1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Linksys BEFSX41 and VPN issue

Discussion in 'Networking Issues' started by vipko, Feb 6, 2007.

  1. vipko

    vipko LI Guru Member

    Hello all,

    I have BEFSX41 on one location, and second location is geting exacly same one (BEFSX41) and i need to make site-to-site VPN. Now what i need to see is is this possibile what i have in mind.

    So both locations are on DSL with dynamic IP but dyndns hostname is no problem. First of all is this working like this? In VPN settings of router were it says 'Remote Security Gateway' you can use IP or FQDN. If i choose FQDN and enter location1.dnyndns.org will it work? Second location is also on dynamic IP so on other location Remote Security Gateway should also be FQDN and location2.dndns.org. I guess it will but it does not hurt to ask.

    First location use 192.168.8.0/255.255.252.0 and second use 192.168.15.0/255.255.255.0 range. Routing between them is not problem ?

    Also what happens when dsl resets? How fast will it try to reconnect? DynDns will not refresh same second, will it keep trying till it connects? What about idile time? If there is no traffic on VPN will it drop or something? I saw also in Advanced option Keep-Alive, so i guess this is for it.

    Here is in simple terms:

    Location 1 > DSL (BEFSX41) ----(internet)---- DSL (BEFSX41) < Location 2
    192.168.8.0/22_________________VPN____________192.168.15.0/24

    Both locations have it's own DHCP, so it will not be a problem.


    So pls coment on this do you see problems with this? Posibly BEFSX41 cant support this kind of site-to-site VPN (i bought them exacly because of this purpose, but i want to hear real life expirience).

    Thx in advance!
     
  2. vipko

    vipko LI Guru Member

    So? Noone?
     
  3. pablito

    pablito Network Guru Member

    I have no experience with this router but see no reason why it shouldn't work. The key will be to use a good DNS and a good dynamic DNS with a short expire time. The big ISPs usually have sluggish DNS servers that may not notice a new IP right away. I use OpenDNS and get good results.
     
  4. d__l

    d__l Network Guru Member

    For the SX41, you will want to be using a stable firmware that also has stable VPN connections. Not all firmware versions have stable VPN connections and not every "stable version" seems to work properly for all users. You might have to find a version that works best on your connections. The three most stable versions are the current official version and these two very reliable oldies: http://www.dslreports.com/forum/remark,11329487

    Also only one end of your VPN tunnel can have its Remote Security Gateway set to FQDN if you are using dynamic IPs. The other must be set to be Any. Usually the main office is the Any end and the FQDN end is in a remote office that initiates ("calls in" to the main office) the tunnel. The PSK keeps just anyone from connecting to the Any end.

    Even though you won't be using FQDN on both ends for the Remote Security Gateway and thus wouldn't need an FQDN on the remote end, it is still good to have the remote end registered for an FQDN with a DDNS because if your tunnel should go down, then you can at least ping it from the main office site to know if the connection is up at the remote site. Sometimes when the tunnel drops, there can be a delay on the remote end's automatic rebuild of the tunnel. There is nothing you can do about this on the main office end to hurry it up other than calling someone at the remote end to manually reconnect the tunnel in the router.

    Some of the settings for the Any end can be found in this explanation by Flogator: http://pages.infinit.net/flogator/VPN_Instruction2.pdf Although it covers an SX41 to Sentinel tunnel, the settings still apply for the SX41 end.
     
  5. vipko

    vipko LI Guru Member

    Thx for replys. Next week testing :)
     

Share This Page