• Projekte
• ProFTPD
• Krename
• Kbarcode
• Linux
• Mailserver
• Gentoo
• Typo3
• Linux Magic Keys
• Web'n'Walk Linux
• Update oder Upgrade ?
• Server Monitoring
• Backup
• Sonstiges
• Benchmark Apache Prefork vs. Worker
• Benchmarks von EMC, Nexenta usw.
• Samba & Windows 7
• Memcached
• Siemens Fujitsu P7010
• Citrix unter 64 Bit Ubuntu
• Google
• Speedtouch 510

Speedtouch 510 VPN Problems

The Speedtouch 510 (and similar models) are quite popular here in the UK. For example, Eclipse is using them by default.

In the UK I am using a Speedtouch 510 at home and at work. When trying to establish a VPN connection between both networks (please read my Firewall comments as well), it never worked.

What's the problem ?

The default setting of the Speedtouch 510 are, that its act like a small firewall itself. By default it got two devices, one acting like an external interface with the external IP, the other one like an internal device (default: 10.0.0.138). So, if you are using a a real firewall behind that, it will normaly have a internal IP like 10.0.0.1.

This is a general problem with VPN, because the VPN endpoint is not directly accessable. New version of FreeSwan are able to work with a NAT device, but from my point of view, a direct IP at the computer is the best thing.

Solution ?

The solution is that reconfigure the modem. that it does NOT acted like a NAT device, which means, that it's not translating the IPs.

For the Speedtouch 510 I know two ways to solve it. The "DHCP Spoofing" trick seems only to work properly under Windows, because it's using a gateway which is not reachable, but for one reason or another, the modem is answerimg the ARP requests anyway. I don't like this kind of solutions which are violating a lot of ethernet rules..

The second trick is useful, when you have more than 1 IP. In my case I am using Eclipse as provider, so I have 5 statics IPs each at home and at work. The trick is now, that you will assign one external address to the modem and another one to the Firewall. The modem is than the standard gateway and everything is working like a charme.

The only disadvantage is, that the modem is accessable from the outside - so you better use a stronger password !

What to do ?

Download this INI file and edit it to your needs. Change the Username, Password and IP Addresses and delete the comments "//" before uploading the file to the modem. Please remember to backup all your old settings before !

the INI file is taken from: web.ukonline.co.uk/jjworld/fivestaticsetup.htm

Download this file: ST510_VPN.ini