VPN's and KR1

pverzoni · EVDO Newbie Joined: 30 Mar 2006 Posts: 10

Has anyone had any success in IPSEC VPN's with KR1's? I have tried:

1) Using software VPN on the PC's connected to the KR1 (NETSCREEN REMOTE), while the tunnel works (i.e. VPN gets created OK), no packets seem to return to destination.

2) Tried putting a Netscreen firewall/vpn between the KR1 and PC's, same issue.

I put the IP of the firewall or laptop in DMZ, so all traffic should go through. Also have VPN passthrough enabled.

Card is V620 from Sprint. It works fine (VPN) when connected to the laptop directly.

Peter

pverzoni · EVDO Newbie Joined: 30 Mar 2006 Posts: 10

Oh well, looks like a full day of working on getting KR1 to work with VPN's hasnt been fruitful.

Called Kyocera/Dlink support but they claim that it should work, however it does not. Spent the remaining day on the phone with Juniper support, escalated several levels but no luck.

Having same issue as post at http://www.evdoforums.com/viewtopic.php?t=1914&highlight=vpn where VPN connection is successful but cannot access anything on the remote network via VPN.

I doubt we'll get this resolved - does anyone know if there is any alternative to KR1?

pverzoni · EVDO Newbie Joined: 30 Mar 2006 Posts: 10

Well here's an update - not all that great.

I was able to get a Netscreen hardware firewall working between the KR1 and LAN and VPN's worked. With this configuration the VPN tunnels are initiated at the Netscreen firewall.

So this made me think, since the VPN's worked using a hardware firewall then there should be no reason they shouldnt work if the vendor is same when connected directly to the KR1

Now in my original testing, the hosts behind the KR1 were connected to the KR1 using WIFI connection. So just for the kicks I decided to connect a laptop directly to a port of the KR1 and bang it worked. VPN's worked just fine.

So who knows why, but VPN's only work when you use a physical port on the KR1, not the wireless interface.

So my workaround is to use an Access Point connected to the physical port of the KR1 and then disable the WIFI on the KR1.

What is disturbing is Kyocera / Dlink support. They basically responded saying that if a VPN doesnt work then they dont support it. I would understand this logic if VPN's wouldnt work on neither the wireless or the wired interfaces. This clearly looks like a bug to me but they seem to fail to acknowledge this.

Anyway if anyone has any suggestions please let me know.

Peter

<< RESPONSE FROM DLINK/KYOCERA >>

Hello,I spoke with the Account Manager for the KR1,and basically we can only support propietary VPNs to a point,after that if it still does not connect,there is not much we can do unfortunately,from our conversations it appears the packets are being appended with a header that the router will not acknowledge.

Chappp · EVDO Newbie Joined: 24 Feb 2006 Posts: 3

This is an MTU problem , you have to put the MTU of your computer at 1325 and all will be fine.

Tell me !

pverzoni · EVDO Newbie Joined: 30 Mar 2006 Posts: 10

I fail to understand how this would be an issue for the wireless ports only though? I will try it and post an update.

I know how to change on a PC, but not on OSX? How do you change the mtu on OSX?

bccinc · EVDO Newbie Joined: 15 Apr 2006 Posts: 1

Here is a link that should help:

10.3: MTU fixes for Ethernet and Airport connections
http://www.macosxhints.com/article.php?story=20031116054614609

Try it out and let us know how it worked out. Thanks.

nativgod · EVDO Newbie Joined: 22 May 2006 Posts: 3

Enable TCP over IPSec port 10000. I have done so on both my Cisco 3002 VPN Hardware Client and Cisco VPN software and successfully connected and passing data.