cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor III

VPN client

Jump to solution

Hi Support,

I am using a NetVanta 3430 box and I need to establish a VPN between the NetVanta box and the remote users who would be running VPN client software on their machines to remotely connect to the office, I have two questions:

1---  I have gone through the VPN setup wizard and it was straight forward, i selected "Mobile worker" during the setup with "any ID" and domain as "www.minerva-me.com", i also selected a pre shared key. would i be able to use standard windows 7 VPN client to access my VPN?

2--- If windows VPN client doesn't work, what other VPN client software i can use?

3--- How many VPN connections are supported on this particular box?

Regards,

Ovais

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Highlighted
Contributor III
Contributor III

Re: VPN client

Jump to solution

The Windows VPN client uses PPTP or L2TP.  You will need a VPN client.  The easiest VPN client would be Adtran's VPN client.  You can download the config for each user straight from the router.  That one will cost you some money.  An alternative that works well is Shew Soft VPN  (https://www.shrew.net/download).  It works well and comes in two versions (standard and pro).  Standard is free and should meet your needs.  The professional version has some additional features that you can probably live without.

Adtran does not officially support it, but they do provide a good document on how to configure it to  work with the NetVanta routers  (https://supportforums.adtran.com/docs/DOC-2268).

I use it every day.  It works well. 

View solution in original post

6 Replies
Highlighted
Contributor III
Contributor III

Re: VPN client

Jump to solution

The Windows VPN client uses PPTP or L2TP.  You will need a VPN client.  The easiest VPN client would be Adtran's VPN client.  You can download the config for each user straight from the router.  That one will cost you some money.  An alternative that works well is Shew Soft VPN  (https://www.shrew.net/download).  It works well and comes in two versions (standard and pro).  Standard is free and should meet your needs.  The professional version has some additional features that you can probably live without.

Adtran does not officially support it, but they do provide a good document on how to configure it to  work with the NetVanta routers  (https://supportforums.adtran.com/docs/DOC-2268).

I use it every day.  It works well. 

View solution in original post

Highlighted
New Contributor III

Re: VPN client

Jump to solution

Hello vmaxdawg05,

Thank you very much for your reply and suggestion, i have downloaded the tool and will test it soon.

Highlighted
New Contributor III

Re: VPN client

Jump to solution

Hello vmaxdawg05,

Coming back to the same topic after a long time

I have downloaded and configured Shrewsoft version 2.2.2 as per the instruction in the document that you provided. When i run the VPN client while I am connected to my office WLAN its works and i can see in my Netvanta 3430 box a VPN peer is connected (that's like a local connection test, 3430 is installed in the office). When I try to connect the VPN from my home WLAN I receive this "Negotiation timeout occurred" error and then it terminates the tunnel. I am not able to figure what could be the cause of it. Could you suggest something please. 

Highlighted
Contributor III
Contributor III

Re: VPN client

Jump to solution

It would be difficult to say without seeing some of the configuration.  Usually a timeout means that you are not accessing the right public address, or something is between the client and the 3430.  Your router at home may be blocking the VPN traffic.  Some routers require VPN pass-through be enabled.  That is usually for PPTP/L2TP though. If you have ssh access to your 3430, you can debug your ip crypto ike negotiation while you are trying connect.  If you seen nothing happening, then something is blocking the client from getting to the 3430.  Otherwise, the debug output should shed some light on what's going on.  The fact that it works internally, means something is preventing your client from reaching your 3430 from the outside.

I'm happy to help troubleshoot if you need outside eyes.

R\

Highlighted
New Contributor III

Re: VPN client

Jump to solution

Hi,

Thanks for the prompt response, I logged in remotely to the 3430 firewall and checked the event logs while I was trying to connect VPN from home and received these messages:

2014.04.29 23:50:00 FIREWALL id=firewall time="2014-04-29 23:50:00" fw=Minerva pri=6 rule=4 proto=http src=192.168.11.3 dst=192.168.11.2 msg="Service access request successful Src 4566 Dst 80 from Private policy-class on interface eth 0/1.1" agent=AdFirewall

2014.04.29 23:50:02 FIREWALL id=firewall time="2014-04-29 23:50:02" fw=Minerva pri=1 proto=58565/tcp src=192.185.225.59 dst=94.200.185.214 msg="TCP connection request received is invalid (expected SYN, got ACK), dropping packet; flags=0x11 Src 25 Dst 58565 from Public policy-class on interface eth 0/2" agent=AdFirewall

2014.04.29 23:50:19 FIREWALL id=firewall time="2014-04-29 23:50:19" fw=Minerva pri=6 rule=4 proto=http src=192.168.11.3 dst=192.168.11.2 msg="Connection closed.Bytes transferred : 554 Src 4619 Dst 80 from Private policy-class on interface eth 0/1.1" agent=AdFirewall

Thanks,

Ovais

+971508710692

Highlighted
Contributor
Contributor

Re: VPN client

Jump to solution

Hi Ovals,

These log entries don't help.  You need to run a crypto debug session on the Netvanta (enable and then 'debug crypto ike') while you are trying to connect with the VPN client.  When you finish the session, run 'undebug all' to stop it.  The debug messages should explain what is the problem.  You can obfuscate IP addresses and other details and post here the salient points.

Also the shrew client has a configurable debug function, so that you can capture a log of the client side:

Shrew Soft VPN Client Administrators Guide

In most cases, a connection doesn't work because of some problem with the configuration, like there is mismatch between gateway and client transforms, or peer ID, etc.

Hope this helps,

Mick