VPN setup on 7800DX (2.32e) using L2TP/IPSec

[Pete B]

Hi
I've been working on setting up a VPN (as the title suggests) with some success but a lot of uncertainty about the correct process. There's information available in general, such as here...

viewtopic.php?f=18&t=1875&p=6240

... but essentially this covers a situation where a user wishes to access their system inbound from a remote location via a VPN, I wish to do the opposite ie. from my LAN -> 7800DX (setup for L2TP/IPSec) -> WAN (via my remote 'homemade' OpenVPN server). This as you probably have already guessed, is primarily to help thwart geolocation by websites.
I have setup my remote OpenVPN server and locked it down. I have generated certificates (CA/server/client) using RSA but my understanding is more lacking from here on in...

1.Do I have to setup up each client on my LAN with a new VPN connection and associated certificates, then setup the 7800DX VPN for L2TP/IPSec, in which case, is that as in the forum link by billion_fan I posted above ?, or ... (and this would be seriously )

2. Can I setup VPN on the 7800DX only, so that any client on my LAN will simply be tunnelled to my remote OpenVPN server as the end/entrypoint to the WAN ?. ie. No individual LAN client needs to be setup. Maybe I'm really 'pie in the sky' with this, showing a lack of understanding and already expecting too much from a great SOHO router

In either case I really would appreciate some info / pointers in the right direction with this project.

thanks, Pete B.

[billion_fan]

Hi
I've been working on setting up a VPN (as the title suggests) with some success but a lot of uncertainty about the correct process. There's information available in general, such as here...

viewtopic.php?f=18&t=1875&p=6240

... but essentially this covers a situation where a user wishes to access their system inbound from a remote location via a VPN, I wish to do the opposite ie. from my LAN -> 7800DX (setup for L2TP/IPSec) -> WAN (via my remote 'homemade' OpenVPN server). This as you probably have already guessed, is primarily to help thwart geolocation by websites.
I have setup my remote OpenVPN server and locked it down. I have generated certificates (CA/server/client) using RSA but my understanding is more lacking from here on in...

1.Do I have to setup up each client on my LAN with a new VPN connection and associated certificates, then setup the 7800DX VPN for L2TP/IPSec, in which case, is that as in the forum link by billion_fan I posted above ?, or ... (and this would be seriously )

2. Can I setup VPN on the 7800DX only, so that any client on my LAN will simply be tunnelled to my remote OpenVPN server as the end/entrypoint to the WAN ?. ie. No individual LAN client needs to be setup. Maybe I'm really 'pie in the sky' with this, showing a lack of understanding and already expecting too much from a great SOHO router

In either case I really would appreciate some info / pointers in the right direction with this project.

thanks, Pete B.

I would setup up a simple PPTP connection between the two (Billion >>VPN Server), attached is guide on how to do so (the reason I won't suggest L2TP over IPsec, there might be some compatibility issues, and hence the tunnel won't connect)

[Pete B]

Hi billion_fan, thanks for the suggestions, it made a good starting point for the experiment. I have been working with various configurations of the Openvpn server and setup the PPTP connection in the 7800DX. Sadly it never connects but I'm not surprised. This is not really an appropriate place to discuss Openvpn but suffice to say it does, at the very least, require the client (in this case the 7800DX) to verify the server's certificate which means being able to store the server cerificate on the 7800DX. I don't think this is possible ? The only certificate storage I can find is for TR-069 operation which is not relevant here. Seems to me the only way to go with Openvpn is to use their client software on each LAN client device and have the 'tunnel' pass through the 7800DX unless you have a better idea. It's been a useful learning curve though.

So with that in mind, is there any special setup work that needs to be done to allow PPTP or L2TP/IPsec passthrough on the 7800DX ?

thanks & best regards, Pete B.

[billion_fan]

Hi billion_fan, thanks for the suggestions, it made a good starting point for the experiment. I have been working with various configurations of the Openvpn server and setup the PPTP connection in the 7800DX. Sadly it never connects but I'm not surprised. This is not really an appropriate place to discuss Openvpn but suffice to say it does, at the very least, require the client (in this case the 7800DX) to verify the server's certificate which means being able to store the server cerificate on the 7800DX. I don't think this is possible ? The only certificate storage I can find is for TR-069 operation which is not relevant here. Seems to me the only way to go with Openvpn is to use their client software on each LAN client device and have the 'tunnel' pass through the 7800DX unless you have a better idea. It's been a useful learning curve though.

So with that in mind, is there any special setup work that needs to be done to allow PPTP or L2TP/IPsec passthrough on the 7800DX ?

thanks & best regards, Pete B.

PPTP or L2TP over IPsec pass through should be fine (setup on each client to pass through the Billion)

[Pete B]

PPTP or L2TP over IPsec pass through should be fine (setup on each client to pass through the Billion)

... that's in Virtual Servers, yes ? ie. port forwarding

[billion_fan]

PPTP or L2TP over IPsec pass through should be fine (setup on each client to pass through the Billion)

... that's in Virtual Servers, yes ? ie. port forwarding

Virtual servers/port forwarding is only needed if you are hosting the VPN server behind the 7800DX.

[Pete B]

Ok, that's understood. Many thanks for your time and effort with support. It's been genuinely appreciated.

best regards

[maurello]

See this post too: viewtopic.php?f=20&t=11733&p=25847&hilit=VPN#p25847
I didn't succeed with any of the VPN providers. Now I am trying with NordVPN since they have a very dedicated customer support highly experienced. We tried to make IPSec over L2TP and even OpenVPN. Nothing.

Specifically OpenVPN would require a TLS certificate to be loaded, but this is not possible. L2TP for some reason does not accept the handshake. According to all VPN providers Billion software is kind of outdated and does not support modern methods (with modern meaning less than 5 years old...)

Any solution or answer from Billion?

[billion_fan]

See this post too: viewtopic.php?f=20&t=11733&p=25847&hilit=VPN#p25847
I didn't succeed with any of the VPN providers. Now I am trying with NordVPN since they have a very dedicated customer support highly experienced. We tried to make IPSec over L2TP and even OpenVPN. Nothing.

Specifically OpenVPN would require a TLS certificate to be loaded, but this is not possible. L2TP for some reason does not accept the handshake. According to all VPN providers Billion software is kind of outdated and does not support modern methods (with modern meaning less than 5 years old...)

Any solution or answer from Billion?

Use PPTP for now, PPTP should work with most VPN providers.