10-11-2021 12:58 PM
Hello there,
We have changed our office router / firewall for an RV340, and we need to enable VPN connections for mobile clients with Windows / Mac / Android / iOS.
We believe that VPN Client to Site is the best option but the truth is that it is impossible for me to successfully configure this VPN Server for all clients.
We have read and rehearsed several recommendations that exist in the community, perhaps something changed because I see all the conversions of the year 2018, 2019, and 2020.
Is there a real step-by-step manual updated for Firmware 1.0.03.22?
Rodny-
Solved! Go to Solution.
10-13-2021 01:29 PM
Hi
Firstly dont add any explicit/manual firewall-acl/etc rules of your own for VPN or otherwise....delete any existing rules and keep it to default state
Secondly, hopefully the discussions (and points/info mentioned ) in the below links will help you in solving your requirements in someways. Please kindly go thru the discussions
Misc-Important-Info:
Next, for Client-to-Site VPN-Servers sample configs on RV34X/RV160x/RV260x routers, you may kindly please refer to the attached documents
Note: For IKEv2 vpn-client connections using EAP, you will need to configure a Radius-server in the lan-side of the RV-routers (the relevant config documents attached mention the same for your reference)
Hope this is of some help
best wishes and regards
10-16-2021 12:44 AM - edited 10-16-2021 12:59 AM
Hi
1. Windows10 supports:
a) IKEv2-only IPsec Native Client (native meaning built-in on windows10)
- this is a pure IKEv2-Ipsec client
- there is NO support for pure "Native IKEv1-based IPsec client"
- Certificate-only and EAP-based (EAP-Mschapv2) based authentications are supported
b) L2TP-with-IPsec client
- the ipsec component of this tunnel is IKEv1-based-only (there is NO IKEv2 support for the L2TP-with-IPsec client)
- the ipsec tunnel protects the inside L2TP-tunnel
- the L2TP-tunnel authentication requires username-passwd acct, and here PAP and CHAP is supported
- For Chap-user-auth, you will require to offload the authentication to a "Radius-server" in the lan-network of RV34X (and this you will configure in "user-accounts" section
- In case you dont have a Radius-server in your lan-network, then you can use ONLY PAP user-authentication. This wont require any other changes on the L2TP-server config on RV340, BUT you will need to change/select ONLY PAP for user-auth ON THE WINDOWS10 L2TP-CLIENT PROFILE SETTINGS
Additional Note: By default the L2TP-IPsec client on windows uses
IKEv1 Phase1: 3DES-SHA1-MODP1024
ESP-Phas2: 3DES-SHA1 (NO-PFS)
- so configure accordingly on the RV340 l2tp-server
Refer to the sample config doc in below link:
10-11-2021 01:38 PM - edited 10-11-2021 01:39 PM
I do not believe anything changed : ( do you seeing any issue ?)
this video help to start :
https://www.youtube.com/watch?v=2OcCuCWBCoE
10-13-2021 09:59 AM
Maybe I'm not doing things right, but hey ... here I comment on what I'm trying to do.
1. Configure a VPN Server Client-to-Site on the RV340 to allow connections on Windows PCs, Mac, Android and iOS
2. This is the configuration I am trying on the RV340 and the MacBook, and the error message I received on the Mac and Windows client.
It seems like some firewall rule is missing to allow the VPN or is everything wrong?
NOTE: I am not using a VPN client, I am trying to use macOS skills to establish the VPN
10-13-2021 01:29 PM
Hi
Firstly dont add any explicit/manual firewall-acl/etc rules of your own for VPN or otherwise....delete any existing rules and keep it to default state
Secondly, hopefully the discussions (and points/info mentioned ) in the below links will help you in solving your requirements in someways. Please kindly go thru the discussions
Misc-Important-Info:
Next, for Client-to-Site VPN-Servers sample configs on RV34X/RV160x/RV260x routers, you may kindly please refer to the attached documents
Note: For IKEv2 vpn-client connections using EAP, you will need to configure a Radius-server in the lan-side of the RV-routers (the relevant config documents attached mention the same for your reference)
Hope this is of some help
best wishes and regards
10-15-2021 02:44 PM
Nagrajk1969,
I have finished the configuration to Apple OS and iOS, and now the I need to setup the same example but to Windows 10.
I make the configuration on the Router RV340 using L2TP but this not work on Windows 10 to me.
Rodny-
10-16-2021 12:44 AM - edited 10-16-2021 12:59 AM
Hi
1. Windows10 supports:
a) IKEv2-only IPsec Native Client (native meaning built-in on windows10)
- this is a pure IKEv2-Ipsec client
- there is NO support for pure "Native IKEv1-based IPsec client"
- Certificate-only and EAP-based (EAP-Mschapv2) based authentications are supported
b) L2TP-with-IPsec client
- the ipsec component of this tunnel is IKEv1-based-only (there is NO IKEv2 support for the L2TP-with-IPsec client)
- the ipsec tunnel protects the inside L2TP-tunnel
- the L2TP-tunnel authentication requires username-passwd acct, and here PAP and CHAP is supported
- For Chap-user-auth, you will require to offload the authentication to a "Radius-server" in the lan-network of RV34X (and this you will configure in "user-accounts" section
- In case you dont have a Radius-server in your lan-network, then you can use ONLY PAP user-authentication. This wont require any other changes on the L2TP-server config on RV340, BUT you will need to change/select ONLY PAP for user-auth ON THE WINDOWS10 L2TP-CLIENT PROFILE SETTINGS
Additional Note: By default the L2TP-IPsec client on windows uses
IKEv1 Phase1: 3DES-SHA1-MODP1024
ESP-Phas2: 3DES-SHA1 (NO-PFS)
- so configure accordingly on the RV340 l2tp-server
Refer to the sample config doc in below link:
10-17-2021 11:09 AM - edited 10-17-2021 11:41 AM
DONE.
Perfect, better impossible
Thanks you…
Rodny-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide