Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Linksys WRV54G and Windows 2000 Server 4

Status
Not open for further replies.

AndyJG

IS-IT--Management
Mar 10, 2004
23
CA
Hi, I'm trying to establish a VPN connection using PPTP through a Linksys WRV54G router. I have enabled PPTP pass-through and port forwarded TCP 1723 to the server. When I try to connect it waits at 'Verifying username and password'. If I DMZ the router to the server then everything works, however it is not very secure.
Any ideas would be appreciated.
Andy
 
Hi Greg,

Try to use SSH Sentinal ver 1.4 for the VPN tunnel but there are so many settings. I've checked the thread you've listed my it's no help to me.

Any tips?
 
Andy,

Deeno's instructions seem right. What problems are you having?

Greg
 
Wow....after a couple crazy days trying to figure out why VPN was not working through a Linksys Router and after talking to Linksys support for over an hour I have a solution!!

First, off only port 1723 needs to be forwarded. GRE 47 is referred to as PPTP passthrough on the routers....so just make sure that is ENABLED.

Here is the magic....get the right FIRMWARE. My problem was that I assumed newer firmware was better firmware....WRONG. Linksys has a major problem with this. For instance I was using a BEFSR41 v2 router and had v1.45.7 on it (NO GO)...downgraded to v1.43.3 and everything is working perfectly.

So my advice...find a firmware that works and upgrade at your own risk!!

Cheers
 
I am new to forums, but I had to thank all involved in this thread, as it saved me about a gazillion hours of headaches. I had this EXACT issue and your resolution worked perfectly.

gacollier - you really seem to know what you are doing. If you are every in the Tampa area look up Computer Needs, Inc. - we need good people like you.

Thanks.
 
Wow thanks! Tampa huh... now that's not too shaby a deal. I'll look you up when I get tired of dreary St. Louis.

Kidding aside, thanks again for the words.

Greg
 
Wow,
I've got a Linksys router was was soon planning to try the same VPN setup.

Thanks to you guys for saving me alot of hassle.
 
gacollier,

After hours and hours of ripping my hair out by the roots, you have delivered the solution. Kudos!

I cannot tell you how long I have been racking my brains on this issue. My hats off to you!

Sam

 
ok folks - I was just about ready to kill the Linksys tech support... it's almost like they enjoy seeing us squirm. I just upgraded to the WRV54g ver 2.25.2 . I have an XP client. Is there anyone who can provide exactly which ports are being forwarded on the router?? Are there any other settings on the router (like under the security/apps and gaming tabs, etc.) What config should I use with XP or do I need that client software? I tried the XP VPN client (in network connections) and no luck. Any help or white paper is HUGELY appreciated!!!!!!!!!!
 
slinder,

What exactly are you trying to do? Port forward to an internal VPN server?

Greg
 
no, I just want access to my home network. I just tried using ssh sentinal and it worked and then died.

XP Pro -->wrv54G --> exchange server

The outcome is that I need to be able to sync with my exchange server while I'm on the road going through my wrv54g. Is there any type of client software out there?

thanks!!!
 
slinder,

Why not just port foward the WRV54G to your exchange server vs. going through the VPN?

I'm wondering if you have the correct settings on the WRV54G and your SSH client. Here's the configuration Deeno posted for the RV082, which should be very similar to the WRV54G.

The RV082 can support a connection from a client with a dynamic IP address. The FQDN is actually required, but this is not significant since you can make it up. You just need to be sure to enter the same "text" for the FQDN on the client and on the gateway. I use the USER FQDN option since my IP address at home changes. Upgrade to the latest firmware on the RV082 if you haven't already and follow these steps to configure the RV082:

1. Login to the RV082

2. Click the VPN tab

3. Click the Add New Tunnel button

4. Under Client to Gateway, click Add Now

5. Select Group VPN

6. Enter a name in the Group Name box (this can be anything, it is only there so you can identify it among other connections)

7. Select the interface to which the client will connect (Probably WAN1)

8. For Local Security Group select Subnet

9. If you are using the default network settings, enter 192.168.1.0 for your IP Address and 255.255.255.0 for your subnet mask

10. For the Remote Client, select E-Mail Address

11. Make up an email address. The "user" of the email address will go in the box before the @ sign and the (made up) FQDN will go in the box after the @ sign

12. For the IPSec Setup, keep all of the settings as they are by default with the exception of the Preshared Key. For the Preshared Key, come up with a random string of characters. The longer the string of characters the better. You will need this string of characters, matching case, on the client when you set it up.

13. Click the advanced Button and select Aggressive Mode and Keep Alive.

14. Click Save Settings.

This should get the RV082 configured correctly. A dialog box will come up asking if you want to setup another tunnel, just click cancel. You're now ready to configure the client.

