Skip to content

Fusion Network

HowTo: Setup Netgear ProSafe FSV114 to work in Windows 7 with ShrewSoft VPN Client.

 

Purpose:

Netgear has decided they are not going to release a Windows 7 Compatible VPN client for their FSV114 ProSafe VPN. Not Great for those of us who do not want to buy a new piece of hardware and our old equipment works perfectly.... This will get you going using the ShrewSoft VPN Client (Windows 7 and Linux compatible).

A big thanks to the guys that maintain ShrewSoft VPN. If you are going to use this I really strongly urge you to donate to their project.

 

Requirements:

  • Windows 7/XP/Vista or Linux Computer
  • ShrewSoft installed on your computer.
  • Moderate/Advanced knowledge of VPN's Networking/Etc.
  • A hardware VPN such as the FSV114 from NetGear. (Hopefully already setup and working)
  • Admin access to your ProSafe VPN.
  • All configuration information (PSKs/Certs/Etc) for your ProSafe VPN.

 

Getting Started:

 

  1. Get the ShrewSoft VPN installed on your computer.

  • Download from: http://www.shrew.net/software

  • Make sure to install the version for your operating system. I set this up on version 2.1.7-release that was released on Oct 08 of 2010.

  1. Log into your NetGear ProSafe VPN to copy down the connection information as needed.

    First navigate to the “IKE Policies” Page.

    Select your policy and click “Edit”

    The following information is what you are interested in.

    Example information will be listed in BOLD.

    IP address or Hostname of your VPN Endpoint (we will use VPN.MYCOMPANY.COM)

    General:

Exchange Mode: Aggressive

Local:

Local Identity Type: Fully Qualified Domain Name

Local Identity Data: some-name1.mycompany.com

Remote:

Remote Identity Type: Fully Qualified Domain Name

Remote Identity Data: remote.mycompany.com

IKE SA Parameters:

Encryption Algorithm: 3DES

Authentication Algorithm: SHA-1

Authentication Method (PSK or Certificate): SOMEPSK1

Diffie-Hellman (DH) Group: Group 2 (1024 Bit)

SA Life Time: 28800

 

 

Now Navigate to the “VPN Policies” page.

Select your Policy, Click on Edit.

You will need to record the below information:

General:

SA Life Time: 86400

Traffic Selector:

Local IP: Subnet Address

Start IP Address: 192.168.0.0

Finish IP Address: 0.0.0.0

Subnet Mask: 255.255.255.0

ESP Configuration:

Enable Encryption (checked)

Enable Authentication (checked)

Encryption Algorithm: 3DES

Authentication Algorithm: SHA-1

Once you have all of the above information you can proceed with the setup on your client machine that you will be using to access the VPN.

We will use the above gathered values in BOLD as our examples in the following section.

  1. Setup your new connection in Shrew Soft.

    Load the “Shrew Soft VPN Access Manager”

    Click on the “Add” Button once it has loaded.

    Fill in all of the following screens as listed (use your information).

    General

      Host Name or IP Address: some-name1.mycompany.com

      Post: 500

      Auto Configuration: Disabled

      Address Method: Use a virtual adapter and assigned address

      Address: 172.81.222.5 (Set this to something you will likely never be on the same LAN)

      NetMask: 255.255.255.0

    Client

      Nat Traversal: enable

      NAT Traversal Port: 4500

      Keep-Alive packet rate: 15

      IKE Fragmentation: enable

      Maximum packet size: 540

      Enable Dead Peer Detection: unchecked

      Enable ISAKMP Failure Notifications: unchecked

Name Resolution

Uncheck all options on this page. (You can leave Enable DNS checked if you want your clients to use an internal DNS server when connected to the VPN.)

Authentication

Authentication Method: Mutual PSK

Local Identity

Identification Type: Fully Qualified Domain Name

FQDN String: remote.mycompany.com

Remote Identity

Identification Type: Fully Qualified Domain Name

FQDN String: some-name1.mycompany.com

Credentials:

Pre Shared Key: YOURKEYHERE

Phase 1

Exchange Type: aggressive

DH Exchange: group 2

Cipher Algorithm: 3des

Hash Algorithm: sha1

Key Life Time Limit: 28800

Key Life Data Limit: 0 (no limit)

Enable Check Point Compatible Vendor ID: (Disabled)

Phase 2

Transform Algorithm: esp-3des

HMAC Algorithm: sha1

PFS Exchange: disabled

Compress Algorithm: disabled

Key Life Time Limit: 28800

Key Life Data Limit: 0 (no limit)

Policy

Policy Generation Level: auto

Maintain Persistent Security Associations: (unchecked)

Obtain Topology Automatically or Tunnel All: (unchecked)

Add a Remote Network Resource (click the “add” button”.

Type: Incldue

Address: 192.168.0.0

Netmask: 255.255.255.0

  1. Test Connecting

    1. Start up the ShrewSoft VPN client and tell it to connect.

    2. Assuming that it connects, pick an IP address on your remote network and ping it using the command line.

    3. If this works then your connection should be setup and ready for use.