Troubleshoot Identifier issues with DIR-330



  • I'm hoping for some help in debugging a VPN connection to life!

    I'm running pfSense 1.2.2 (Jan 8, 2009 build)

    I have been able to successfully establish a site-to-site IPsec tunnel between PFsense and a DIR-330.  However, the site I'm deploying the unit to may have a dynamic IP and I'd like to figure out how to make identifiers work properly.

    I can get the tunnel to come up if I specify the PSK on pfSense (static IP) using the remote IP address. BUT, when I try to use an identifier value on the D-Link, and likewise configure it on pfSense it almost seems like the DIR-330 isn't sending through proper identifier information that pfSense can identify.

    Going back and forth with D-Link they have sent the following through to me on their undocumented "identifier" options:

    The identifier is used to refer to a particular VPN connection. If you were setting up a point to point VPN with some VPN Servers, then they would be able to refer to the VPN by this identifier. This identifier could be used to determine the rights/privileges that VPN has on the network. The identifer will usually use a 4 octet form, an example would be 8db04f81. The identifiers are not D-Link proprietary settings, they will be available in most VPN client and servers. We do not have any documentation available for the identifier useage,as the DIR-130 will act as a client type connection to a VPN Server (such as Windows 2008, or other advanced VPN applications).

    I'd like to know if there is a way to set the remote identifier, and then chech racoon logging from the CLI to see what identifier information it is actually receiving.  That way I could just steal that garbage identifier and set it up for use.

    The only other workaround they have offered is to use a DDNS name for the remote IP but that requires the use of dyndns or their dlinkddns servive.  AFAIK this requires an upgrade to 1.2.3 (beta?) and is more of a hassle than it's worth..


Log in to reply