The setup for the client is a bit more tricky. I see you have chosen SSH Sentinel, that's a good choice. What version of this are you using? I'm using version 1.3.2. I'll go ahead and throw the settings up for that version. These steps assume that you have already installed SSH Sentinel and have restarted the computer after the setup process.

1. Right-click the SSH Sentinel icon in that is by the clock in the button right of your screen and select Run Policy Editor (with the left button).

2. Click the Key Management tab.

3. Under Host Key double click add.

4. Select Create a Pre-Shared Key and click next.

5. Enter a name for the key in the Name Box (this is just for you to identify the key). In the next two boxes, enter the string of characters that you came up with in step 12 of the RV082 setup (these must match exactly as they are entered in the RV082). Click Finish.

6. You should be back in the Key Management tab of the Policy Editor window. Double click on the key that was just created (it will have the name that you entered for it in step 5).

7. Click the Identity tab, and for Local Primary Identifier select Administrator Email. A box will appear below where you type the value for this setting. This is where you enter the email address that you made up in step 11 of the RV082 setup. For instance, you will enter something such as user@company.com in the box. This must match the setting that is in the RV082 that you configured in step 11 above)

8. Click OK.

9. You should be back in the Key Management tab of the Policy Editor window. Click on the Security Policy tab. Once there, click on the VPN connections icon and click Add.

10. I'm guessing that you want to enter the IP Address of the RV082, so click on the IP button next to the Gateway Name box and enter the IP Address of the RV082 (This will probably be the IP Address of the WAN1 port on the RV082).

11. Click the ... button to the right of the Remote Network box. Click New. Create a Network name for your own identification purposes. Assuming you're using the default settings in the RV082, enter 192.168.1.0 in the IP Address field, and enter 255.255.255.0 in the Subnet Mask field. Select OK.

12. From the Remote Network drop down box, select the name for the remote network that you just created in the previous step.

13. For the Authentication Key, select the name that you created for the Authentication Key in step 5.

14. Click Properties.

15. Click Settings under IPSec/IKE Proposal.

16. Under IKE Proposal, for Encryption algorithm select DES, for Integrity Function select MD5, for IKE Mode select Aggressive, for IKE group select Group 1. Under the IPSec Proposal, for Encryption algorithm select DES, for Integrity Function select HMAC-MD5, and for PFS group select Group 1. Click OK.

17. Click on the Advanced tab. Check Enable Network Address Translation Traversal. You can leave the Discover path maximum transfer unit checked. If you want to audit this rule, keep that option selected, though you can probably uncheck the option.

18. Click OK.

19. You should be back in the Add VPN connection. Click OK.

20. You should be back in the SSH Sentinel Policy Editor. Click OK.

Those steps should get you going on your client. To connect to the tunnel, right-click the SSH Sentinel icon by the clock, scroll up to Select VPN, then select the VPN to which you want to connect (this will either be the IP Address or FQDN of the RV082 as entered in step 10 above).

So, that's it. I hope I didn't forget anything there!! It's important to follow those steps exactly since the settings must match on the client and the gateway.


Post back if you still have problems.

Greg
 
Hi Adny/Greg:

I have WRT54G. After talking to Linksys they sent me a new firmware , i think 2.2.08-pptp. after upgrading at least it gets connected to vpn rather than giving error 721. However still Outlook does not work.

I downloaded the config maangemet file from WRT54G. Which program should I use to edit the file to replace GRE 6 and 17 with 47 ??

can any one help me ??

thanks
 
stiffguy (TechnicalUser) May 22, 2004
Hi Adny/Greg:

I have WRT54G. After talking to Linksys they sent me a new firmware , i think 2.2.08-pptp. after upgrading at least it gets connected to vpn rather than giving error 721. However still Outlook does not work.

I downloaded the config maangemet file from WRT54G. Which program should I use to edit the file to replace GRE 6 and 17 with 47 ??

can any one help me ??

thanks
 
stiffguy -

I don't suppose you could send me the 2.2.08 firmware could you? If you can, please send to jsbac@sbcglobal.net.

Thanks -
bw
 
Hi Bottlewasher:

Where did u find the 2.2.08-pptp firmware?. Also can u help me as how to edit the config file? means which utility to use for the editing ?>

thanks
 
stiffguy,

I believe Andy just used Windows Notepad to edit given that it was clear text and not compiled. Have you tried that?

Greg
 
Hi Greg:

I tried notepad and wordpad . It looks like it is compiled. Can;t make out any sense once open it.

Thanks
 
Stiff,

If you like you can e-mail it to me at greg@dsiprocess.com and I'll see what I can do.

Greg
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top