cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

VSS and NetGear DGND3700 - additional config required to router query

Sjc67
2: Seeker
2: Seeker
Hi, I've just bought a VSS box and connected it up to my DGND3700. So far I have a solid red light and then two flashing lights as if to suggest the unit was/is configuring itself. The question I have is that should these two lights still be flashing after 6+ hours or is there something fundamental I need to do to my router before it will work? I know some posts refer to having to wait at least 24 hours before the unit is ready to use but I'm not sure if I have even got a communication link to Vodafone. Having read various posts it seems like the Netgear needs a few tweaks but I wanted to ask if there was a definitive steer from Vodafone for this unit. Is it possible to check if my unit has registered with you? The serial number is 40114670736 My MAC@ is 0C4C3900D600 My broadband speed is currently at 12Mbps download and 1Mbps upload Thanks for any help. Stephen
1 ACCEPTED SOLUTION

Nabs
17: Community Champion
17: Community Champion

Sjc67,

I know what you mean about the lack of a log, it's a massive pain in the....

 

Anyway, In addition to the posts you have already set i have TCP port 8 forwarding to the SureSignal.

SS_port_forward.PNG

Connumications can be set up on whatever port you like, as long as all the systems that require are using the same port it shouold all work fine.

 

with RE to NTP, i guess this is used for synchronisation purposes.

 

View solution in original position

20 REPLIES 20

Nabs
17: Community Champion
17: Community Champion

Hi Sjc67,

 

The DGND3700 is an updated version of the WNDR3700 i am using.

 

Before mine would work i needed to give the SureSignal a static IP address and manually set up port forwarding.

 

For a guide on how to do this check out the tutorial on PortForward.com. The menu's might look slightly different as you do have the newer version but i think most of it should be the same.

Thanks for your post Nabs.  Can you confirm where you assigned the VSS its static IP?  I assumed that it would be a reservation from the DHCP pool on the Netgear so that it would always get the same address.

 

I gave mine a reserved IP address of 192.168.0.100 and then followed the port forwarding screenshots from the website you had referred me to.

 

I rebooted the router and powered off the VSS - I waited until the router came back up and then rebooted the VSS but its still been sitting at the same two flashing lights as it had been before.   The Netgear verifies the VSS has the reserved IP address.

 

Are the four ports the only ones I need to open? NTP (123),  IP Protocol (50), ISAKMP (500) and the NAT-T Traversal (4500) ports?  The 4500 port is reported as being a Microsoft implementation but I don't know if this is relevant or not in this discussion as neither VSS or Netgear are MS.  My assumption is that somewhere within Vodafone they use MS servers or at least require this port.

 

It's possible that I am missing something here but I don't have the full technical breakdown of what it is the VSS is trying to do with the central Vodafone network.  There's not exactly a great deal of instruction in the box for this stuff and it seems to vary between people's routers just working with VSS first time to routers like this that need more specific configuration.

 

Without being able to easily interrogate a log of dropped packets this is proving to be a complex and frustrating task.

 

Thanks offering some advice in any case and I'll keep on trying to tweak the config to get it to work...

 

S

 

Hi all, following on from the discussion above I also recently posted this on another forum (notsosuresignal.com) My investigations this far have uncovered that it appears that Vodafone set up an IPSec Tunnel between the VSS box and the central servers. The ports I have been made aware of are UDP port 123 (for NTP), UDP port 500 (for ISAKMP traffic), and the NAT traversal port which I believe is port UDP 4500. I'm not convinced that port 123 is required unless my VSS box is providing some sort of NTP service which I don't believe it does....but I am willing to try anything to make this work.. I have also seen reference to a requirement for TCP/UDP port 50. If this is to do with IPSec then this requirement is misleading. The requirement should be for IP Protocol 50 to be permitted if the requirement is to allow ESP (encapsulating security payload) traffic and also most likely, IP Protocol 51 to allow AH (authentication header) traffic to be forwarded as well. These numbers (50, 51) are NOT port numbers so I don't understand why they are referenced in this way. Anyway, does anyone know how to convince the Netgear to allow the ESP and AH traffic to be correctly forwarded? Normally I would expect there to be a drop-down selection for this type of requirement or maybe a check box but so far I've not found it. I've also read that there may be an option to select IPSec Passthrough but this doesn't show up in my Netgear documentation. Has anyone else been lucky enough to get their DGND3700 to work?

Nabs
17: Community Champion
17: Community Champion

Sjc67,

I know what you mean about the lack of a log, it's a massive pain in the....

 

Anyway, In addition to the posts you have already set i have TCP port 8 forwarding to the SureSignal.

SS_port_forward.PNG

Connumications can be set up on whatever port you like, as long as all the systems that require are using the same port it shouold all work fine.

 

with RE to NTP, i guess this is used for synchronisation purposes.

 

Thanks Nabs, I've added that extra port and even rebooted the router as well...still have solid power light and flashing system and phone lights.

 

This is starting to feel like troubleshooting with my eyes shut...

 

Should there be a portmapping table in the UPnP section of the router - does that show your established connections or have you disabled UPnP?

 

I've tried using SheildsUP from grc.com to see if the ports are being advertised but it comes back with a stealth reply saying the ports are hidden so I don't think I am even making the ports available inbound.

 

Is there any way I can locally interrogate the VSS box or even issue it with some basic commands? I can ping it from my desktop here so I know its on the LAN so I suspect that somewhere between itself and the Netgear something is going awry.

 

Do you know the target internet address(es) it is trying to reach at Vodafone?  I've read in places that some people have had their external ISP addresses blocked so it would be good to know if there was something else I could check.

 

Perhaps someone from the Vodafone technical team can give us a definitve set of requirements for the VSS box to connect to VF?  If nothing else it might help narrow down what we need to do at our router end.

 

Thanks again for any help that can be offered...

 

S

I'm also assuming that the DGND3700 can and does issue its DHCP clients with a DNS server address (which should be the address of the router itself). I can't see anything in the web GUI to let you actually specify a DNS server value but I see that my Mac gets this and its a DHCP client as well

I read this page online and it mentions the need for the VPN ports to be in both directions - I'm assuming the DGND3700 is not a stateful firewall which would probably explain why we have to set up the ports in the router's config

 

http://help.vodafone.co.uk/system/selfservice.controller?CONFIGURATION=1000&PARTITION_ID=1&CMD=BROWS...

Quick update - the very limited Netgear Log shows:

"LAN access from remote] from 212.183.131.137:4500 to 192.168.0.100:4500 Thursday, Jan 26,2012 21:13:53"

I believe this is a Vodafone IP address so it shows that something is working but the lights are both still flashing. There are no other entries for any of the other ports.  Will leave it overnight and see if there's any change in the morning...

Nabs
17: Community Champion
17: Community Champion

There is no UPnP mapping on my router however UPnP is ebnabled.

 

The IP addresses at Vodafone's end are:

212.183.133.181
212.183.133.182
212.183.131.128/26

 

It looks like it is communicating with Vodafone so it's just a case of wait and see. It can take a few hours to download any updates etc onto the SS. Overnight should be enough time to tell if it's going to work.

Nabs
17: Community Champion
17: Community Champion

Hi Sjc67

 

Did you manage to get this working in the end?

If so it would be great to make the topic as colved, tis will aloow other forum users to see that this particular setup will work with the SureSignal :smileyhappy: