Avatar billede datamatikeren Nybegynder
01. oktober 2003 - 08:25 Der er 12 kommentarer og
1 løsning

VPN server

Jeg har en Linksys BEFSX41 router, og vil gerne have en anden router, som den kan oprette en VPN forbindelse sammen med. Kan BEFVP41 bruges til dette??
Avatar billede mandrake666 Nybegynder
01. oktober 2003 - 08:26 #1
Ja, du kan også brugen endnu en BEFSX41 router.
Avatar billede datamatikeren Nybegynder
01. oktober 2003 - 08:34 #2
Mener jeg har fået fortalt at BEFSX41 kun indeholder Klienten. Passer det ikke så??
Avatar billede mandrake666 Nybegynder
01. oktober 2003 - 08:39 #3
Både og, i materialet står der at den kun har klient delen, men jeg har personligt sat 2 BEFSX41'ere op med VPN imellem, uden problemer.
Avatar billede datamatikeren Nybegynder
01. oktober 2003 - 08:41 #4
OK. Er det nemt at gå til??
Avatar billede mandrake666 Nybegynder
01. oktober 2003 - 08:46 #5
Jeps, du følger bare vejledningen, der følger med, og husk at de skal have samme Firmware level, samt samme Preshared key.
Avatar billede datamatikeren Nybegynder
03. oktober 2003 - 07:41 #6
Nu har jeg købt sx41´eren, så må vi lige se om det virker.
Avatar billede datamatikeren Nybegynder
06. oktober 2003 - 17:31 #7
Jeg kan ikke helt få det til at spille.
Min opsætning er:

Local Secure Group
Server:ip range 192.168.1.1~255 Klient: ip range 192.168.2.1~255

Rmt. Secure Group
Server: ANY  Klient: HOST

Rmt Security Gateway
Server: ANY  Klient: Ip addr.  (ip fra IIS på server)

Enc.
Server: 3DES Klient: 3DES

Aut.
Server: MD5  Klient: MD5

Fejl:
2003-10-06 17:21:38 IKE[1] Tx >> MM_I1 : 80.199.XXX.220 Error !

Hvad er det jeg gør forkert?
Avatar billede datamatikeren Nybegynder
08. oktober 2003 - 07:59 #8
Jeg vil sætte stor pris på hvis der er en der vil hjælpe med opsætningen. Det haster nemlig lidt.
(sætter pointene lidt op)
Avatar billede datamatikeren Nybegynder
11. oktober 2003 - 15:25 #9
Er der virkelig ikke nogen der kan hjælpe`??
Avatar billede datamatikeren Nybegynder
11. oktober 2003 - 15:27 #10
Får dog ikke en fejl mere, men en meddelelse:
IKE[1] Tx >> MM_I1 : 80.199.xxx.220 SA
Og så sker der ikke mere...
Avatar billede verbatim12 Nybegynder
06. januar 2004 - 16:22 #11
uden at være helt stiv i det...så er IKE mm godkendelses typer...(certifikater, nøgler osv), kan du ikke bruge en mindre sikker godkendelses metode. ihvertfald til det virker, så leg agefter...
Avatar billede mandrake666 Nybegynder
07. januar 2004 - 11:29 #12
Kan du evt. lave et screen dump af opsætningen, og lægge ud.

Hvis du tillader det så kan vi aftale at jeg får adgang, til din router, og kigger på opsætningen, hvorefter du bare ændrer password.
Avatar billede mandrake666 Nybegynder
07. januar 2004 - 11:33 #13
Her kommer lidt oplysninger fra LINKSYS

Q U E S T I O N

How do I set up a secure VPN tunnel connection between two BEFSX41 routers on two different Internet connections at two different locations?




A N S W E R

The BEFSX41 can support up to two (2) simultaneous secure IPSec VPN (Virtual Private Network) tunnel connections.



Before you begin:

The two BEFSX41’s must be set up to operate on different LAN IP address subnets.  For example, BEFSX41 #1 can be assigned 192.168.1.1

BEFSX41 #2 can be assigned 192.168.2.1

For more information on changing the LAN IP address, see article KB10934598



Depending on your configuration settings, you might also need to know the public WAN/Internet IP addresses that both BEFSX41’s have been assigned by the Internet Service Provider on both connections.  For example,

BEFSX41 #1 can have a public IP address of 633.558.929.145

BEFSX41 #2 can have a public IP address of 298.665.279.99

Note:  The IP addresses used here are not valid and are for an example only.  Do not use them for your actual setup.

For more information on obtaining your public WAN/Internet IP address, see article KB10934599.



This article assumes that a VPN Tunnel will be established using two BEFSX41s with the settings and configuration above.  However, the BEFSX41 can also be configured to connect with another VPN router, a VPN server, or even with VPN Client software that supports the IPSec protocol.  Contact the manufacturer of the other hardware or software for more information.



