Linksys RV082 woes

[CarSalesman]

I have two RV082 at two different offices, both on static IPs. LANs are fixed IPs, different ranges. No problem connecting router to router, can access LAN to LAN.

Frustration is getting remote access from PC not on one of the RV082. I've spent HOURS on live chat with Linksys. They've tried everything, but honestly they don't seem to know much about it.

Primarily I'm trying to use Linksys Quick VPN software, but will consider using MS VPN. My remote PC uses XP Pro.

At home, I'm connecting through a router and cable modem. I've opened ports 443, 500, and 1723 on my remote router. I've even tried putting my PC on DMZ.

I really don't think the issue is on the remote PC end, because Linksys tried to connect from their computers, using Quick VPN, and couldn't get in. To me, that means the problem is entirely on the RV082 end. There really isn't much to set up on the RV082 for Quick VPN, just the username and password. Is that right?

Anyone have positive exprience with Quick VPN? I'm ok with using MS VPN, but there are bunches of settings for that on the RV082 that I don't understand. Any help with those would be appreciated.

 

[nsane]

SMAH,
To respond to your suggestion, I turned block wan request and was able to ping the RV082 just fine. This is good, I can communicate with the router and the static IP. I do have https enabled and do not have any ports other than email forwarded on my router. Because I can connect to one box at home from the office and not to the office from home (identical settings on the laptop and router) I am left wth a few differences. Office has static WAN address from ISP, home has dynamic address from same ISP. Sounds like we ruled this out as a possible issue, DNS is working. The office router is on an Active Directory Domain. The laptop when joined to the network can talk to the router at home, when I take the laptop off the network (would MS security policies and/or group policies) for the quick vpn change if not on the domain? The only other item that is different is the modem but that doesn't seem to have much in the way of settings. I have tried swapping the routers and it is not a hardware issue. I am greatful for your suggestions.

 

[smah]

nsane, recapping (to make sure I didn't get lost):

You can remotely connect to 1 RV082 withouth issue, but have trouble with another. When connecting to the problem one, the client software hangs at 'Connecting'. You can ping the problem router.

If that's all correct, there's one point that I'd like clarify - for both routers, you are using the same client computer from the same location - the xp laptop, presumbably from home or some consistant remote location. The reason that I want to clarify this is becuause if the client conditions are the same for both cases, anything on the client side is ruled out and the cause has to be on the router side.

 

[nsane]

You are correct, the laptop is from a consistant location, and cannot connect to the problem router, but can to the other one. We did switch routers and had the exact same results which leaves me with....fustration.

 

[smah]

So, if you switched routers & the problem stayed at that connetion, there must be something specific to that connection. Is the same ISP being used for 'problem' router & 'good' router? Could the ISP be blocking port 443 connections?

 

[nsane]

The same ISP is being used. I have contact them regarding port 443, 60443 (new to linksys with firmware upgrade) and port 500. All should be open. They have been great at answering questions for me. The event log on the router shows my attempted connect and reports access denied - policy violation and lists the WAN ip of the router I'm trying to VPN from. Tells me it sees my attempt. It references port 443 but I cannot figure what 'policy' it's referring to.

 

[smah]

A combination of Firewall access rules & content filters as well as port forwarding & triggering are what creates a 'policy'. Unfortunately, the logging system doesn't really specify what policy is being violated. What is the rest of the text on th the 'violation' lines of the log file (hide your IP addresses).

As for port 60443, I've been told that this doesn't work well yet, but havent tested it personally.

 

[nsane]

The exact message is this:
Jun 6 10:56:51 2006

Connection Refused - Policy violation

TCP "remote router ip address":2169->office router ip address:60443 on ixp1

The port 2169 has also appeared as 2163 and 2164, this one changes.

 

[smah]

It seems odd that it's trying to use 60443. I was under the impression that it only tried to use this if 443 was in use.

 

[Zalain]

The only way I got a succes with it is by shuting down the windows firewall on the client.

Control panel -> Administrative Tools -> Services -> Windows Firewall -> Stop

then it work.

It was working just fine before, something must have been changed in the windows firewall with one of the last windows update.

I use RV082 routers and LinksysQuickVPN on XP.

For me Linksys still rock... Microsoft messed.

Alain-A. (System Administrator/IT)

P.S. dont forget to put back on your firewall on the client after you close your VPN connection.

 

[nsane]

I am aware that this is an issue. Odd that Microsoft worked with Cisco to create the quick vpn. Our firewall on the XP box has been turned off on our test remote pc. I have also gone into the advanced tab and unchecked the various connections in case it truly wasn't off. Do you have your RV082 connected to a Domain network?

 

[smah]

You need to use the latest QuickVPN client software and router firmware to resolve the XP firewall problem. Alternatively, check the link that I posted way above for MSKB 88952.

 

[jpopper]

I have a RV082 and have clients connect via PC and IPSEC (MAC)

What you need to do:
Log in to RVO82
- go to Client to Gateway
- creat a Group VPN
- Name the connection
- Enter your local secure group info (internal network info)
- select remote client to be "Microsoft XP/2000 VPN Client"
- Set phase 1 and phase 2
- create a preshared key
- under advanced select Netbios and Keep alive
Save your changes

You will be able to connect once you configure a VPN client.

For the PC's i use Safe Remote and MAC use IPSecuritas.

It works great

 

[nsane]

I have tried the MS patch and that didn't seem to help. The Q article looked promising though. I am running Windows XP SP2 on the laptops.

I have set up the tunnel (group) suggested above. Will the MS VPN allow me to connect? If so, where is the userid and password info stored on the router, what will it be looking for? I am looking for the web site for Safe Remote to see if I can get a trial but only find something for linux. Can you direct me to the Windows client location?

Has anyone gotton into the security policy piece of VPN? The quick VPN software places an entry of freeswan in the security policy for the local PC. I haven't determined whether this entry is added upon install or first successfull connection. Any ideas?

Thank you very much for your help thus far. Once, I would like to take something out of a box, plug it in and have it work as directed. Kinda like a toaster.

 

[BigDaveDeluxe]

Hello,

Thanks for the post, it actually helped me get my VPN up and running... The Firewall does cause a huge problem for the QuickVPN software (Im running the full version of Zone Alarm) I am now using both the PPTP and quickVPN setup's for the five users.

FYI - the RV042 has the PPTP Server option (firmware update)if you goto the linksys web site to the download section for the RV042. The new QuickVPN client (update from the QuickVPN client it comes with) does work better but not 100% - the PPTP setup is just as easy.

One user had a problem with Outlook and using the windows VPN client at the same time, but the new QuickVPN client works without the problem.

The quickVPN client will work even if you you get the f'ing 'remote gateway not responding'. If you connect with the microsoft VPN client first then run the quickVPN the quickVPN will connect. You can shut down the Microsoft VPN connection and it will hold...go figure.

also FYI : the WRT54G has new firmware that will allow you to setup a quickVPN - 50$ for the router and two downloads - now if they could just get the quickVPN to work 100%