How to configure VPN access & DDNS Client update Rt ver

All about firmwares for routers. Support for RouterTech firmwares is here too.
Post Reply
AlterEgo
Novice
Novice
Posts: 17
Joined: Thu Sep 25, 2008 6:56 pm

How to configure VPN access & DDNS Client update Rt ver

Post by AlterEgo » Tue Sep 30, 2008 10:32 am

Hello Gurus,

I have successfully flashed Router Tech Fimrware ver 2.6 onto my Aztech DSL600EU which is mainly running successfully except a few undiscovered options.

I would appreciate if any of yu can guide as how to configure the following scenarios with this firmware :

1. I have enabled the DDNS client function to get my hostname/IP updated everytime the modem diconnects/reconnects with a new dynaic WAN IP. However is there a way to define its frequecny of updates (day/week/every change in IP). Reason being that I have recieved a message from DynDNS.org that my account has been abused with the same IP address updated frequently and as a result they have blocked the account for the while. What should be the remedy to it. Does the firmware continually sends the update to DynDNS.org even if it is continually connected with the same internet IP address?

2. How to configure the VPN traffic pass thruogh for my VPN (IPsec/L2TP/PPTP) connections originating from a number of connected LAN clients inside my home network. I am confused about the general structure of the LAN Client configuration in the "Advanced" menu. Reason being that I have enabled the DHCP server on the Aztech DSL600EU, therefore it can assign any address to the connecting PCs/Laptops in my LAN. In such condition how does the "IP Filters" option work? Do i have to go an define for each IP address of my LAN which rules to apply? This cannot be estimated since I can have numerous dynamic clients connected at one time which can have varying IP address. There is also an entry for the word "ANY" in the IP Address drop down box. I have tried applying some filters for the "ANY" address but in vain.

In the linksys/other firmwares it is simply a radio button option to enable/disable IPsec/L2TP/PPTP traffic without any reference to the LAN connecting IP addresses. How do I enable this in Router Tech Fimrware ver 2.6.

I have also tried enabling the given rules for a particular IP address by moving the rules from the "Avaiable" to "Applied" section, but seems like they have no effect. Since i tried connecting to my office VPN and it did not work.

Can someone please guide how to acheieve these given scenarios (1&2) in Router Tech Fimrware ver 2.6

Thanks in advance for replying
Regards,
Myself.
User avatar
SyBorg
Ex RouterTech Team
Ex RouterTech Team
Posts: 1621
Joined: Mon Apr 17, 2006 4:09 pm
Location: Berkshire
Contact:

Re: How to configure VPN access & DDNS Client update Rt

Post by SyBorg » Tue Sep 30, 2008 12:43 pm

AlterEgo wrote:1. I have enabled the DDNS client function to get my hostname/IP updated everytime the modem diconnects/reconnects with a new dynaic WAN IP. However is there a way to define its frequecny of updates (day/week/every change in IP). Reason being that I have recieved a message from DynDNS.org that my account has been abused with the same IP address updated frequently and as a result they have blocked the account for the while. What should be the remedy to it. Does the firmware continually sends the update to DynDNS.org even if it is continually connected with the same internet IP address?
The update only happens when the DSL sync is established. Have you been rebooting often? Is your line unstable?
If you get given the same IP address by your ISP then it will still send the same address to DynDNS. I guess you're sure your not on a static address from the ISP?
AlterEgo wrote: 2. How to configure the VPN traffic pass thruogh for my VPN (IPsec/L2TP/PPTP) connections originating from a number of connected LAN clients inside my home network. I am confused about the general structure of the LAN Client configuration in the "Advanced" menu. Reason being that I have enabled the DHCP server on the Aztech DSL600EU, therefore it can assign any address to the connecting PCs/Laptops in my LAN. In such condition how does the "IP Filters" option work? Do i have to go an define for each IP address of my LAN which rules to apply? This cannot be estimated since I can have numerous dynamic clients connected at one time which can have varying IP address. There is also an entry for the word "ANY" in the IP Address drop down box. I have tried applying some filters for the "ANY" address but in vain.

In the linksys/other firmwares it is simply a radio button option to enable/disable IPsec/L2TP/PPTP traffic without any reference to the LAN connecting IP addresses. How do I enable this in Router Tech Fimrware ver 2.6....
How many LAN addresses do you use? Maybe it's worth reserving the addresses in 'LAN Clients' so you don't need to set it up more than once. You do need to specify the rule by destination LAN address. This caused me some confusion at some stage as well.

On one of my previous routers I needed to specify the port forwarding manually for the relevant protocols/ports for VPN. I guess if you know what you are doing you could make the same changes in the iptables(?)

EDIT: I looked for my old post on this issue and found a link to the following post viewtopic.php?p=27561#27561 It was the reminder that you need to reserve the addresses for port forwarding to persist through a change in IP address or a bounce of the line.
We learn something every day, and lots of times it’s that what we learned the day before was wrong.
—Bill Vaughan
AlterEgo
Novice
Novice
Posts: 17
Joined: Thu Sep 25, 2008 6:56 pm

Post by AlterEgo » Thu Oct 02, 2008 10:33 am

The update problem was occurring because I had the router sending the update data as well I had a windows Dyndns.org client installed on my PC which was sending the same data more than once. So i figured it out and rectified by removing the Windows PC client.

The LAN Client IP settings by defining each and every client and setting rules for each one of them however does not fancy my appreciation. Its a rather crude and troublesome way of settings VPN access for a number of LAN client which may get varying IP addresses depending on the number of how many clients are connected which can range between 20 -30 at my site.

Similarly to my limited understanding the port forwarding is a separate thing than allowing VPN traffic to pass thru (although it is also setting certain ports to be open for access). I was hoping for a rather simple and intuitive way for setting VPN access and then limiting only the clients for which any blockage is required.

Guess I would set the modem in bridge mode only and do rest of the settings on the connected Linksys Wireless router in PPoE.

Anyways thanks for your response.

Thanks
giacobbi
Newbie
Newbie
Posts: 8
Joined: Sat Aug 02, 2008 6:12 am

Post by giacobbi » Thu Oct 02, 2008 8:48 pm

The LAN Client IP settings by defining each and every client and setting rules for each one of them however does not fancy my appreciation. Its a rather crude and troublesome way of settings VPN access for a number of LAN client which may get varying IP addresses depending on the number of how many clients are connected which can range between 20 -30 at my site.

Similarly to my limited understanding the port forwarding is a separate thing than allowing VPN traffic to pass thru (although it is also setting certain ports to be open for access). I was hoping for a rather simple and intuitive way for setting VPN access and then limiting only the clients for which any blockage is required
Usually I don't use PC LAN clients but I use firewall-to-firewall IPSEC VPNs.
I set DMZ and port forwarding of IPSEC traffic to my firewall WAN address and everything works fine (my router is a D-LINK 320T with RT 2.60; my firewall are Clavister).

Sometimes I use a D-LINK 320T with RT 2.60 directly connected to my LAN PCs (that is to say your case; the only difference is that I always use static IP addresses on my PCs).
In this case I use SSH Sentinel as VPN client to connect to my remote firewall; I don't need any port forwarding because IPSEC session is originated by clients and everything works fine (with NAT and Firewall enabled on my router).


VPN pass-thru has nothing to do with port forwarding but simply permits the NATting of IPSEC packets without corrupting them.
Post Reply