09[NET] <10> received packet: from 125.5.78.227[500] to 125.5.78.228[500] (508 bytes)
        

        Jul 29 10:08:23 charon 09[ENC] <10> parsed IKE_SA_INIT request 0 [ SA KE No V ]

        Jul 29 10:08:23 charon 09[CFG] <10> looking for an IKEv2 config for 125.5.78.228...125.5.78.227
        Jul 29 10:08:23 charon 09[CFG] <10> candidate: 125.5.78.228...125.5.78.227, prio 3100
        Jul 29 10:08:23 charon 09[CFG] <10> found matching ike config: 125.5.78.228...125.5.78.227 with prio 3100
        Jul 29 10:08:23 charon 09[ENC] <10> received unknown vendor ID: af:ca:d7:13:68:a1:f1:c9:6b:86:96:fc:77:57:01:00
        Jul 29 10:08:23 charon 09[IKE] <10> 125.5.78.227 is initiating an IKE_SA
        Jul 29 10:08:23 charon 09[IKE] <10> IKE_SA (unnamed)[10] state change: CREATED => CONNECTING
        Jul 29 10:08:23 charon 09[CFG] <10> selecting proposal:
        Jul 29 10:08:23 charon 09[CFG] <10> proposal matches
        Jul 29 10:08:23 charon 09[CFG] <10> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_3072
        Jul 29 10:08:23 charon 09[CFG] <10> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_3072
        Jul 29 10:08:23 charon 09[CFG] <10> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_3072
        Jul 29 10:08:23 charon 09[ENC] <10> generating IKE_SA_INIT response 0 [ SA KE No N(MULT_AUTH) ]
        Jul 29 10:08:23 charon 09[NET] <10> sending packet: from 125.5.78.228[500] to 125.5.78.227[500] (512 bytes)

        1 Reply Last reply Reply Quote 0
        • G
          Gap @Derelict
          last edited by

          @Derelict @kiokoman

          I'm having hard time opening the port 500 for this dsr- dlink 1000 router

          but I think this is how to open it.

          749b3d44-0094-4366-a163-f1d886e137e2-image.png

          1 Reply Last reply Reply Quote 0
          • kiokomanK
            kiokoman LAYER 8
            last edited by kiokoman

            no, you opened port from 1 to 500 for outgoing and from 1 to 4500 for incoming

            i don't known the dlink but you probably need 2 rules

            udp
            Outgoing
            start port 500
            to 500

            Incoming
            start port 500
            to 500

            another rules with

            udp
            outgoing
            start port 4500
            to 4500
            incoming
            start port 4500
            to 4500

            check if you have the latest firmware for the dlink

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            G 2 Replies Last reply Reply Quote 0
            • G
              Gap @kiokoman
              last edited by

              @kiokoman I already done that but it didnt help that's why i go crazy wait hang on lemme change it. and for the firmware its already up to date sadly :(

              1 Reply Last reply Reply Quote 0
              • kiokomanK
                kiokoman LAYER 8
                last edited by kiokoman

                2.13 ?
                https://tsd.dlink.com.tw/downloads2008.asp

                ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                Please do not use chat/PM to ask for help
                we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                G 1 Reply Last reply Reply Quote 0
                • G
                  Gap @kiokoman
                  last edited by

                  @kiokoman 4e6bf705-883a-4faa-9db6-549223e95f46-image.png

                  nope.
                  52677666-cad0-4e0e-8d8a-589b58a440c2-image.png

                  1 Reply Last reply Reply Quote 0
                  • G
                    Gap @kiokoman
                    last edited by

                    @kiokoman oh no it appears that I can upgrade the firmware up to 3.14

                    1 Reply Last reply Reply Quote 0
                    • kiokomanK
                      kiokoman LAYER 8
                      last edited by

                      ok but i think the rules are on the wrong interface, it shoul be WAN not LAN

                      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                      Please do not use chat/PM to ask for help
                      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                      G 1 Reply Last reply Reply Quote 0
                      • G
                        Gap @kiokoman
                        last edited by

                        @kiokoman yes I agree on that but my only options are LAN and DMZ. damn this DSR is really a pain in the ass.

                        1 Reply Last reply Reply Quote 0
                        • G
                          Gap
                          last edited by

                          aedb4906-0132-4b8d-b321-cc71149837be-image.png

                          1 Reply Last reply Reply Quote 0
                          • kiokomanK
                            kiokoman LAYER 8
                            last edited by

                            i've read the manual and saw some video on youtube, it seems that there is no need to open the port
                            https://eu.dlink.com/uk/en/support/faq/routers/wireless-routers/dsr-series/uk_dsr_how_to_setup_vpn_ipsec_between_dsr_series
                            https://www.youtube.com/watch?v=fppUQfmtNt8

                            what i would suggest at this point is to upgrade the firmware, completely reset /hard reset the router and start over

                            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                            Please do not use chat/PM to ask for help
                            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                            G 1 Reply Last reply Reply Quote 0
                            • G
                              Gap @kiokoman
                              last edited by

                              @kiokoman thank you so much! I've upgraded the router to the latest version. I will try to factory default this and start over.

                              1 Reply Last reply Reply Quote 0
                              • DerelictD
                                Derelict LAYER 8 Netgate
                                last edited by

                                And probably about time to ask on the D-Link forums instead of here.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.