Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Linksys VPN routers... 8

Status
Not open for further replies.
gacollier

gacollier

IS-IT--Management
Feb 5, 2004
192
0
0
US
Has anyone used a Linksys RV082 for site-to-site VPN? I'm looking for a fairly robust, yet inexpensive site-to-site-to-site VPN solution. I'm thinking of using the RV082 at the main office, and Wireless-G WRV54G for (3) branch offices locations. Can anyone give me feedback on if this is the right type of equipment?

Thanks in advance.
 
Sort by date Sort by votes
Splendid!

I am using the SSH Sentinel VPN client. The link to download that is:

ftp://ftp.up.ac.za/pub/linux/ssh/pub/sentinel/

Instructions on the setup, which aren't "exact" but will get you going are at:


Another that I have used is called TheGreenBow VPN Client, and can be found at
When you go ahead and configure this kind of connection, be sure to do a Group VPN client setup on the RV082 (this option is available under the client to gateway setup of the RV082). If you don't select that option, you may have a difficult time connecting if your client is behind a router.

Go ahead and let me know if you have any questions about the setup. I'll be glad to help...

deeno
 
Upvote 0 Downvote
I ahve both RV082 routers setup with the latest firmware. I have two seperate addressing schemes for my offices. The tunnel connects fine and I can ping from both ends. I can map a drive using ip addresses from one side and browse the folder. When I try from the other side I can map the drive but when I try to browse the folder, I get a message "the drive is not accessible" . Both routers are set up exactly the same.
 
Upvote 0 Downvote
So, if I understand this correctly, you can browse folders from one side but not the other? Are you having any other problems aside from that?

I had a problem similar to the one that you're describing and to fix it I changed the MTU from Auto (I think it was set to 1500 under Auto) to Manual with a value of 1392. I made this change on both sides of the VPN though I'm not sure that the change is necessary on both sides. I would first change the setting on the side that is having problems browsing.

Go ahead and post back to let us know what you find. If it still doesn't work, you should try to lower the MTU even further (for troubleshooting purposes). When you post back, be sure to mention whether you're having any other similar problems, such as being unable to connect to a network printer or something.

Good luck..

deeno
 
Upvote 0 Downvote
sseaner,

(Assuming that these computers are windows miachines) What happens when you try do a "nbtstat -a" on the IP address from across the VPN?
(ie. nbtstat -a xxx.xxx.xxx.xxx)

Do you get Netbios name resolution? Also, what happens when you run the "net view" command to the IP address from across the VPN?
(ie. net view xxx.xxx.xxx.xxx)

Do you get a list of shares offered by the IP?
 
Upvote 0 Downvote
EXCELLENT INFO!. I switched both RV082's to 1392 and it works like a champ. Now I have to work on remote client connections. I will try some of the VPN clients you suggested. Have you had any success? Thanks for all of your help.

Scott
 
Upvote 0 Downvote
I'm glad that worked!!! Amazing that these small things can actually make a difference, eh??

Yes, to answer your question, I have had success with both the SSH Sentinel program and with TheGreenBow VPN client. I prefer SSH Sentinel. The setup is a bit tricky for both programs (unless you're very familiar with VPN terms and such), but the link for the instructions that I posted should get you going (the link applies to SSH Sentinel). Like I mentioned, the instructions aren't "exact" but they are close. By that I mean that some of the screens are different and such. The info is pretty much the same. If for whatever reason you can't get the client-to-gateway connection up, write back and I can post some more detailed instructions.

Remember this, though, when getting the client-to-gateway connection going, select Group VPN in the VPN Setup Options in the RV082. If you don't do this, you will probably have a difficult time connecting if your client is behind a NAT router.

Good luck! Ask if any questions pop up...

deeno
 
Upvote 0 Downvote
Deeno,

Have you run into this before... I have 3 offices setup with the RV082, firmware 1.0.11. I have VPN connections into each site from the main site. I have "keep alive" enabled, but for some reason the connections keep dying. When I go to the router web interface it shows the VPN connection status as "connected" but I can't ping through to the remote sites. If I press the "disconnect" button the browser refreshes, and quickly displays "connected" under status, (as if it didn't change) and all of a sudden my pings start going through. It's as if the router thinks it's connected, but really isn't. Any thoughts?
 
Upvote 0 Downvote
Yes, I have unfortunately run into the same problem on occasion. The problem here doesn't happen very often, maybe 2 or 3 times a month (per remote office). The only thing I can figure is that the connection is briefly dropped somewhere between here and the remote office where the link gets disconnected.

I am hoping that the future firmware will resolve this problem. If the RV082 had some sort of periodic VPN connection verification then you would think that it would be able to reconnect if it detected the connection had been lost.

Be sure to post back if you find any fix for this...

deeno
 
Upvote 0 Downvote
Thought I'd put in my .02 cents.

