<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>Is the NBN modem in pass-through? If not, then it probably is a double NAT issue. If you can put the modem into pass-through mode, then it should hopefully solve it.<br><br>If for some reason you can't do pass-through and must deal with with double NAT, then Nebula could be an option. It was released open source from Slack. It's an overlay network where peers establish connections via "lighthouses", so it can punch through double NAT. It's certificate based, like OpenVPN and Wireguard.<br><br>Nebula is pretty cool, but it's a bit more involved to setup than something like Wireguard.<br><br><br>Nic<br><br><br><div class="gmail_quote">On 28 March 2020 8:59:24 pm AWST, William Kenworthy <billk@iinet.net.au> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<p>Wireguard is getting lots of good press about being secure but
easy to use - I cant use it as I need ssl in some scenarios so I
have not tried it.<br>
</p>
<p>Openvpn is still good, but I would use certificates and follow
the hardening guide for it. Openvpn with psk and multiple users
doesn't work (its only 1 to 1, but still secure) - needs to be
certificates for that.</p>
<p>Quickvpn looks like it might need multiple ports enabled which
might be the cause of your errors (in some IPSEC implementations,
one is used for auth).<br>
</p>
<p>BillK</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 28/3/20 6:58 pm, Kevin Shackleton
wrote:<br>
</div>
<blockquote type="cite" cite="mid:CADr1vmTyTALNqRBUVffzwYoE-gCr9GU87mUcDok6AkZdg5z-7w@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Hi All,</div>
<div><br>
</div>
<div>We are, like many businesses, working from home as much as
possible - I have not been in-office for the last fortnight.</div>
<div><br>
</div>
<div>Up to this time we have not bothered with an office router
that "does a VPN". Now a need has arisen and the business
owner bought a D-Link DIR-895L/R, connected to our NBN modem.
This device offers "QuickVPN", using a pre-shared key. As a
router it's working fine (though it lacks SIP, we will add on
a Cisco ATA)<br>
</div>
<div><br>
</div>
<div>So far we have not been able to make the VPN gateway work,
from Windows or Linux clients. We're getting authentication
failures, though we have tried all sorts of combinations of
protocols.<br>
</div>
<div><br>
</div>
<div>I'm interested in ideas and words of experience on the
subject:</div>
<div> - any chance the modem is affecting the VPN?</div>
<div> - comments on the selected device (is anyone using
"QuickVPN"?) and recommended alternative devices</div>
<div> - comments on re-flashing the device to DD-WRT which
D-Links says is supported. My main concern with a re-flashing
is that the wi-fi may lose some of its capabilities - not
really a big worry.</div>
<div> - thoughts about if a VPN using a PSK is really adequate
these days, or if we should not re-flash and start using
openVPN with large certificates<br>
</div>
<div><br>
</div>
<div>Regards,</div>
<div>Kevin.<br>
</div>
<div> <br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
PLUG discussion list: <a class="moz-txt-link-abbreviated" href="mailto:plug@plug.org.au">plug@plug.org.au</a>
<a class="moz-txt-link-freetext" href="http://lists.plug.org.au/mailman/listinfo/plug">http://lists.plug.org.au/mailman/listinfo/plug</a>
Committee e-mail: <a class="moz-txt-link-abbreviated" href="mailto:committee@plug.org.au">committee@plug.org.au</a>
PLUG Membership: <a class="moz-txt-link-freetext" href="http://www.plug.org.au/membership">http://www.plug.org.au/membership</a></pre>
</blockquote>
</blockquote></div></body></html>