Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BefVP41 fails DDNS--Get dif router or try beta frmware?

Status
Not open for further replies.
technicallyspeakin

technicallyspeakin

MIS
Sep 11, 2003
4
US
Thanks in advance. I bought two new Linksys BEFVP41 (VPN) routers. The mission critical thing they currently need to do is to connect my two LANs. I hope to try other things with at least one of them, such as:

--hosting one or more sites and/or hosting applications (ie, application service provider)
--refining the LAN-to-LAN setup to instead allow only certain PCs on one LAN to access the other LAN.

The LAN-to-LAN tunnel is working but it is doing so by using the dynamic WAN IP addresses assigned by the ISPs.

I tried setting up domain names so as to use the routers' DDNS abilities. That is, my plan was to tell each side of the tunnel (or is it tunnels?) to connect using an FQDN (fully qualified domain name), so that if/when the IP addresses change, the tunnel would still stay alive (though perhaps with a time lag for the new IP addresses to get updated).

The routers reported various things. Right now, for example, each router's DDNS (Dynamic DNS) screen says "The hostname does not exist." I'm certain that the domain names do exist, because I copied (rather than retyped) the exact text I'd inputted, and when I then pasted that into explorer (with http:// in front), I was able to get to the router entry screen (having earlier temporarily enabled remote administration).

Linksys's tech support felt that because I can connect to the routers' remote admin screens using the domain names but the routers simultaneously report errors, the problem might be, or definitely is, in the router's software, which they are calling firmware. They offered to send me an updated one in hopes that it would work, but they noted that it is a beta. I'm concerned at the risk of using a beta product--might it cause problems with my system, might the design be changed such that the next version would disable the DDNS, etc.

There's a 30 day return period on the routers (to the retailer; Linksys's site says no refunds, period, I think). So I'm wondering whether I'd be better off trying other routers (and if so, which ones), all keeping in mind that I hope to do the other things I noted at the beginning (such as refining the LAN-to-LAN setup, which I think would mean needing to have routers that support multiple tunnels).

In case it's helpful, here's some info re a couple of "advanced" features. During part of the troubleshooting, the tech department had me enable these two items:
NetBIOS broadcast
Keep-Alive

I read somewhere else something that led me to wonder if those are things to try to avoid using. Just now I turned both features back off. I successfully then pinged the other LAN's router and a PC that I'd left on. And, the VPN tunnel screen for each router says that the tunnel is "connected". However, I neglected to set up any kind of remote, so I can't yet test whether the other LAN's PCs can ping this router.

In sum, please give feedback on the riskiness of trying the beta firmware vs. returning these and buying a different model, or perhaps other options I'm unaware of.
Thanks!
 
Sort by date Sort by votes
Thanks! It's good to see that there's been a thread.

A have a couple of follow-up questions and concerns before I try the install. For background to the questions and concerns, here is what I know about various version numbers.


1.40.4
The latest listed at Linksys's site. The firmware's date (per the site) is 11/21/2002

1.40.5
Is what has been on the routers since I bought them. And is cited by the latest post at the other thread as being the latest, but I'm not sure if by "latest" is meant the latest beta or the latest public release.


1.40._ (Higher than 1.40.5, lower 1.41)
was e-mailed to me by Linksys, with a statement to not distribute and to not reveal results of testing.


1.41
Is what some of the now-older posts in the thread said is/was the latest beta version.

OK, here are my questions and concerns.

Why does Linksys have an older version at its downloads site than is on shipped products. I've not guessed at any favorable reason for this. My conclusion pending more input is that either my router was shipped with beta firmware, the downloads site is not kept up to date, or Linksys decided, after shipping my particular routers, that their firmware (1.5) should be recategorized from "released" to "beta". If the latest post in the other thread is correct and means that 1.5 is the latest firmware, then it seems that the answer is that the downloads site is not up-to-date.

Why would Linksys have sent me an earlier version than 1.41. (My guesses include ignorance or that perhaps 1.41 is riskier than the one sent to me but that both of them fix the only problem I've run into [FQDN].)

Other than changing to a different manufacturer (as I asked about in my first post), how best might I and others deal with these issues? Linksys's e-mail asks that testing remain confidential, yet Linksys seems to be somewhat disorganized or otherwise flawed as evidenced by its failrue to (a) have the latest non-beta be posted at its site and possibly (b) send the latest applicable beta (if 1.41 indeed is appropriate for my needs) instead of sending an outdated beta. Therefore, I'm lacking confidence that relying solely on Linksys (and not discussing test results) is a good idea.


I don't know what ISCA or what ISCA-certifification is. Are you saying that it applies to 1.41 or to 1.40.5 (or both)? Might it also apply to the version I was e-mailed (which is numbered between the two)?

Finally, just to confirm, which version are you recommending that I install--1.41?

Thanks again!
 
Upvote 0 Downvote
Use 1.41, it should solve your issues. Do not bother about it being beta, it is a good stable version.

I was referring to which certifies the products and performs the interoperability tests.
 
Upvote 0 Downvote
My biggest concern at present, unfortunately, is to choose another set of VPN routers.

