Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

VPN Client - more

We had significant challenges getting the VPN Client to work. We tried numerous different configurations in multiple network locations and configurations before we could get the VPN Client to successfully connect to the DFL-CPG310. Once we got it working, we undid the working configuration and re-tried some of the failed configurations to better understand what worked. The confusing result was that the previously failed options then worked! To add to the frustration, working configurations were not repeatable on other machines in later tests.

We suspect that once the VPN Client makes a successful connection, it learns aspects of the network configuration that enable future connections. For example, the VPN Client software learns the subnet of the DFL's LAN after the first connection. This enables the Client to launch automatically if a user starts an application that attempts to connect to the DFL's LAN subnet. 

In our test case, the DFL's LAN subnet is 192.168.10.0 /24. Pinging 192.168.10.1 from the remote PC with the VPN Client software automatically launches the connection screen shown in Figure 13 with a message saying, "Your computer is trying to establish communication with your site. Please connect."

VPN client launch

Figure 13: Automatic launch of the VPN client software on access attempt

Understanding and managing DFL-CPG310 VPN Clients involves understanding the DFL-CPG310 "OfficeMode" configuration. OfficeMode, shown below in Figure 14, is a separate virtual LAN that assigns IP addresses from a unique subnet (192.168.254.0 /24; Figure 14 below) to VPN Clients as they connect. This unique subnet is then routed by the CPG310 so that remote clients tunneling in are treated as though they were on the local LAN.

As with the Wireless network, the separate subnet is a good security feature. Servers and storage devices will likely be on the wired LAN subnet, and having separate subnets for the Wireless and VPN clients enables building access control lists based on originating subnets into the Firewall.

OfficeMode
Click to enlarge image

Figure 14: OfficeMode configuration, showing separate VLAN subnet for VPN clients

However, from a configuration standpoint, it is a challenge to understand how the DFL-CPG310 VPN Server and OfficeMode's NAT options work together. 

The VPN Server has a configuration option to "Bypass NAT," (see previous Figure 11) which the manual states will tell the router to "not perform Network Address Translation (NAT) to the internal network for authenticated remote users." That makes sense. If you're connecting via the VPN Client, you will have an IP from the OfficeMode subnet, and your traffic does not need NAT.

OfficeMode then has the further option to Enable or Disable "Hide NAT." The manual explains Hide NAT "enables you to share a single public Internet IP address among several computers, by 'hiding' the private IP addresses of the internal computers behind the NetDefend firewall’s single Internet IP address." Why D-Link calls it "Hide NAT," I don't know. It would be easier if they simply called it "NAT."

The VPN Client worked with Bypass NAT checked and Disable Hide NAT selected. It seems like this can be simplified with a single option to Enable or Disable NAT, instead of creating so many double negatives. The end result is the various NAT options for VPN Client connections are poorly documented and confusing.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Sorry, I know that is not a very technical description.I had my system apart today to mount my AC-3200 to a wall.Everything got plugged back and the i...
I currently have an ASUS RT-AC86U running Merlin, along with a Netgear X4s R7800 as my backup. I'm really bored with Netgear stock firmware and Voxel ...
I have been having some Wi-Fi connection issues lately and am looking for a good "recommended settings" guide, but they are all several years old. Man...
periodically when my router reboots on scheduled reboots, a VPN server may fail to start, might be vpn 1 or vpn2 I am trying to figure out what could ...
I have an ac868u which is connected to the internet via a pppoe modem. For some reason new clients are being assigned the name of the modem by the asu...

Don't Miss These

  • 1
  • 2
  • 3