Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Information on setting up a VPN with a Linksys BEFVP41

Status
Not open for further replies.

tekguy86

Technical User
Jan 14, 2003
11
US
My associate and I just purchased two Linksys BEFVP41 VPN Routers, and are now struggling to get them set up. Anyone who has set one of these up, your help would be greatly appreciated.

-Tech
 
Also the setup we're working with is a Server running Win2k Server, and a Workstation running WinXP Pro. Both computer connect to the internet through ATTBI cable. Please let us know if there is any other information that would help you assess the situation.

Thank You

-Tech
 
How far have you gotten? Are the routers installed? Can you get to the internet? Have you been able to make the VPN connection?

Please give some idea where to start.
 
Yes we have them hooked up and set up to where all the local computers can access the internet and everything. We just aren't sure how to get them to talk to each other. Making the VPN Connection is what we are trying to do right now, but it is going nowhere!

-Tech
 
Have you set up ip forwarding on the port/ports that your vpn software is set to communicate on to allow IPSEC? If not that's the first place to start, as it's about 90% of the issues i run accross when setting up a vpn through a router.

Good luck.
 
Sounds to me like you kinda got a good start, then went the wrong direction. If I understand correctly, you have the same model router on both sides. If that is correct, I would try to establish the VPN router to router instead of Windows client to router. The directions you refer to above are for the latter (Windows to router).

Having said that, and assuming that is what you want to do, you will need to get rid of the VPN connection on your computer and reset your router to factory defaults so you can get to the setup. On the computer that you started to setup the VPN, Click Start --> Settings --> Dialup and Network Connections --> Right click on the VPN connection and select Delete. On the router, use a paperclip or similar to press the reset button on the router, hold for 3 seconds or until the red 'Diag' light comes on. Restart your computer and try to log into the router admin again. Change any settings that you changed earlier to get the internet connection working (if any).

Next, you will need to change the addresses of your routers on both sides. I posted a rather lengthy explaination in thread463-447092 on Jan 15, but if you want the short version, log into the router. On the setup tab, change the router's ip address (the one labeled device ip) to 192.168.2.1 . Click apply and restart your computer. You will need to do the same on the other router, but use 192.168.3.1 on that one. (Doesn't matter which one gets which address, point is they need to be different.)

Now, you should still be able to browse the internet, and you should be ready to setup a VPN connection. Log into the router again. You will need to use the ip address that you just assigned in the last step instead of the default provided by Linksys.

Click on the VPN tab. Mark the 'Enable' box and type a name for the connection in the 'Tunnel Name' box, can be anything you want and does not have to be the same on the other end. In the 'Local Secure Group' section, select 'Subnet' from the drop down box, type the address you entered for the 'Device ip address' on this router earlier, replacing the last 1 with a 0, ie 192.168.2.0. In the 'Remote secure group' select 'Subnet' and type the 'Device ip address' of the other router, again replacing the last 1 with a 0.

Select 'Any' from the drop down box labeled 'Remote secure gateway'. Select 'Disable' for Encryption and Authentication. You will want to change both of those after you get this working, but for now turn them off to simplify things. Click apply to save the settings.

Next click on the 'Status' tab. Write down the 'WAN ip address', you will need it for the other router.

Complete the same steps for the other router. Be sure to flip the local and remote secure ip addresses. This time, select 'IP Addr' from the drop down box labeled 'Remote secure gateway'. Type the 'WAN IP address of the other router in the box to the right. Click apply.

You should be able to try a connection. On the first router, the one set for 'Any' secure gateway, click connect. Then on the other router, also click connect. Should fire right up (if my instructions are clear enough).

Few things to keep in mind if you do connect . . . You will want to change the security settings once you get the basics worked out. As configured, anyone can connect to your router. Also, you probably don't have fixed ip addresses, so your ISP can change them whenever they wish. You will need to check your address each time you connect.

Hope this is of some help. Report back any problems, try to be as specific as you can.
 
Alright, I just printed off your post (I'll try it tomorrow). But what we are wondering is if we have to set the routers IP at 192.168.x.x or can we use something else for the IP? His current scheme 1.254.x.x and he is really avoiding changing it because of his DHCP setup. If so what would be the recommended options? Can I use 2.254.x.x? Thanks, you have been alot of help.

-Tech
 
The 192.168.xxx.xxx is important.

Short version -- change it. No other options.

Longer version, in case you want to know why . . .

IP addresses are used to route all traffic over the internet. When you type an url (like in your browser, it is translated to an IP address and the computer hosting the site is contacted based upon that address. The 192.168 block has been designated as private, it will never appear on the public internet.

Your current setup tells your router that any IP starting with 1.254 is on your local network, so if you try to visit a website that uses a number starting with 1.254, the data will be sent to your local network and you will not be able to connect to the intended server.

Hope that makes sense. It's late here.
 
Okay, sorry I said that wrong. What I was wondering is if the x.x.2.1, etc. matters? Can we use x.x.1.254 on this network? My associate wants to know if he can use the IP 192.168.1.254 on his router (192.168.2.254 for mine)? Thanks for your quick reply, your information has been invaluable.

-Tech
 
So far as I know, that should work. The only reason that I could think of that it wouldn't work would be if the router insists on being x.x.x.1, so if you already have .254 and it works, you should be fine. The important part is the 192.168., and you have that.

Hope it is going well!
 
I'm confused about how the VPN/Firewall interact with each other in router-router VPN over BEFVP41/BEFSX41 boxes.

Even if you enable filtering/forwarding/triggering of lots of ports in the Firewall settings on a Linksys VPN router, does that affect VPN traffic with another Linksys router?

For example, if you program the BEFVP41 to filter port 5361, should that affect pcAnywhere over the VPN? I assumed that port 5631 traffic goes to the Linksys box, gets moved by VPN to a tunnel on port 1723, goes through the embedded firewall, over the WAN to the recipient, through the firewall, back to port 5631 by the VPN, and finally to the remote LAN.

Or am I wrong, and filtering port 5361 keeps pcAnywhere from communicating with both the WAN and the VPN?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top