Linksys RV082 woes

[CarSalesman]

I have two RV082 at two different offices, both on static IPs. LANs are fixed IPs, different ranges. No problem connecting router to router, can access LAN to LAN.

Frustration is getting remote access from PC not on one of the RV082. I've spent HOURS on live chat with Linksys. They've tried everything, but honestly they don't seem to know much about it.

Primarily I'm trying to use Linksys Quick VPN software, but will consider using MS VPN. My remote PC uses XP Pro.

At home, I'm connecting through a router and cable modem. I've opened ports 443, 500, and 1723 on my remote router. I've even tried putting my PC on DMZ.

I really don't think the issue is on the remote PC end, because Linksys tried to connect from their computers, using Quick VPN, and couldn't get in. To me, that means the problem is entirely on the RV082 end. There really isn't much to set up on the RV082 for Quick VPN, just the username and password. Is that right?

Anyone have positive exprience with Quick VPN? I'm ok with using MS VPN, but there are bunches of settings for that on the RV082 that I don't understand. Any help with those would be appreciated.

 

[smah]

First, make sure that you're using the most recent version of the QuickVPN client - 1.0.38 and 1.3.2 firmware on the router. On the router, set the VPN Client Access with a username & password. On the router's firewall page, make sure HTTPS is enabled. On the Setup, Forwarding screen, make sure that https (port 443) is not set to forward anywhere. That should do it. Just use the QuickVPN client to connect to the public IP address of the router (for now, just use the address, so that DNS resolution is not a factor). Local software firewalls on the client computer can also cause the connection to fail. Earlier versions of the client software had trouble with the XP firewall. At what point of the connection does it fail & with what error?

 

[CarSalesman]

Smah: Thanks for the response. Unfortunately, we've exhausted every one of those ideas. Downloaded latest QuickVPN (it was the same as what I had already, but downloaded it anyway). Firmware is new (as noted above). On RV082's firewall page, *everything* is enabled. There is no port forwarding or triggering set up.

Connection fails at "verifying network". It sits there for a long time at that stage, then finally says "The remote gateway is not responding". Is there a way I can log and look the entire transaction, to see where its failing?

Still stumped. All help will be appreciated?

 

[smah]

This sounds to me like it could be a local firewall issue on the client side. The previous version of the QuickVPN client would fail with these same conditions if the XP firewall was enabled. To complete the connection, the local client machine must return a certain ICMP packet (a ping, essentially). In the newest version of the client software, they are doing something slightly different to get around this for the XP firewall, but it wouldn't surprise me if some other firewall software would block it (Norton, McAffee or any others).

For historical reference, here is a description of the problem that the newest version of the QuickVPN software gets around MSKB 88952. Now, even though the newest version of the client sofware can get around this, it wouldn't surprise me if some other software firewall would block the ICMP packet that's required to complete the connection.

You're right about the Linksys support of the QuickVPN client - it's terrible. The first time that I contacted them about it, the person I spoke with didn't even know that they had this software. Then eventually, after many hours of working with Linksys, their official answer was that the xp firewall had to be disabled on the client machines (which I was not about to do for the travelling salesmen's laptops). Eventually, I found the patch above and that resolved the problem. Now with the newest client, the MS patch above is no longer required.

This should work very well & very simply. You will probably have to enable some logging at both ends to find what's being dropped & where. The RV082 will log the transmittion info at it's end & you might look through the any logs on the client side router or software firewall. For reference while typing this, I used the QuickVPN client to connet through my local router & DSL connection to my RV082 at the office and timed it - I was connected in 25 seconds from the time that I clicked the connect button. Once the firewall problems above were resolved, it has always worked perfectly for me with up to 6 simultaneous QuickVPN clients. Don't give up, it will work well once you figure out the problem.

 

[CarSalesman]

Thanks for the Knowledge Base article.