I am using the RV082's as backup links to our Frame Relay WAN. They connect to a PIX 515 here at HQ. They work well, except I've had to reboot them a couple times. We had bad experiences with the new firmware, I would not recommend it. Put it back to the original firmware and everything is good to go. Hopefully Cisco will get their hands in and add a little more functionality (I'd like to see more routing protocols besides RIP).

Currently I have only completed one full site with this but i am beginning to roll it out to the other sites now that I have the kinks worked out. That was with the other routers though...

Here is the thread I had going about the whole deal, thread557-579974

Thanks,

Matt Wray

GFH

 
Upvote 0 Downvote
Ok after a few minutes with Linksys tech support here's what I've uncovered. I have (3) LAN's spun together with RV082's. Each RV082 has a tunnel to the two others. I'm using IKE with a preshared key. The preshared key was the same for all tunnels. I've changed the key to different keys for all three tunnels. Everything seems to be working fine now, but I'll post again in the morning. One other thing, I did upgrade all three routers to 1.0.11. The previous version was 1.0.7. Which is more stable?
 
Upvote 0 Downvote
Spoke too soon. Connection for one of the offices just died. Here's the interesting thing... I've opened up WAN configuration for the remote router so I can check it's VPN status. The connection appears to die. I think it's dead because I can't ping the remote RV082 through the VPN using the private IP address. Now, when I bring up the web interface bith RV082's (local and remote) indicate that the VPN tunnel is still connected. When I hit the disconnect button the web interface refreshes and shows the tunnels connected (never see a disconnect status) and all of a sudden my pings start going through. The connection will only stay nailed up for between a few minutes and a few hours. Any other thoughts?
 
Upvote 0 Downvote
Is this the same with either firmware? We had lots of problems with the new firmware acting real buggy, that's why we went back to the original...

Thanks,

Matt Wray

GFH

 
Upvote 0 Downvote
From the for what it's worth dept after allowing a Linksys tech to dig around in my RV082's here's what they had to say about my VPN disconnects...

Disable the firewall option on all routers and everything should work fine. Obviously I'd rather not do that. I'm going to try and roll back my firmware version to 1.0.7 tomorrow and see what happens. Deeno, quick question, is there anyway you could jot down your VPN and Firewall settings from your routers and post it here.

Thanks much.
 
Upvote 0 Downvote
Greg,

I'll send the settings tomorrow (Friday). What exactly are you looking for? Just the firewall and VPN settings??

You've just got to love the Linksys Support Team, don't you?? I've talked to them before on unrelated issues and I hated every minute of it. The advice they recommend always seems to render their product useless in one way or another. Your case is a classic example... Disable the firewall? It's almost amusing. Oh well...

One time, though, believe it or not, I actually talked to a guy there who was very knowledgeable. I wish I had gotten his name. I can only imagine how he feels being surrounded by the folks that he works with. hmmm.

deeno
 
Upvote 0 Downvote
Deeno,

At this point I'm at my wits end with these friggin' units. I'm looking to compare as many settings as possible with a working configuration (VPN and firewall for sure). The tunnels seem stable when I disable all firewall settings, so I'm wondering which specific settings you're using. Also, there was a mention manually setting MTU for these dogs, I'm curious if you're running with that setting. Anything that helps narrow this down some. Also, as a side note, I ran a port scan on my RV082 from the WAN side and noticed port 8023 open. It appears to be a command line interface for the router. Haven't checked to see if it's open by default. One last item, what firmware version are you using?
 
Upvote 0 Downvote
I'm just going to jump in here since you guys always come up in my searches about the new VPN router we have. We just got a new router it's a RV082. It was pretty cool in the beginning as we used a BEFVP41 as the enpoint, this has now been replaced with the 082 and touble started.

I'm trying to connect, using Sentinel, to the VPN router but not getting it to work. I have a dynamic IP on the client and that will change with dialup and such. I was on the phone with a linksys rep for 2 hours and finally he said the RV082 does not accept clients unless they have a) static IP or b) they do have a FQDN. Is this true ? I have read that other users have had success with the Email address and using group.

You guys seem to know infinate more about this than Linksys so I hope you can take a sec to either ask further questions or think of where I can look up some more info....

good posts and very informative guys !
Gaute
 
Upvote 0 Downvote
The RV082 can support a connection from a client with a dynamic IP address. The FQDN is actually required, but this is not significant since you can make it up. You just need to be sure to enter the same "text" for the FQDN on the client and on the gateway. I use the USER FQDN option since my IP address at home changes. Upgrade to the latest firmware on the RV082 if you haven't already and follow these steps to configure the RV082:

1. Login to the RV082

2. Click the VPN tab

3. Click the Add New Tunnel button

4. Under Client to Gateway, click Add Now

5. Select Group VPN

6. Enter a name in the Group Name box (this can be anything, it is only there so you can identify it among other connections)

7. Select the interface to which the client will connect (Probably WAN1)

8. For Local Security Group select Subnet

9. If you are using the default network settings, enter 192.168.1.0 for your IP Address and 255.255.255.0 for your subnet mask

10. For the Remote Client, select E-Mail Address

11. Make up an email address. The "user" of the email address will go in the box before the @ sign and the (made up) FQDN will go in the box after the @ sign

12. For the IPSec Setup, keep all of the settings as they are by default with the exception of the Preshared Key. For the Preshared Key, come up with a random string of characters. The longer the string of characters the better. You will need this string of characters, matching case, on the client when you set it up.

