Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Linksys BEFVP41 VPN problems

Status
Not open for further replies.

ScottCudmore

Technical User
Jan 24, 2002
3
US
Hi,
I just purchased the new Linksys VPN router. I want to be able to connect to my home network from a remote Windows 2000 machine. There are no stpes or docs on how do do this. Only Linksys to Linksys VPN. When I connect from a Windows VPN conenction, all I get is an error on the Linksys.

Does anyone have any ideas?

Scott

 
Hi Madnessxx,

I believe I have logged on using the "cache memory" with Win2K Professional. While I'm at home, I usually log on as I do in the company. The only difference is I have to wait longer, because the company network is not available to me at home.

If I have logged on, my user name should be a member of Group Everyone. But how come the error message always says "this is no logon server...".

I appreciate every suggestion you give to me.


 
I have a Lynxsys Etherfast Cable /DSL Router and am trying to get my webcam to work. I am using Microsoft Windows messanger can not connect while router is connected. I Can by pass router and it will work. Any suggestions on how to configure this to work
 
I have a Lynxsys Etherfast Cable /DSL Router and am trying to get my webcam to work. I am using Microsoft Windows messanger can not connect while router is connected. I Can by pass router and it will work. Any suggestions on how to configure this to work
 
Ok Scott,

Back to your original post, I think may have a resolution. I am faced with the same problem as you. Here is what I found.

Check the Microsoft KB with the following article...

"How to Configure a L2TP/IPSec Connection Using Pre-shared Key Authentication (Q240262)"

Apparently, the Linksys Router uses a non-recommended method to validate VPN clients. Using the instructions in this article will supposedly allow you to configure a Windows client to use Linksys's method for communicating through the VPN.

I think this is the solution and will likely post another response to let you know if this worked for me.

Gary
gwinn7
A+, Network+


 
I am planning on setting up a Linksys VPN router for the office. This will be to connect another location (in about 1 month).

But I want to make sure this product will allow users from home VPN into the network here through this.

From everything I have read, this will work as long as I setup a IPSec on their machines they are going to be using at home.

Is this correct?
 
Hi, SouthsideJohnny,

For the time being Linksys is good for box to box VPN. If you need painless windows-clients you have to look elsewhere, like SonicWALL or CISCO.

 
Has anyone out there had any kind of successs connecting to the Linksys box from a remote PC using 3rd party software ??

If so how ? and what software did you use ??

Any help would greatly be appreciated.

Thanks,
Chris.
 
Has anyone had some experience in routing to additional subnets besides the one that the BEFVP41 is connected.

I have two locations which are connected via VPN and it works perfectly. The remote location is 10.0.100.X and our main location is 10.0.10.X. The remote location can see everything just fine and vice versa. Network browsing works like a charm as well.

However, if I try to ping other subnets from 10.0.100.X (say 10.0.25.X) I don't get a response.

Now, I have placed routes on both sides for 10.0.25.0 however it just doesn't work.

It seems to me that the routing would be simple, however, it just doesn't work and I'm stumped. I must be missing something here.

Anyone have any suggestions?
Any assistance would be greatly appreciated.

Thanks.
Nicholas.
 
Hi Navaldis,

The VPN network works in star-shaped form. The routing between remote nodes is too much for Linksys.

Only change is to create separate tunnels between remote nodes in addition to the tunnel to the main location. Linky supports 70 separate tunnels.

Keep us posted about results.
 
Hello,
This is a really long thread, but since people seem to be reading it, might as well post my issues here as well. I am trying to set up two of the Linksys BEFVP41 routers to create a VPN tunnel between two locations. One is the main office, and one is the remote office. Currently I have everything configured pretty close to what everyone describes here, and the tunnel actually comes up and says connected. However, I can't ping/map across the tunnel and I can't think of any other way to verify that the tunnel is actually being used. Here is the way I have it configured:

Main Loc. -> BEFVP41 -> 3Com ADSL -> Internet
Internet -> 3Com ADSL -> BEFVP41 -> Remote Location

We were assigned a static IP for the main office, however it's assigned to the 3Com ADSL router. So I have made the default workstation (where all traffic is forwarded when it's send to the static IP) the BEFVP41 so that it handles all requests from the Internet.
The remote location is a dynamic IP address.
Because of this I have set the BEFVP41 at the main office to accept VPN connections from any remote gateway. I don't want to use netbios over the tunnel, I just want IP connectivity.
Are there any routing/forwarding issues that I'm overlooking?
Let me also give the ip layout:
Main Office IP: 10.x.x.x
Main Office VPN:
LAN: 10.x.x.254
WAN: 192.168.1.2
Main Office DSL:
LAN: 192.168.1.1
WAN: ISP Static
Remote Office DSL:
LAN: 192.168.2.1
WAN: ISP Dynamic
Remote office VPN:
LAN: 192.168.200.x
WAN: 192.168.2.2
Remote Office IP: 192.168.200.x

Also, I believe that NAT is being performed two times on each side, not that it should make much difference. The DSL routers on both sides are performing NAT.

Does anyone have any ideas why, if the tunnel is connected, I can not send/receive traffic through that tunnel? Or pretty much, why I can't use the darn thing if it's up?

-Josh
 
Hi Josh,

Two possibilities:

You should have machines in your both LANs pointing to the Linky -> Linksys router should be the Gateway in order to have the packets properly routed to the tunnel and back.

