Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

VPN Client - more

We had significant challenges getting the VPN Client to work. We tried numerous different configurations in multiple network locations and configurations before we could get the VPN Client to successfully connect to the DFL-CPG310. Once we got it working, we undid the working configuration and re-tried some of the failed configurations to better understand what worked. The confusing result was that the previously failed options then worked! To add to the frustration, working configurations were not repeatable on other machines in later tests.

We suspect that once the VPN Client makes a successful connection, it learns aspects of the network configuration that enable future connections. For example, the VPN Client software learns the subnet of the DFL's LAN after the first connection. This enables the Client to launch automatically if a user starts an application that attempts to connect to the DFL's LAN subnet. 

In our test case, the DFL's LAN subnet is /24. Pinging from the remote PC with the VPN Client software automatically launches the connection screen shown in Figure 13 with a message saying, "Your computer is trying to establish communication with your site. Please connect."

VPN client launch

Figure 13: Automatic launch of the VPN client software on access attempt

Understanding and managing DFL-CPG310 VPN Clients involves understanding the DFL-CPG310 "OfficeMode" configuration. OfficeMode, shown below in Figure 14, is a separate virtual LAN that assigns IP addresses from a unique subnet ( /24; Figure 14 below) to VPN Clients as they connect. This unique subnet is then routed by the CPG310 so that remote clients tunneling in are treated as though they were on the local LAN.

As with the Wireless network, the separate subnet is a good security feature. Servers and storage devices will likely be on the wired LAN subnet, and having separate subnets for the Wireless and VPN clients enables building access control lists based on originating subnets into the Firewall.

Click to enlarge image

Figure 14: OfficeMode configuration, showing separate VLAN subnet for VPN clients

However, from a configuration standpoint, it is a challenge to understand how the DFL-CPG310 VPN Server and OfficeMode's NAT options work together. 

The VPN Server has a configuration option to "Bypass NAT," (see previous Figure 11) which the manual states will tell the router to "not perform Network Address Translation (NAT) to the internal network for authenticated remote users." That makes sense. If you're connecting via the VPN Client, you will have an IP from the OfficeMode subnet, and your traffic does not need NAT.

OfficeMode then has the further option to Enable or Disable "Hide NAT." The manual explains Hide NAT "enables you to share a single public Internet IP address among several computers, by 'hiding' the private IP addresses of the internal computers behind the NetDefend firewall’s single Internet IP address." Why D-Link calls it "Hide NAT," I don't know. It would be easier if they simply called it "NAT."

The VPN Client worked with Bypass NAT checked and Disable Hide NAT selected. It seems like this can be simplified with a single option to Enable or Disable NAT, instead of creating so many double negatives. The end result is the various NAT options for VPN Client connections are poorly documented and confusing.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I’m using 384.9 on the AC87U and noticed last weekend the parental controls cut the kids internet off an hour early. When I checked the clock was in D...
Good day, I have been searching for a way to optimize my Asus Merlin ac3100 router, and it has been difficult to find a comprehensive guide. I get 100...
Hi everyoneSometime , I upgrade my R7800 router to Voxel V1.0.2.64SF firmware . I want to install entware bug I got an issue when I plugged second USB...
I currently have a Netgear R7800 running Kong DD-WRT. I have my 2.4Ghz and 5Ghz interfaces using the same SSID, we have mostly new devices and they pr...
Hello,I play games and have been trying to minimize my network's latency to improve this experience. Also, I am hosing a LAN party soon where my netwo...

Don't Miss These

  • 1
  • 2
  • 3