13. Click the advanced Button and select Aggressive Mode and Keep Alive.

14. Click Save Settings.

This should get the RV082 configured correctly. A dialog box will come up asking if you want to setup another tunnel, just click cancel. You're now ready to configure the client.

The setup for the client is a bit more tricky. I see you have chosen SSH Sentinel, that's a good choice. What version of this are you using? I'm using version 1.3.2. I'll go ahead and throw the settings up for that version. These steps assume that you have already installed SSH Sentinel and have restarted the computer after the setup process.

1. Right-click the SSH Sentinel icon in that is by the clock in the button right of your screen and select Run Policy Editor (with the left button).

2. Click the Key Management tab.

3. Under Host Key double click add.

4. Select Create a Pre-Shared Key and click next.

5. Enter a name for the key in the Name Box (this is just for you to identify the key). In the next two boxes, enter the string of characters that you came up with in step 12 of the RV082 setup (these must match exactly as they are entered in the RV082). Click Finish.

6. You should be back in the Key Management tab of the Policy Editor window. Double click on the key that was just created (it will have the name that you entered for it in step 5).

7. Click the Identity tab, and for Local Primary Identifier select Administrator Email. A box will appear below where you type the value for this setting. This is where you enter the email address that you made up in step 11 of the RV082 setup. For instance, you will enter something such as user@company.com in the box. This must match the setting that is in the RV082 that you configured in step 11 above)

8. Click OK.

9. You should be back in the Key Management tab of the Policy Editor window. Click on the Security Policy tab. Once there, click on the VPN connections icon and click Add.

10. I'm guessing that you want to enter the IP Address of the RV082, so click on the IP button next to the Gateway Name box and enter the IP Address of the RV082 (This will probably be the IP Address of the WAN1 port on the RV082).

11. Click the ... button to the right of the Remote Network box. Click New. Create a Network name for your own identification purposes. Assuming you're using the default settings in the RV082, enter 192.168.1.0 in the IP Address field, and enter 255.255.255.0 in the Subnet Mask field. Select OK.

12. From the Remote Network drop down box, select the name for the remote network that you just created in the previous step.

13. For the Authentication Key, select the name that you created for the Authentication Key in step 5.

14. Click Properties.

15. Click Settings under IPSec/IKE Proposal.

16. Under IKE Proposal, for Encryption algorithm select DES, for Integrity Function select MD5, for IKE Mode select Aggressive, for IKE group select Group 1. Under the IPSec Proposal, for Encryption algorithm select DES, for Integrity Function select HMAC-MD5, and for PFS group select Group 1. Click OK.

17. Click on the Advanced tab. Check Enable Network Address Translation Traversal. You can leave the Discover path maximum transfer unit checked. If you want to audit this rule, keep that option selected, though you can probably uncheck the option.

18. Click OK.

19. You should be back in the Add VPN connection. Click OK.

20. You should be back in the SSH Sentinel Policy Editor. Click OK.

Those steps should get you going on your client. To connect to the tunnel, right-click the SSH Sentinel icon by the clock, scroll up to Select VPN, then select the VPN to which you want to connect (this will either be the IP Address or FQDN of the RV082 as entered in step 10 above).

So, that's it. I hope I didn't forget anything there!! It's important to follow those steps exactly since the settings must match on the client and the gateway.

If you have questions be sure to post back... hope that helps :)

deeno
 
Upvote 0 Downvote
deeno, what can I say exept thank you so very very much. That was exactly right and you saved me from working with VPN nightmare testing this weekend, other than following you EXCELLENT manual for a total of 4.5 minutes. It connected right away and I can not thank you enough....

Have a beer on me deeno !
Gaute
 
Upvote 0 Downvote
Hey deeno, if you have a second your comments would be greatly appreciated. I have two machines at home and installed the VPN on both, however I can only run Sentinel successfully on one machine at a time. I ran two at the same time at one point but now it's first come first serve. I have a WRT54G router here at home, can it or the VPN router cache my external IP so I can only have one tunnel thru to the same VPN router from one ext IP ? I can switch between which one I want to connect by release/renew on either... Its really throwing me for a loop :eek:)

Cheers
Gaute
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
306
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Question
Best vpn safe and fast
Replies
4
Views
198
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
126
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
222
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top