Your ISP is blocking protocol #50 ( IPSec ), pls check with your ISP.

NAT should not be a problem, I have similar setup running right here with no problems.

 
Hi Josh,

There might be still third possibility with 3COM.

Try to configure ADSL-router to bridge iso route, since you need only one IP.

Check the documents / support of 3 COM for IPSec passthru, it might need some hammering. I use Zyxel 645 R which does not need any additonal setup for this.
 
Hey markku.

Thank you for you reply.

I'll review the issue as this thread is rather long.

I have a tunnel between two subnets 10.0.100.X and 10.0.10.X and everything is dandy. However, I can't see any subnets which are connected to the location at 10.0.10.X (10.0.25.X for example) from the 10.0.100.X and vice versa.

So if I understand you correctly I need to create another tunnel between 10.0.10.X and 10.0.25.X? Once this is done 10.0.100.X will be able to see 10.0.10.X AND 10.0.25.X?

This is my understanding on what I need to do as I can't create a tunnel between 10.0.100.X and 10.0.25.X because they can't see each other.

I am suprised that the ability to see additional subnets besides the on you are connected to does NOT work on the Linksys?

It is a router and the manual does state that you can set up static routes. I mean, what is the point of the static routes?

I'm still going to try a test with Dynamic Routing (as soon as I turn off RIP on this silly little SCO box out at the 10.0.100.X location who thinks it knows the routes to everywhere and doesn't). I want to see what get's dynamically reported to the linksys as our Cisco routers also support the RIP protocol.

I'll keep people posted as I'm sure there are people in the same boat as I.

Regards,

N
 
Hi Navaldis,

The advantage of VPN-boxes is that they do the routing between different VPN-subnets without any other static or dynamic routing automagically = VPN rules are superior to other rules, e.g. static routes. Have tried it with Linky without success.

Therefore the easiest thing is to apply number of tunnels between nodes if _really_ necessary.

The routing between subnets requires ~$1500 upgrade for CISCO PIX, so Linksys cannot be blamed for not having this feature.

Good luck and keep us posted

Markku
 
Has anybody setup a BEFVP41 on a LAN, as the DSL router and VPN endpoint and has remote users with w2k connect to it?
 
Well After many sleepless nights and searching the Forums for information I have finally got my VPN Working. Horay!!!

My Set up is as follows:
Office: Netpilot Firewall with VPN
Home: Linksys VP41

I updated the Firmware to 1.4.2 and managed to get a tunnel created everytime however I could not ping the other end, I set rouute's and open ports and no luck. Finally I downgraded to Version 1.39.64 and as if by magic it worked.

I got the Link for the Firmware from this forum thanks curious2

the Link to save you searching:

I hope that everyone has my success. :)

Paul Benn Kind Regards, Paul Benn

**** Never Giveup, keep trying, the answer is out there!!! ****
 
If you're a novice like me ("I'm a doctor, not a computer programmer"- Leonard McCoy), you made it down this far on the thread, haven't sucessfully created a VPN and haven't pulled ALL of your hair out yet, I will reiterate one peace of advice: Get two of these routers and put one on each end. Piece of cake for a total of $300 (from Buy.com). I tried connecting a Linksys BEFVP41 VPN to another brand VPN router and tried software connections to no avail. I then ordered another Linksys and put one unit on each end and VIOLA!
 
Hi cdoug,

You are quite right, $150/box there is no need to use any client software when connecting two offices.

However, if you have portable then you can use SSH Sentinel to connect to the office network.
 
I too like the Linksys VP41 router. However, I am disappointed that it is not possible to route between subnets on the unit. It would be nice if people working from home could see our entire network and not just the subnet in which they have established the VPN link.

Has anyone had any success in routing between subnets other than the one you are connected to?

At markku's suggestion I have established VPN tunnels from my home and from one of our locations. All can see the subnet they are connected to, but cannot see the other subnets that are tunnelled within the same Linksys device.

I would have thought that this would have worked at least. Am I missing some static routing magic?

Secondly, has anyone a better solution for doing this if it is totally not possible to do it with the Linksys device. For most of our locations it is not necessary to connect to any other subnet than the one that they are connected to. However, I have a couple of locations that need to be able to "see" other subnets within our internal network. Any suggestions would be appreciated.

Finally, the VPN tunnel seems to go down every now and again and it requires us to power cycle the router. Any one experienced this behaviour and has eliminated this condition? We are on the absolute current version of the firware.

P.S. Many thanks to all the helpful people who stalk this forum, especially markku for his/her invaluable assistance.

N
 
Thank you Navaldis for your kind words.

I have tried to see the other subnets like you did with no success. Tried with static routing only. The only change is to establish more tunnels, fortunately Linky supports 70 tunnels/box. Other possibility is to install all servers to one location, and use the star-shaped architecture.

Linksys is not Cisco or FW-1.

I have noted tunnel going down with ADSL / dynamic IP. The technology which is used in our country ( Finland ) refreshes IP-info between 15 min to 1 hour. This causes BEFVP to freeze occasionally requiring cold boot.

Strange phenomenon is tha BEFSR41/SSH Sentinel combo works flawlessly under same circumstances.

Most probably an issue with firmware, this is a new product.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top