 

[smah]

What do you have for Antivirus software on your client PC? Several AV software vendors also install a firewall. There is one other thing that I forgot to mention in the 'checklist' above. I don't think that it would prevent you from connecting, but it might mess with name resolution if you do get connected. The router warns you & tries to change it when you first set up a vpn client, but make sure that your local network is using a different address range from the RV082's.

 

[smah]

Linksys answer 1801 also talks about some of the connection messages.

 

[nsane]

I too have been fighting with this product and the quick VPN. I have two routers that I am playing with. I am trying to connect from a remote Windows XP laptop. To one RV082 it works great, I have found valuable info on the web to get that working. I did run across the scenario of it hanging on verifying network, so far I have been able to resolve this by using administrator privilages on the remote machine. Not ideal for us so I will have to work on this one later.

I am however having a problem with the RV082 at the office. The only difference is that at the office it is on an Active Directory Domain (shouldn't cause me to not connect to the router itself, right?) and it has a static IP from our ISP. When trying to connect it gets stuck at connecting. Does anyone have any thoughts in regards to this?

Any help is greatly appreciated.

 

[smah]

The things to check should be pretty much the be the same as in my earlier responses. But first you might want to disable 'block WAN request' in the firewall settings and see if you can ping the RV082 using the same name or address that you're trying to use for quickvpn.

 

[smah]

BTW, if I was to take a stab in the dark, my first guess would be the HTTPS setting or forwarding of port 443.

 

[uxoelmaf]

OK, I'm still fighting this battle. Linksys support is worthless on this issue.

I tried connecting my laptop directly to the cable modem, bypassing the router. No luck, so port opening in the router is not the issue.

I have Windows firewall disabled. I do have McAfee Virus installed, but not McAfee firewall.

I did some searching around on the net to see how I could verify if a port was open. From what I read, if you open a command line box, and type telnet 12.34.56.78 443. I used the IP address of my RV082.

When I do that for port 443, the screen clears, and I get an underline cursor blinking. Just sits there. No error messages. If I press Enter, I get a newline. Something is responding, but I don't know what that response means. Have to give it several control-C to break out of it. So, does that mean 443 is open or not?

When I do the same thing for 500 and 1723, I get an error message that it can't connect. I don't know of that means my laptop is closed for 500 and 1723, or that the RV082 isn't responding. I know the documentation says be sure that 500 and 1723 are open on the remote for QuickVPN, but it seems elsewhere that 443 is really the only port that gets used.

By the way, I use a Cisco VPN Client software to connect to a different server. No problem. I did uninstall the Cisco software, because the Linksys docs said that no other VPN software should be installed. Can I use the Cisco VPN software to connect with the RV082? If so, anyone know specifically how to set it up? The configuration options aren't the same, and I have no idea.

Still frustrated...

CarSalesman

 

[uxoelmaf]

Is there some other IP address, other than my own RV082, that I can test a telnet with a port to, to verify if the port is blocked on my end or not?

 

[smah]

If telnet got a response on the router's public address using port 443, then it is open. As long as there's no [conflicting] port forwarding set for port 443, you should be all set. By the way, q Enter should quit telnet.

Ports 500 & 1723 are not required (I think the cisco devices use these, but not the RV082). The response that you got means that those ports are closed on the RV082.

I'm sure the Cisco VPN client could be used (it uses the same protocols) however, it would have to be set up manually on the RV082 - you'll need to use the VPN - Client to Gateway settings page, not the VPN - VPN Client Access page.

Also, make sure that the Windows Firewall has an Exception allowed for the Linksys QuickVPN client.

 

[uxoelmaf]

So, once again we get nowhere, as we've proved that port 443 is open on my laptop and home network (or I wouldn't be able to connect using telnet).

Are you, or anyone else, familiar with with the settings on the Cisco vpn client, and those on the RV082, to tell me what they should be so they are compatible with each other? The field names do not match.

