Home LAN->Work LAN-ALL Linksys!

[cfisherFrwy]

Ok…I’m losing hair fast so I’ll try to explain my setup and let you gurus munch on it…quickly I hope!

The Problem: Trying to access work LAN from Home LAN

The Layout
[Home LAN-All XP Pro] <=> [BEFSR41]<=> {Internet}<=> [Speedsteam 5851 SDSL – Bridging] <=> [WRV54G] <=> [Work LAN – NT4 & XP Pro]

Home LAN Schema
WAN IP: Dynamic, but I’ve had the same for a long time.
Computer IP: 192.168.0.100
BEFSR41 IP: 192.168.0.1
Home Subnet: 255.255.255.0

Work LAN Schema
WAN IP: Static IP
Schema: 10.1.1.xxx : 255.255.255.0
WRV54G IP: 10.1.1.1

I have NOT updated the WRV54G firmware to 2.10 as I read somewhere that it broke more than it fixed.

All Passthroughs have been enabled (GRE 47 etc).

I’ve tried various port forwarding trials but have questions on this – on the work LAN side, because I’m negotiating the tunnel with the router…do I need to forward the port anywhere on that side of things? I understand I need to forward on the Home side, to my home machine and have done that – I’ve even tried DMZ-ing my home computer with no luck.

I have tried the client that comes with XP and the GreenBow client. I get no joy with either. XP consistently reports Error 800 no matter what I seem to try – Greenbow is slightly better with feedback on what’s going on…but most of it is meaningless to me.

Documentation is less than stellar with the WRV54G – some of the option boxes within the VPN setup are simply not explained (VPN Gateway Enable??).

My Questions:
A - Can someone spell out in great detail what I need to enter into the WRV54G VPN setup pages? I’ve tried multiple scenarios so many times I’m never sure when I’ve got the right one thus allowing my to look elsewhere for problems.

B - While you’re at it…how’s my client have to look – I have no problem paying for Greenbow if I can get it to work…though free (XP) is always better!

C - Is there a way to tell where my connection is breaking down?

D - Port Forwarding on the VPN Router…necessary? If so, where the heck do I forward it – the NT server on the work LAN??

E - What’s the difference between standard Port Forwarding and UPnP Forwarding?

 

[ChicagoTechNet]

First, WRV54G has VPN build in and you may use it. Since you mentioned forwrading, I am assuming you are using windows VPN. thi smay help. quoted form

http://www.ms-mvps.com/

Error 800: Unable to establish the VPN connection. The VPN server may be un-reachable, or security parameters may not be configured properly for this connection.

Resolutions:
1) if you have firewall, open TCP Port 1723, IP Protocol 47 (GRE).
2) make sure you can reach the VPN server by using ping. Sometimes, poor connection can cause this issue too.
3) You may need to updated firmware on a router or firewall if other OS (win9x/nt/me/w2k) works except XP.
4) The VPN server may not be able to get IP from DHCP for the VPN client. So, you may want to re-configure VPN host networking settings. For XP pro VPN host, go to the Properties of the VPN>Network, check Specify TCP/IP address and Allow calling computer to specify its own IP address, and uncheck Assign TCP/IP addresses automatically using DHCP.
5) Make sure other secure software blocks your access, for example, if you use Norton secure software, you may need to add the remote client's IP so that the client can access.


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[deeno]

Are you trying to configure a router to router VPN, or are you trying to connect to a VPN server behind your router? If you're going for a client to server VPN, what kind of server are you trying to connect to? IPSec, PPTP, or L2TP?

If you're configuring a router to router VPN, you shouldn't need to worry about the port forwarding. A client to server VPN would be a different story, though, and the port forwarding would depend on what kind of connection you're trying to establish (IPSEc, PPTP, L2TP).

Post back answering those questions and I or someone else can probably help you out a little more. I have a busy day tomorrow but I'll try to check back.

Also, in the meantime, I'd suggest upgrading the firmware on the WRV54G. That is what I use here at home and I haven't had any problems with it. If you run into problems, you can always reset it to the original state.

deeno

 

[cfisherFrwy]

Thanks Deeno. I guess what I envisioned was Client (1 computer on my Home &quot;LAN&quot and Router (Work WRV54G).
Maybe I'm showing my ignorance here...would that work?

Frankly, I'd like to feel secure in my communications, but plain old PPTP wouldn't be that bad would it? In other words, I'm not particular - I thought I could get IPSec to work but perhaps not with my current equip.

I have access to an NT4SP6 server and an XP Pro box at work - I could connect to either and be happy with my access.

I could always go out and get another router...that might make life much simpler I suppose.

 

[deeno]

It seems like you have a couple options. You can create a router-to-router VPN, or a client to server VPN.

If you go with the first option and create a router-to-router VPN, you will have to get a different router at home that could connect to the WRV54G at work. Unfortunately, though, there seems to be a problem with the VPN side of the WRV54G, so you may have to get a different router for the office as well (replacing the WRV54G). For some reason its VPN functionality just won’t work. New firmware could fix that, but who knows when it will be released... Having said that, this option may not look the best at first since you will have to get at least 1 new router and possibly 2. If you don’t mind spending a few bucks, this is probably the way to go.

The client to server VPN model seems to be what you have been referencing in your other posts, where your computer on your home LAN would connect to the WRV54G at the office. This is supposed to work, but I have not ever seen it work with the WRV54G as the VPN server. For discussion sake, let’s say the WRV54G did work as a VPN server. It’s still pretty complicated because you’ll run into problems if your client computer is behind a NAT device as it is in your setup. In order for this to work, the connection must be established using NAT-Traversal on both ends (client computer and WRV54G). Getting client software to work with NAT-Traversal isn’t such a big deal (you could use SSH Sentinel or TheGreenBow client software), but I am not sure if the WRV54G will work with that. Again, for discussion sake, let’s say it did. Your router at home would have to support IPSec Pass Through (I’m not sure if your current home router has that option or not).

You can see this option is getting complicated. Let’s go ahead and dismiss using the WRV54G as the VPN server and let's talk about using a computer on your work LAN as the VPN server. To do this, your home router must support IPSec, PPTP, or L2TP (Pass Through), depending on the connection type you create on your work VPN server. Next, you would have to configure the appropriate port forwarding on your WRV54G at work, and the ports you forward would depend on the connection type (IPSec, PPTP, or L2TP). Once you configure the port forwarding on the WRV54G, you will have to setup the VPN server on your work network. Unfortunately I’m not sure how to do that with NT4 or XP, so I can’t offer any help there. I can help if you end up setting it up on a 2000 Server or 2003 Server machine.

Hopefully this gives you some insight into what your options are. The easiest setup would be the router-to-router configuration, but it will cost a little (if you get an RV082 for each side, which is a product I use and recommend, you’re looking at around $500 for this option). The other option with a client to server configuration would cost less in equipment, but if you’re unfamiliar with setting this up, it will probably end up costing more because of the time involved. The client to server setup would probably be less reliable and would probably just cause more headaches than it’s worth.

So, keep us posted on which route you decide to go (no pun intended) and be sure to let me know if you have any questions about the above. I hope I worded it so that the information makes sense.

deeno

 

[cfisherFrwy]

Excellent response Deeno - Thanks! Wish I would have asked these questions a while ago. Like when I still had the box for the WRV! I'm a little p/o'd Linksys is hawking a box that apparantly doesn't work.

I think you're right - the router-router route is the way to go.