CNET CWR-854 User Manual
VPN Setup for CNet’s CWR-854 802.11g Wireless Router
The instructions below are for getting an IPSec client to connect CNet’s wireless
broadband router CWR-854(F) with VPN capability. The VPN feature can be used for
secure remote access to a home or work network from anywhere on the Internet.
VPN Client Software used for this test is SSH-Sentinel v1.4 which is free for noncommercial use.
Applications:
1
www.cnetusa.com
Connect securely to home/work computers over the Internet. You could be at work, at a
friend’s house or on the road.
Equipment Needed:
1- A solid broadband connection to the Internet at home or work where CWR-854 is
used. CWR-854 needs to be configured for IPSec VPN capability
2- A client system with a VPN client software. We used SSH-Sentinel VPN client
software ( a trial version is available on the Internet)
Configuration Overview:
In the first scenario we will be working with two computers and a CWR-854 VPN router.
The assumption is that we are away from home and need to access a computer on the
home network connected to CWR-854. The computer we’re working from is connected
to the Internet through a Cable/DSL modem or we are dialing up using a modem.
In the second scenario, the client system is also behind a NAT route. In this case the
computer we’re working on is connected to a router and through a Cable/DSL modem to
the Internet.
First Scenario:
To configure VPN both on the client system as well as the router, we need to know about
the IP address schema used on the home network. By default the LAN IP of CWR-854 is
192.168.1.254. Computers that are be accessed from the Internet are better to have a
fixed IP address assigned to them. Below are what we need to know:
Home WAN IP address (this is the WAN IP of the VPN router CWR-854 used at home
or work) for example: 204.30.90.120
Home LAN IP address: (Default LAN IP of CWR-854 is 192.168.1.254)
Home LAN IP Network : (Default is 192.168.1.0, Subnet 255.255.255.0)
Computer to be accessed on the home network: 192.168.1.100
VPN Client (remote) computer on the Internet for example: 204.30.90.200
www.cnetusa.com
2
Router’s VPN Configuration:
Please use the routers’s default IP address 192.168.1.254 to access its configuration.
www.cnetusa.com
3
As shown above, CWR-854 can store 10 different VPN profiles. We need to enable
IPSec VPN and then click on edit to configure the first profile.
- Use any name for the connection.
- Authentication will be through the Pre-Shared Key (PSK). Basically anyone who
wants to have VPN connectivity to the router needs to have this key. We will
later on use this same key in the client configuration.
- The next step is to enter the IP information for Local and remote sites. For local
site choose “Subnet Address” to allow access to the whole LAN network. For
remote site, choose “Any Address” so that the router accepts VPN requests from
any IP address.
- Both local and remote systems are identified by IP.
- Key management is auto (IKE). Click the advance key to see the settings for
phase 1 and 2 negotiations. In phase 1 peers are authenticated to each other and a
secure encrypted link is established to start phase 2 which is the actual negotiation
of security services for the IPSec-compliant VPN channel. As you can see in the
next image, 3DES and MD5 are the chosen encryption and authentication
methods and for additional security PFS (Perfect Forward Secrecy) is also
selected.
4
www.cnetusa.com
The last step to finalize VPN configuration is to enter the PSK (Pre-Shared Key) and
save settings. The router is now ready to accept incoming VPN connections.
www.cnetusa.com
5
www.cnetusa.com
6
Loading...