IPSec VPN - Testing ?

Strata700
Posts: 36
Joined: Sat May 14, 2011 12:37 pm
Location: Home

IPSec VPN - Testing ?

Postby Strata700 » Sun Jul 28, 2013 7:03 am

I have as far as I can tell done everything I should to make my HDA accessible from outside my home BUT as I am not strong on networking I have some additional questions I hope someone will help me with. So far I have made the following assumptions and done the following activities to set my self up.

Assumptions:

a)Although I made my HDA home network a dot net (.net) I still use 'Nickname'.'hda-hostname'.COM as the entry for the IPsec Server Address. I shouldn't have to use .net ?

b) Having port forwarded 500 and 4500 on my DG3500 router I don't have to play with the router's VPN settings which are not configured (Deliberately to keep things simple).
As an aside that setup expects a minimum 8 Character security setup and the code provided has a shorter length

c)The use of my Galaxy S3 Phone (with WIFI off so I am not on my home network) to attempt connection should work as in theory I will be coming at the HDA from GPRS i.e. a network that belongs to my phone service provider with different IP's

What's been done :

1) Port forwarding as 2 separate rules for Ports 500 and 4500 - both UDP
2) Purchase and install of IPsec VPN and check that server is running in the HDA
3) Configured the phone as per 'Android' instructions and checked my phone's OS which is 4.1.2 - higher than the minimum required.
4) Checked inside the .conf file of the HDA (racoon.conf) that the settings agree with the wiki instructions regarding the NAME and the KEY 'text' required in psk.txt matches.

Question(s)

q1) The connection attempts take 10 to 15 seconds before failure so does this mean its close but no cigar ?? or is that no use whatsoever.
q2) Is there any way I can monitor or see a log of any sort to help in connection diagnosis?

q3) Before I changed from Fedora 14 to Ubuntu (This week) you could use your self test facility for 'open VPN) which for me was invaluable to verify your setup before leaving home. Is there any such similar tool I can self implement or to be really annoying as I know your swamped !! Do you have any plans in that direction for IPsec VPN - If that's a stupid question because its not feasible - sorry in advance.

User avatar
sgtfoo
Posts: 419
Joined: Sun Jul 18, 2010 8:27 pm

Re: IPSec VPN - Testing ?

Postby sgtfoo » Tue Jul 30, 2013 10:18 am

May need to wait until after Amahi 7 release before we respond about the latest having to do with VPN and Amahi.

I remember when I ran F14 with Amahi 6, VPN was more or less fine via OpenVPN. IPSec is usually easy to do once the app is in an networking is setup right. Maybe start by double-checking network settings.

q1) no use whatsoever unless you check out the connection logs on both client and server

q2) maybe:
https://supportforums.cisco.com/communi ... nd-logging
SgtFoo
HDA: VM inside oVirt FX-8300 95w (2 cores for HDA), 32GB RAM (2GB for HDA)
My PC: FX-8300, 16GB RAM, 3x 1TB HDDs, Radeon HD6970 2GB video; Win10 Pro x64
Other: PC, Asus 1215n (LXLE), Debian openZFS server (3x(2x2tb) mirrors)
Modem&Network: Thomson DCM475; Asus RT-AC66U; HP 1800-24G switch

Strata700
Posts: 36
Joined: Sat May 14, 2011 12:37 pm
Location: Home

Re: IPSec VPN - Testing ?

Postby Strata700 » Tue Jul 30, 2013 12:02 pm

I appreciate your response and thanks.

I will persevere with checking network settings and logging if feasible particularly in relation to the android phone I am using. I will check out the link (thanks) and will report back if I have any useful or informative info from these activities.

User avatar
cpg
Administrator
Posts: 2597
Joined: Wed Dec 03, 2008 7:40 am
Contact:

Re: IPSec VPN - Testing ?

Postby cpg » Wed Jul 31, 2013 3:45 am

Hi, I think you are doing things right.

a) using the nickname (with .com) is the proper way. .com vs .net inside is irrelevant. could use an IP as well

b) forwarding 500/4500 udp is correct. no need to mess with vpn settings and the code we shortened so that there is some chance it can be remembered. just make sure the inside IP being forwarded to is correct for your HDA.

c) correct. i assume your g4 carrier and your home isp are not somehow blocking the vpn ports (not sure, but i think this is rare)

q1) timeout is a sign that there is no actual connection attemp
q2) in linux, check /var/log/syslog. you can tail -f /var/log/syslog while the connection attempt is going on. if you see messages related to the vpn, it's trying to connect and the issue is somewhere else

it could be that the VPN server (racoon) is not running. i think should restart it (as root): service racoon restart

q3) yeah, we're busy. this VPN tester is a bit more complex, but perhaps we will implement it some day
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1

Strata700
Posts: 36
Joined: Sat May 14, 2011 12:37 pm
Location: Home

Re: IPSec VPN - Testing ?

Postby Strata700 » Wed Jul 31, 2013 4:17 am

Hi, and thanks very much for the additional responses to my questions , its much appreciated. I have more to explore now and will do so and let you know if anything comes up which provides useful info for feeback.

Might event walk out and try a laptop with Windows client at a relatives place to give me further options If I cant get the android phone to connect ! :)

Who is online

Users browsing this forum: No registered users and 1 guest