To configure the BEFSX41s:

1.      Open a web browser and type in the IP address of the router into the browser address bar (for example, 192.168.1.1 for BEFSX41 #1, or 192.168.2.1 for BEFSX41 #2).



2.      When the username and password prompt appears, skip the username field and type admin for the password (admin is the default password). Click OK or press the [Enter] key to load the router’s “Setup” page.  If you have changed the router password, use it to access the router’s “Setup” page when this prompt appears.

3.      Once in the router “Setup” page, click onto the VPN tab.

4.      First, select the tunnel you want to configure (Tunnel 1 or Tunnel 2) from the “Select Tunnel Entry” drop down box.  The screen will change according to your selection.

5.      Select the option to Enable in the “This Tunnel” field to enable the tunnel. 

6.      Enter a unique name into the “Tunnel Name” field to name the tunnel.

7.      You can now configure the settings to establish the VPN connection for the selected Tunnel.





Local Secure Group:  the computers on the local network that can access the tunnel.

You can choose one of three (3) options:

·        Subnet – The default option.  If used, all computers on the local subnet will be able to access the tunnel.  For example, a subnet of 192.168.1.0 will allow all computers with IP addresses similar to 192.168.1.xxx to access the tunnel, where xxx is a number greater than 1.

·        IP Address - If used, only the local computer with the specified IP address will be able to access the tunnel.  For example, an IP address entry of 192.168.1.5 will allow only the computer that has the IP address of 192.168.1.5 assigned to it to have access.

·        IP Range - If used, only the local computers within the specified IP address range will be able to access the tunnel.  For example, if the range of 192.168.1. 3 ~ 5 is entered, only the computers that have the IP addresses of 192.168.1.3, 192.168.1.4 and 192.168.1.5 assigned to them will have access to the tunnel.




Remote Secure Group:  the computers on the remote network or on the other end of the tunnel that can access the tunnel.

You can choose one of five (5) options:

·        Subnet – The default option.  If selected, all computers on the remote subnet will be able to access the tunnel.  For example, a subnet of 192.168.2.0 will allow all computers with IP addresses similar to 192.168.2.xxx to access the tunnel, where xxx is a number greater than 1.

·        IP Address - If selected, only the remote computer with the specified IP address will be able to access the tunnel.  For example, an IP address entry of 192.168.2.5 will allow only the computer that has the IP address of 192.168.2.5 assigned to it to have access.

IP Range - If selected, only the remote computers within the specified IP address range will be able to access the tunnel.  For example, if the range of 192.168.2. 5 ~ 7 is entered, only the computers that have the IP addresses of 192.168.2.5, 192.168.2.6 and 192.168.2.6 assigned to them on the other end of the VPN tunnel will have access.
Host – If selected, the Remote Secure Group is set to match the Remote Security Gateway option (explained below).
Any – If selected, the Remote Secure Group option will accept a connection from Any IP address.  This option is useful if the remote BEFSX41 on the other end of the VPN has an Internet Service Provider that assigns dynamic IP addresses, like many Cable or PPPoE DSL providers.


Remote Security Gateway:  the WAN/Internet IP address of the remote or other BEFSX41.

You can choose one of three (3) options:

·        IP Address – If selected, you must enter the public IP address assigned by the Internet Service Provider of the other BEFSX41 on the other end of the tunnel.  This can be a static non-changing address, or a dynamic address that changes.  For more information on obtaining your public WAN/Internet IP address, see article KB10934599

FQDN – Fully Qualified Domain Name.  If selected, you must enter the host name and domain name of the BEFSX41 connection on the other end of the VPN tunnel.  If used, the DNS entry for the domain name must resolve to the public IP address of the remote BEFSX41.  For example, myname.mybefsx41vpn.com.  With our example, using BEFSX41 #1, myname.mybefsx41vpn.com should resolve to 298.665.279.99, which is BEFSX41 #2’s public IP address.
Any - If selected, the Remote Security Gateway e Group option will allow the BEFSX41 to accept a connection from Any IP address.  This option is useful if the remote BEFSX41 on the other end of the VPN has an Internet Service Provider that assigns dynamic IP addresses, like many Cable or PPPoE DSL providers.










Example configuration: 

BEFSX41 #1:

Local LAN IP address: 192.168.1.1

Public WAN/Internet IP address:  633.558.929.145

Local Secure Group:  (subnet) 192.168.1.0

Remote Secure Group:  (subnet) 192.168.2.0

Remote Security Gateway:  (IP Address) 298.665.279.99

All computers on the local network with IP addresses 192.168.1.x, and all remote computers with IP address 192.168.2.x will have access to the tunnel.  BEFSX41 #2 is specified by its direct IP address (Remote Security Gateway).



BEFSX41 #2:

Local LAN IP address: 192.168.2.1

Public WAN/Internet IP address:  298.665.279.99

Local Secure Group:  (IP Address) 192.168.2.7

Remote Secure Group:  (Any)

Remote Security Gateway:  (Any).

