How to Configure Dlink DSR-250N for IPSec VPN & ShrewSoft Client

Please Note: While these instructions are for the 2.x firmware version of the Dlink DSR-250N, they should work for other Dlink models in the series with the same UI interface.

1) Log into the DSR-250N management portal using admin

2) Click the Wizard icon in the upper right hand corner

3) Run the Security Wizard

4) For VPN Passthrough, ensure 1) IPSec is enabled 2) L2TP and PPTP are disabled, then click Next

5) In the Configure VPN Type and Remote and Local Addresses screen, change the VPN Type from Site-to-Site to Remote Access

6) Change the local gateway type to FQDN

7) Connection Name: Your connection name

8) Enter Pre-Shared Key value (unique to your VPN)

9) Remote WAN’s IP Address / FQDN: remote.com

10) Local WAN’s IP Address / FQDN: local.com

11) Click Save

12) A confirmation screen will appear with the detail of the VPN settings. Click Finish.

13) Click OK to save the Configuration

14) Go to VPN->IPSec VPN->Policies

15) Right click on the policy you just created and left click on Edit

16) Review the IPSec Policy Configuration and make note of details such as the Pre-Shared Key to configure the ShrewSoft IPSec VPN Client

17) Open Notepad and copy and paste the below ShrewSoft config settings to a file named “DSR-250N – ShrewSoft VPN policy file.vpn” Use this configuration file to import into the ShrewSoft client to connect to your VPN:

n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:0
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:0
n:network-notify-enable:1
n:client-dns-used:0
n:client-dns-auto:0
n:client-dns-suffix-auto:0
n:client-splitdns-used:0
n:client-splitdns-auto:0
n:client-wins-used:0
n:client-wins-auto:0
n:phase1-dhgroup:2
n:phase1-life-secs:28800
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
n:phase1-keylen:128
n:phase2-keylen:128
s:network-host:111.111.111.0
s:client-auto-mode:disabled
s:client-iface:random
s:client-ip-addr:198.18.0.10
s:client-ip-mask:255.254.0.0
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk
s:ident-client-type:fqdn
s:ident-server-type:fqdn
s:ident-client-data:remote.com
s:ident-server-data:local.com
b:auth-mutual-psk:
s:phase1-exchange:aggressive
s:phase1-cipher:aes
s:phase1-hash:sha1
s:phase2-transform:esp-aes
s:phase2-hmac:sha1
s:ipcomp-transform:disabled
n:phase2-pfsgroup:2
s:policy-level:unique
s:policy-list-include:111.111.111.0 / 255.255.255.0
 
18) Once you import the configuration file into the ShrewSoft VPN Access Manager, right click it, left click Properties, and change the following settings to your network specific values:


a) On the General tab, change the Host Name or IP Address to your network's external IP address

  

b) On the Authentication tab, go to the Credentials sub-tab and specify the Pre-Shared Key

 c) From the Policy tab, click Modify to specify your local network subnet and mask (e.g. 192.168.10.0 / 255.255.255.0)

19) Make sure to save your changes. You should now be able to successfully connect to your DSR-250N using Shrewsoft. Let me know if something's not working or you're stumped and I'll do my best to assist. I realize configuring IPSec VPN policies is a total pain, that's why I posted this.