Comware

Hey folks,

I've been trying to do this for a while and I haven't been able to do it, all the information that I find on the Internet is about sites to sites vpn, and I don't want that, I just want to give access to some users to my local LAN through a VPN connection...

It's for a client and they are starting to push me, I need to solve this quickly, I need some help...

Thanks...

I have the same problem, Have you maybe found a solution ? In manual are only site-to-site examples.

I have got 2 examples with L2TP over IpSec with Ms Windows client and INode client. I am trying with Microsoft but I cannot make it running, still getting errors in log: ike packet droped: no payload choosen from proposal ......

regards

I would appriaciate any help

Karol

Hei guys.

I have the same problem. Went and asked a friend that works at HP and he told me this:

- There is a very long and painful process of getting the Windows VPN client to work with the IPSec VPN from HP MRS routers. The problem is, as always, with Microsoft's implementation of IPSec VPN. Too Cisco like...

So the problem has been solved using Shrew VPN Client. I got it working after a couple of hours.

Used the steps described in H3C user manual (from H3C website) for configuring Client IPSec VPN.

One hint: the DHCP does not work with Shrew VPN Client so you must configure each client with it's own static IP address (IP, Mask, Gateway and DNS). This can be done in the Shrew VPN virtual adapter configuration.

I also got some info that HP is working on a VPN client of their own (just like Cisco and Juniper). Not sure when this will be available and if it will be free but until then Shrew does the job.

Regards,

Alex

Hi Alex

Thanks for your nice post, gives some hope :)

I also have tried with Shrew VPN ( I use it as my basic VPN client) but had a problem with this dhcp, tried with static but without success.

Could you send a examplary configuration on the and router shrew client side ?

Regards

Karol

---

Hi :)

 

 

Thanks for sharing this method.

I tried using Shrew VPN and manage to get a connection tunnel with static IP address. However I am unable to ping or access any network equipments in my office.

I have a default route of 0.0.0.0 0.0.0.0 to try and route everything however I am still unable to access any internal office device given the static IP I have given my shrew VPN client.

i have also tried dhcp over ipsec, however upon connecting there are errors stating unable to get the source of dhcp

Please advise :)

Alex,

Do you have a link to the H3C Client IPSEC VPN configuration procedure document?

Thanks,

Kelly

Hi Alex

Could You send a link to this document ?

I have documents about L2TP over IpSec, do you have something else ?

Could you send example configuration ?

thanks

Karol

Hi, thanks a lot

I have downloaded it from the site. But have some problems.

The version which for Windows 7/Vista contains iNODE Intelligent Management center and probably no INODE vpn client , so there is no version for Win7/Vista, maybe you have got this version ?

I've got also problem with connecting L2TP over Ipsec over WAn and NAT links. I have tried but only got success in making only L2TP connection, while when I try through LAN, it is ok.

My colleagues from HP told that they also encounter problem with NATed links and that support work on it.

Have you encountered similar problem ?

best regards

Karol

Hello Guys.

Sorry for the late reply.

I have found a way (and trested it for the last 4 hours) to get this wotking.

Here it goes:

1. General info

- the VPN tunnels are created for each user using their first and last name

- each user has a specific IPSec VPN tunnel

- this is the first release so please feel free to update or improve my work

- x represents a number from 1 to ... given to each vpn user - it is important because it will be used for the tunnel

- the ip address for each VPN tunnel is 192.168.20x.1 / 24 where x is the number assigned to the user so, for example, if you are configuring the third user, x is 3 and the ip address for the interface is 192.168.203.1 / 24 

- you have to do all the config from below for each user

2. Router config

ike local-name vpn.yourdomain.com

ike peer x

exchange-mode aggressive

pre-shared-key <enter the pre shared key for the vpn tunnel>

id-type name

remote-name firstname.lastname

nat traversal

ipsec profile firstname.lastname

pfs dh-group2

ike-peer x

proposal 3des

sa duration time-based 86400

interface Tunnel x

ip address 192.168.20x.1 255.255.255.0

tunnel-protocol ipsec ipv4

source <external IP address>

ipsec profile firstname.lastname

3. Shrew config

- manual IP address form the same class as 192.168.20x.1 / 24

- nat traversal enabled

- you can use yout internal dns if you have one for reloving lan names

- authentication mutual psk

- local: FQDN: firstname.lastname

- remote: FQDN: vpn.yourdomain.com

- credentials: PSK: the key you entered

- phase 1: aggressive, group1, des, sha

- phase 2: esp-3des, md5, group2, disabled

- policy: require + obtain topology automatically

Hope it helps.

If I find a way to create a bridged tunnel and to use internal IP adresses for VPN users I will post a reply.

Regards,

Alex