Vpn troubleshooting, General troubleshooting – D-Link DFL-2500 User Manual

•

An int_net object which is the internal network from which the addresses come.

•

An ip_int object which is the internal IP address of the interface connected to the internal
network. let's assume this interface is int.

•

An ip_ext object which is the external public address which clients will connect to (let's
assume this is on the ext interface).

2.

Define a PPTP/L2TP object (let's call it pptp_tunnel) with the following parameters:

•

Set Inner IP Address to ip_net.

•

Set Tunnel Protocol to PPTP.

•

Set Outer Interface Filter to ext.

•

Set Outer server IP to ip_ext.

•

For Microsoft Point-to-Point Encryption it is recommended to disable all options except
128 bit encryption.

•

Set IP Pool to pptp_pool

•

Enable Proxy ARP on the int interface.

•

As in L2TP, enable the insertion of new routes automatically into the main routing table.

3.

Define a User Authentication Rule, this is almost identical to L2TP:

Agent

Auth Source

Src Network

Interface

Client Source IP

PPP

Local

all-nets

pptp_tunnel

all-nets (0.0.0.0/0)

4.

Now set up the IP rules in the IP rule set:

Action

Src Interface

Src Network

Dest Interface

Dest Network

Service

Allow

pptp_tunnel

pptp_pool

any

int_net

All

NAT

pptp_tunnel

pptp_pool

ext

all-nets

All

As described for L2TP, the NAT rule lets the clients access the public Internet via the D-Link
Firewall.

5.

Set up the client. For Windows XP, the procedure is exactly as described for L2TP above but
without entering the pre-shared key.

9.2.7. VPN Troubleshooting

General Troubleshooting

In all types of VPNs some basic troubleshooting checks can be made:

•

Check that all IP addresses have been specified correctly.

•

Check that all pre-shared keys and usernames/passwords are correctly entered.

9.2.7. VPN Troubleshooting

Chapter 9. VPN

237