Thanks, I tried 1.41, and since then, Linksys released 1.41.1 to its support site, and I tried that also. The results remain lower than what I want. (Best case on the routers I am able to use a dyndns-based domain name as the "remote" (that is, I designate it as a fully-qualified-domain-name), but when I designate the local router's dyndns-based domain name via the DDNS tab (so that the router can tell dyndns about changes to the IP address), the screen claims that the domain name does not exist. Therefore, I suspect that in a few weeks or a month, when the ISP changes the IP address, the router will not automatically tell dyndsn about it.)

At this point I'd appreciate advice as to what other inexpensive routers to try. I've stumbled across D-Link; there are VPN routers at well under $100. I paid $130 or so for the Linksys routers and need to return them to the retailer soon to be within the return period.

Thanks!

P.S.
I also am unclear on whether VPN routers will be necessary at all if we end up going to Windows 2000 Server, Windows 2003 Server, or the Small Business flavor of either 2000 or 2003. That's still far off enough that I need to have VPN routers.
 
Upvote 0 Downvote
Seems odd, since DDNS/FQDN functions have been reported been working well since the latest beta, see e.g.:


Might be something else wrong with your setup. Maybe you are in NATed DSL of some other detail is blocking DDNS.

VPN routers block you completely against the attacs from the net in addition of giving you 3DES security level. If you rely on M$ security only you are stuck with continuous flow of updates and OOTP level of security. Being an ISP myself please do not ask how I know this.

Good luck with D-Link. Did not see it in ICSA pages.
 
Upvote 0 Downvote
Thanks again!

<<Might be something else wrong with your setup.>>

I'm not sure what else to check about my setup, because specifying the FQDN in the tunnel works, it's just the DDNS tab that doesn't work, and I think that that means that the router won't update Dyndsl when the IP changes.

Actually, the FQDN is working on only one side of the tunnel right now, but it did work on both before. When I upgraded one router to 1.41.1 and then tried to set up the tunnel, specifying FQDN didn't work so I hard-coded the public WAN, figuring I'd spent enough time playing with it and I'd try a new router instead of fiddling further. That's still my plan for now unless there's something about my setup that can be identified.

<<Maybe you are in NATed DSL of some other detail is blocking DDNS.>> Not to my knowledge. No DSL at all. But this is my first VPN.

re VPN routers vs. MSoft server: Is the operative word &quot;only&quot; (in &quot;if you rely on M$ security only&quot;). I mean, will the MSoft servers cooperate with if I use a VPN router, and will the router be thrown off by the server if I use the server's VPN features or its other security features?

I don't know what OOTP level of security means.

I agree that MSoft's products have a lot of updates but that seems similar to what I've seen with this set of routers. Except that unlike the old days, MSoft seems pretty upfront about its failings. (That's just my experience, and thus just anecdotal; I've not been reading trends and all.) The linksys routers needed to have updates, so that's not different than MSoft except that Linksys seemed to take a long time, at least for this router, to get its updates out, and of course in my case even those might not solve the problem (though I agree, maybe there's something else wrong.)


<<Being an ISP myself please do not ask how I know this.>> Ouch.

<<Good luck with D-Link.>> Thanks! I read somewhere that Linksys has almost half the market. D-Link was number 2, but was far, far behind (at about 12% as of last year, I think).
 
Upvote 0 Downvote
Hi,

After upgrading the firmware of your routers did you perform a long reset ~30 seconds before reloading the configuration.

You could identify the DDNS problem by using the client program in your machine instead of DDNS-function of the router. If it does not work, please report to dslforum, it is frequently monitored by Linksys techs. If DDNS is broken, hope they fix it soon.

It takes forever to test these things, judging stability of DDNS and tunnels takes days and weeks before conclusions can be made. VP41 is a pretty stable product at the moment, still some rough edges left, like your findings on DDNS.

Sorry for typo again, PPTP of course.

If you use router to router VPN, your networks are protected by HW-routers exposing no open ports. Your communications is protected by 3DES level of security and no client software necessary. Nice target.

 
Upvote 0 Downvote
Two comments about DDNS with Linksys:

1) These routers support DDNS but not &quot;custom DNS&quot; meaning you can put in an address like &quot;example.dyndns.org&quot; but not &quot;dyndns.example.org&quot;

2) Am I mistaken that if you click the &quot;apply&quot; button too frequently, it will interpret the &quot;******&quot; string sitting in the password textbox as a password made literally of asterices?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

eacintron
  • Locked
  • Question
SONIC WALL VPN CONNECTED BUT I CANNOT ACCESS THE ROUTER
Replies
4
Views
291
eacintron
eacintron
Flontz
  • Locked
  • Question
Router Replacement
Replies
1
Views
116
PeterHurst
PeterHurst
LJuliet97
  • Locked
  • Question
Best VPN Router for what I need
Replies
6
Views
321
jimbopalmer
jimbopalmer
unssupport
  • Locked
  • Question
Recommendation for VPN client router dynamic WAN IP address
Replies
1
Views
172
cflcrosland
cflcrosland
Optman
  • Locked
  • Question
vpn client cann't establish connection to Contivity 1740 router ..!!
Replies
0
Views
97
Optman
Optman

Part and Inventory Search

Sponsor

Back
Top