• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Connection to a Netgear FVS318 v2.4

Scheduled Pinned Locked Moved IPsec
5 Posts 3 Posters 4.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mspeener
    last edited by May 14, 2008, 3:04 PM May 13, 2008, 4:03 PM

    I've had a bear of a time with this and just can't get it going.

    Netgear Config Options:

    Connection Name
    Local IPSec Identifier - Set to Local WAN IP 71.x.x.x
    Remote IPSec Identifier - Set to Remote WAN IP 209.x.x.x
    Tunnel can be accessed from - Set to Local LAN Subnet
    Tunnel can access - Set to remote LAN subnet
    Remote WAN IP or FQDN - Set to Remote WAN IP
    Secure Association - Main (can be Manual or Aggressive)
    Perfect Forward Secrecy - Enabled
    Encryption Protocol - 3DES
    PreShared Key - XXXXXXXXXXXX
    Key Life - 28800 seconds
    IKE Life Time - 86400 seconds

    After going thru the VPN wizards it suggests these settings:
    Secure Association Main Mode
    Authentication Method: Pre-shared Key
    Encryption Protocol: 3DES
    Authentication Protocol: SHA-1
    Key Life: 8 hours
    IKE Life Time: 24 hours
    NETBIOS: Enabled

    PFSense Settings:

    Interface - WAN
    Local Subnet - LAN
    Remote Subnet - Remote LAN Subnet
    Remote Gateway - Remote WAN IP 71.x.x.x
    Negotiation Mode - Main
    My Identifier - My IP Address
    Encryption algorithm - 3DES
    Hash algorithm - SHA1
    DH Key Group - 2
    Lifetime - 86400
    Authentication method - Pre-Shared Key
    Pre-Shared Key - XXXXXXXXXXX

    Phase 2
    Protocol - ESP
    Encryption algorithms - 3DES
    Hash algorithms - SHA1
    PFS key group - Off
    Lifetime - 28800

    I get the error "racoon: INFO: unsupported PF_KEY message REGISTER". Searches say that this means something doesn't match but I can't tell what. The settings above are the current settings and don't reflect the hours I've spent switching things around.

    Help! Please!

    1 Reply Last reply Reply Quote 0
    • D
      dusan
      last edited by May 14, 2008, 4:47 AM

      Try to turn off PFS (perfect forward secrecy) on both sides. Don't turn it on until your VPN works without it. PFS may cause interoperability problem in some configurations.

      1 Reply Last reply Reply Quote 0
      • M
        mspeener
        last edited by May 14, 2008, 3:21 PM

        I've turned PFS on and off, tried aggressive and main modes, tried md5 and sha1. I'm not sure what to try next.

        I was hoping someone had some experience with this Netgear.

        1 Reply Last reply Reply Quote 0
        • C
          covex
          last edited by May 20, 2008, 4:25 AM

          i have about 10 of fvs318v3 with fw 3.0_26 connected to the pfsense box…
          im using main mode with 3dec/md5

          1 Reply Last reply Reply Quote 0
          • M
            mspeener
            last edited by May 20, 2008, 4:59 PM

            I got it to work finally.

            I think I got caught thinking the tunnel would create automatically rather than waiting until a request was made on it. Some pings to the remote network forced it up and it worked fine.

            Thanks to all for their help.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received