Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BEFVP41 to WinXp Pro Connection config

Status
Not open for further replies.

djmgator

Technical User
Sep 24, 2003
4
US
I am trying to connect from my home WinXp Pro to my office Linksys BEFVP41. I have read books and forum q&a until I am blue in the face and still cannot get a connection. Can someone provide specific configuration data for this connection. There are an awful lot of specific behind the scenes settings that I am not sure I have correct. The Router user guide addresses this configuration specifically, and I still cannot get it done. Help !!
 
My old message. forget about MS IPSec policy:

markku (ISP) May 27, 2003
Hi,

You can get Windows IPSec working with BEFSX41 by following the instructions provided by Linksys in their site,however, the only sensible IPSec client is SSH Sentinel.

The instructions can be found here:


And the software here:

 
I'm sorry, but is this a reply to my question about my BEFVP41 Router? If so, thank you anyway, but I do not have a BEFSX41. The router I have is specifically a "vpn router". Also, it is my intention to use WinXP client. I do not care to invest additional time and resources taking a different course by using a different client.
 

If you had spent a few seconds looking at the document referred you had seen that it is specially written for BEFVP41.

Dear masochist, wish you luck with MS IPSec policy, you will spend a lot of your valuable time and it will never work.

 
I guess having an attitude is part of this communication process. Anyway, before responding, I gave you the benefit of the doubt. As I suspected, I have now spent much more than a few seconds looking at and working with the document you referred me to, and wouldn't you know it, it still does not work. Exactly why I was specific. I did not want to use IPsec. It was my intention to try to use PPTP. So there you have it, my original question stands.

However, I did learn something important from the document which I thank you for. It indicated that the WinXP client does not support dynamic dns. That is what I am trying to use, so I obviously have to go another direction.


 
Why did you buy VPN router if you are not going to use IPSec? BEFVP41/SX41 do not support PPTP/L2TP endpoint, only passthru, which works. Using PPTP you have to forward port 1723 in BEFVP41 to your PPTP server.

The document and software (Linky/Sentinel) I was referring to do work from/to dynamic DNS. Only thing important in configuration is _NOT_ to tweak the settings.

Sure works, see:

 
Well, I'll have to say you were right. I got the tunnel connected last night and tonight I have been able to access my office network and earlier today I could get to my home pc from the office. This is using the IPSec L2TP connection.

One question - I sure wish it moved along a little faster. I cable modem at home and DSL at the office. Is there anything that can be modified to speed it up?

 
The speed of your connection is limited by your upload/upload speeds.

Use terminal services if you have W2K server or better.
 
djmgator,

HOGdude here..

First time posting on this (or any) forum

BEFVP41 - Work <--VPN--> BEFSX41 - Home

I have recently had success at connecting a BEFSX41 to a BEFVP41 without wasting a bunch of time configuring IPSec in Windows XP.

I ALREADY DID THAT.... hahahah

I did manage to get that WindowsXP IPSec <--> BEFVP41 method to work when my home XP machine was connected directly to my cable modem, but was unable to configure IPSec to connect from behind an SMC DSL/cable router with IPSec passthrough enabled.

I finally gave up and purchased the BEFSX41 and the 2 routers get along perfectly.

I too was not interested in the Sentential solution and sympathize with your hostility towards MarkKu when his response sounds like an sales pitch for Sentinel. I tried Sentinel and &quot;Yah&quot; it works and it's fairly easy to setup but your probably like me in that you'd prefer to use software tools that are part of your operating system. Why spend money on something you already have?

However, I have to defend MarkKu (who I do not know at all personally) as it turns out the help I found was actually posted on another forum by the same MarkKu


Basically the BEFVP41 needs to have a static IP and then you configure the VPN screens on both routers the same making sure the subnets are different and they should work fine. Make sure you follow MarkKu's advise on the firmware for the SX. I just bought another one yesterday for another employee to work from home and they don't ship with the proper firmware version.

Hope this helps...

I would also like to thank MarkKu for his posts. Not sure if he works for Linksys or the SSH folks but I appreciate his taking the time to help.

If he's out there listening... perhaps he might be able to help with my original problem. Configuring IPSec correctly from behind a DSL/cable router with passthrough enabled. I have an employee with a WRT54G and XP. Like before I can get it to work directly connected but not from behind the WRT54G.

HOGdude
 
Hi HOGdude,

Thank you for your words, my relations to SSH have been clarified in:


Regarding your question:

If you mean Windows IPSec, it works only between real IPs, not NAT.

If you mean Sentinel, it should work. If not replace your WRT54G with some other router, like BEFSR41 for testing. The firmware of WRT54G is still under the contruction.

william43:

No way of establishing contact from BEFSX41 to Sentinel, since Sentinel is in dynamic =unknown IP. Replace Sentinel with another BEFSX41 or USBVPN1 and use DDNS/FQDN to find the remote computer by name.
 
markku,

What happened to SSH Sentinel? The site is no longer available and says something about the OEM product line being sold. WTF? I'm trying to DL a Trial copy again and confirm that I can get it to work before recommending it to use for remote employees...

Any ideas?
 
MarkKu,

Im trying to connect using Sentinel from an employees home location to our office.

BEFVP41 at the office 192.168.1.x
WRT54G at the employee location. 192.168.7.x

I configured both ends as described in:


The log from the VP41 is as follows.

2003-11-24 22:35:05 @in UDP from (WAN IP WRT54G):500 to (WAN IP BEFVP41):500
2003-11-24 22:35:05 IKE[71] Rx << MM_I1 : (WAN IP WRT54G) SA, VID
2003-11-24 22:35:05 IKE[71] Tx >> MM_R1 : (WAN IP WRT54G) SA
2003-11-24 22:35:05 IKE[71] ISAKMP SA CKI=[d8d23b59 d6000009] CKR=[88e355e2 550bbab2]
2003-11-24 22:35:05 IKE[71] ISAKMP SA 3DES / MD5 / PreShared / MODP_1024 / 14400 sec (*0 sec)
2003-11-24 22:35:06 IKE[71] Rx << MM_I2 : (WAN IP WRT54G) KE, NONCE
2003-11-24 22:35:06 IKE[71] Tx >> MM_R2 : (WAN IP WRT54G) KE, NONCE
2003-11-24 22:35:06 IKE[71] Rx << Notify : AUTHENTICATION-FAILED

I'm pretty sure the problem is on the Sentinel side. I've been able to get 2 SX41's to connect to the VP and I've also been able to get Sentinel working in the past on my XP machine directly connected to my cable modem. However, I am unable to get it working from behind the WRT54G.

Let me know if you need more info.

HOGDude
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top