 

[smah]

port 443 is open on my laptop and home network (or I wouldn't be able to connect using telnet)

Wait a minute, maybe I misunderstood. The port 443 thing has nothing to do with your laptop or your home network; this should be open on the WAN interfaces of the router. The router will open this port as reqired when you select the HTTPS setting on the Firewall page. There should not be anything on the Setup - Forwading page about HTTPS (TCP443~443).

 

[uxoelmaf]

Let me clarify the devices, and hopefully you can tell me what I'm doing wrong.

The RV082 is at work. I need to access that network. Its set up with a username and password under the VPN tab, VPN Client access.

At home I have a cable modem and a Linksys RTP300, which is their router + vonage voip adapter. I have my laptop behind the RTP300, using fixed IPs on the LAN. On the RTP300, under Port Range Forwarding, I opened ports 443, 500, and 1723, both TCP and UDP, to the LAN address of my laptop.

The two networks are running different LAN addressing schemes. I have the most recent RV082 firmware, and QuickVPN client software.

Since you were able to access my RV082 with Quick VPN, that proves there are no problems on the RV082 end of the equation.

I'm trying to test if my laptop is really open for port 443. That's why I did the telnet test from the laptop. Does the telnet test really prove that? If not, how can I know for sure? It seems the problem is certainly on my laptop, because I tried plugging the laptop directy into the cable modem with no other router.

 

[smah]

On the RTP300, under Port Range Forwarding, I opened ports 443, 500, and 1723, both TCP and UDP, to the LAN address of my laptop

None of this is required. There is common misconception with regard to the ports used for [any] internet service including normal http websites. The RV082 is using port 443 for incoming connections - the QuickVPN client is transmitting to that port. This has nothing to do with the sending port on your laptop. Unless you're running some services inside your home network that people from the internet can connect to, don't do any port forwarding on the RTP300.

 

[uxoelmaf]

I did that on instructions from Linksys, but of course they haven't gotten it working, so their instructions may be suspect.

I can understand your comments as far as data transmitting from laptop to RV082. Obviously this needs to be a 2-way conversation. Doesn't the port need to be open on the laptop side, in order for data to come back to it?

If it isn't obvious already, I really don't understand what a port is. I understand what an IP address is, just not what a port is all about.

 

[smah]

TCP/IP protocol and data transmission is a very complex topic, but as it related to this question, we can say that port numbers less the 1024 are reserved for well known services - these are service that servers will be listening for connection requests on. For example 21 is for FTP, 80 is for http, 443 is for https, 135-139 are for several Windows netbios and file & print sharing services. For a normal website, you can add :80 after the .com and get the exact same site (because the web server is listening on port 80 anyway). So, because these are reservered for listening services, computers are programmed to send on other ports - after all there might be something listening on on of the well-known ports. There's some scheme to it, but your outgoing TCP/IP transmittions will be on random ports above 1024 and normally the recieving server will be listening on a port less than 1024 - for the RV082's QuickVPN service, this happens to be set for 443 (which would cause a confilct if you were trying to forward https requests to a web server behind it). Anyway, once the connection is established, the machines at both ends know their respective communication sockets for transmittion, so it doesn't matter that the originator is using some random port number - now that the connection is establised, the originator tells the server what port it's using.

(Phew, I hope that I didn't mangle that explanation too badly)

 

[uxoelmaf]

I gave up on Quick VPN, but I got it working using a different method.

I went into the RV082 VPN | PPTP server. I enabled PPTP, set up the IP addresses that the remote user will assume, and a username/password.

On my laptop, I went to Network Connections | New Connection | VPN. I set up IP address, username, password.

That creates a new network line on the laptop's network connections page. Double click on that. IT WORKS. Very quick connection. Everything works.

The RV082 can only support 5 concurrent PPTP connections, but that's enough for my use. If you can live with 5 connections, my advice to everyone is to forget Quick VPN!

Thanks to everyone above for the advice.