Only the computer on the local network with IP address of 192.168.2.7 will have access to the tunnel.  Will accept any incoming BEFSX41 that knows the public IP address of 298.665.279.99, like BEFSX41 #1.





To make the VPN tunnel more secure, you can configure encryption and authentication settings.  If you do not want to configure these settings, make sure Encryption and Authentication are both set to Disable and skip to Step 8.  The following explains how to set up encryption and authentication with the VPN tunnel:





Encryption:  a way to secure the connection using unique encryption keys.

You can choose one of three (3) options:

DES – Data Encryption Standard, uses a 56-bit secret key.
3DES – Triple Data Encryption Standard, extends regular DES encryption to 112 or 168-bits.  This encryption requires multiple passes to and from each end of the tunnel to encrypt the tunnel, and therefore requires more time, but it is much more secure.
Disable – completely disables the encryption for the VPN tunnel.
Note:  The encryption method on both sides of the VPN tunnel must be the same for the tunnel to be established.



Authentication: another way to secure the tunnel by verifying the identity of the incoming connection to the BEFSX41.

You can choose one of three (3) options:

MD5 – MD5 authentication takes an input message and outputs a 128-bit “fingerprint” (or Message Digest) based on the message.  The fingerprint cannot be reproduced to form the original message.  Similar to a digital signature.
SHA – Secure Hash Algorithm.  Similar to MD5 authentication, but rather produces a 160-bit fingerprint signature of an incoming message.  It is more secure than MD5, but slightly slower.
Disable - completely disables any authentication for the VPN tunnel.
Note:  The authentication method on both sides of the VPN tunnel must be the same for the tunnel to be established.



Key Management:  A way to manage keys when encryption or authentication is enabled, so that the routers on both ends of the VPN tunnel can agree on the methods used.

You can choose one of two (2) options:

Auto. (IKE) – IKE: Internet Key Exchange.  If selected, encryption keys are automatically generated based on a Pre-Shared Key.  You must fill in these options:

·        PFS – Perfect Forward Secrecy.  Check this box to make sure that key exchanges made by both BEFSX41s are secure.

·        Pre-Shared Key – enter in a unique combination of numbers and letters (24 characters maximum is the limit) as your key.  No spaces or special characters (?!@#&, etc) are allowed.

·        Key Lifetime – number of seconds that you want the Pre-Shared Key to be active.  Leave this option blank for the key to be alive permanently.

Note:  If using Automatic key management, the Pre-Shared Key used must be the SAME on both BEFSX41s on both sides of the VPN tunnel.



Example configuration (Automatic key management):

BEFSX41 #1: 

PFS: (checked)

Pre-Shared Key: specialkey123

Key Lifetime: 1440 Sec.



BEFSX41 #2: 

PFS: (checked)

Pre-Shared Key: specialkey123

Key Lifetime: 1440 Sec.





Manual - If selected, encryption keys are manually generated with values you enter.  You must fill in these options:

·        Encryption KEY – The encryption key to be used.  Must be a unique combination of numbers and letters (24 characters maximum is the limit).  No spaces or special characters (?!@#&, etc) are allowed.

·        Authentication KEY - The authentication key to be used.  Must be a unique combination of numbers and letters (20 characters maximum is the limit).  No spaces or special characters (?!@#&, etc) are allowed.

·        Inbound SPI – A number that matches the Outbound SPI number on the other BEFSX41.  Must be a number from 0-9.

·        Outbound SPI – A number that matches the Inbound SPI number on the other BEFSX41.  Must be a number from 0-9.

Inbound and Outbound SPI numbers are swapped on both BEFSX41s on each end of the VPN  tunnel.  SPI: Stateful Packet Inspection.



Note:  If using Manual key management, the Encryption KEY and Authentication KEY must be the SAME on both BEFSX41s on both sides of the VPN tunnel.



Example configuration (Manual key management):

BEFSX41 #1: 

Encryption KEY:  trewq0987poiuy

Authentication KEY:  zxcvb6543gfdsa

Inbound SPI:  123456789

Outbound SPI:  9876543213



BEFSX41 #2:

Encryption KEY:  trewq0987poiuy

Authentication KEY:  zxcvb6543gfdsa

Inbound SPI:  987654321

Outbound SPI:  123456789







8.      Once all the settings have been entered, press the Apply button at the bottom of the page to save changes.



Establishing the VPN Tunnel:

9.      Once both BEFSX41’s have been configured, you can then click the Connect button to establish the VPN tunnel.

10. If the settings on both routers are correct, the VPN tunnel will be established between the two BEFSX41s.  You will see the word Connected next to the Status option if the link is made.  If you see Disconnected instead, be sure to check the settings on both BEFSX41s as well as their physical connections to the Internet.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester