Linksys WRV54G and Windows 2000 Server 4

[AndyJG]

Hi, I'm trying to establish a VPN connection using PPTP through a Linksys WRV54G router. I have enabled PPTP pass-through and port forwarded TCP 1723 to the server. When I try to connect it waits at 'Verifying username and password'. If I DMZ the router to the server then everything works, however it is not very secure.
Any ideas would be appreciated.
Andy

 

[MyNameIsDoug]

I have been working for the last few days trying to get a VPN set up with my WRV54G and I am at the end of my rope. Can anyone offer a suggestion of what I should try next? Here's what I have done so far:

1) IPSec Tunnel - I tried setting up a tunnel using SSH Sentinnel. on the router side I used tunnel #1, set it to accept connections from any IP address, set the local secure group to be the entire subnet (192.168.0.0/24), etc.. For security, I tried every combination of settings (main mode, aggressive mode, DES, 3DES, MD5, SHA1, pre shared key, etc.) making sure that the settings matched on each side. But every time I try to connect SSH sentinnel tells me that it cannot open the VPN connection. I thought the problem might be my DSL connection at home (the way a SBC assigns IP addresses with their new modems is a little weird) so I tried all these various settings from a dial up connection as well. Nothing has worked. I call tech support but they are totally useless. They say they can connect to my VPN tunnel using another Linksys router. Big deal.

I also tried setting up the VPN using the Windows XP IPSec policy editor but when I try to assign the policy Windows says

"The following error occurred when saving IP Security data:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. (80070422)"

I tried starting IPSec services but then I get "Could not start the IPSEC Services service on Local Computer.

Error 10048: Only one usage of each socket address (protocol/network address/port) is normally permitted."

plus the procedure is so arcane that I couldn't possibly ask other users to set up their own VPN in this way.


2) PPTP Tunnel - after this fiasco I tried setting up a PPTP vpn using my Windows NT 4.0 server. After reading this thread I learned the trick about editing the configuration file on the router to properly forward GRE packets. ( I can't believe you have to go in and edit the configuration file to make this work! The tech support guy I talked to told me all I have to do is set up port 47 to forward on both UDP and TCP. Of course that doesn't work! I tried explaining to him how I got it to work by editing the configuration file but of course he had no idea what I was talking about). anyway, I can get it to pass my PPTP packets on to the NT 4.0 server but as soon as it gets to the point where its is registering my computer on the network, the remote access server on Windows NT throws a Dr. Watson error and crashes hard! We don't really have the money to upgrade our server to a new version of Windows unfortunately.

Any help would be great appreciated!

Doug

 

[JPMorgan]

So I have been looking all over the net for SSH Sentinel and can't find where to download it at all. Perhaps it is since I have been struggling with VPN problems all day now and can't see straight.

Downloading direction would be appreciated.

Great thread, I have learned a lot!

 

[gacollier]

You can pick it up here:

ftp://ftp.up.ac.za/pub/linux/ssh/pub/sentinel/

 

[tarheel2004]

I have searched everywhere for the exact settings for the WRV54G and SSH Sentinal (or Cisco VPN Client). The user AndyJG seemed to get his to work, but was setting up PPTP not IPSec. (Does this matter?)

Does anyone have a PDF of screen image of what their exact settings are for the WRV54G and VPN client? I have mine matched exactly and have tried everything that I have read on every forum I have been to (this one by far has been the most informative!), but still no connection. I can ping my router, but it's as if it is invisible when I try to connect with the VPN client.

I just want to be able to access my desktop with my laptop/PDA while on the road.

Thanks in advance.

 

[cygnuskaltora]

I'm having somewhat the same issue that tarheel2004 is having. I've tried to setup my WRV54G as the VPN server, but I can't get it to work. I'm using 3DES, IKE, PFS and a Pre-Shared Key. I have Tunnel 1 setup and enabled. I can remotely administer the router, so I know it's visible to the outside world, but I can't get the XP VPN or the Cisco VPN to connect. The Cisco doesn't even seem to have an area to connect to a Pre-Shared Key environment, only a Group password logon. Also, I can't find any information on the Linksys website about what the VPN Gateway is all about, and if that needs to be enabled. Thanks.

 

[billmac3]

stiffguy or bottlewasher - I don't suppose you could send me the 2.2.08 firmware could you? If you can, please send to billm@goldendev.com TIA

 

[Maximvs]

Greg (gacollier),

I'm having trouble trying to connect WinXP Pro client and Win98 client to LAN using the built-in VPN tunnel on my WRV54G router. On the LAN side I have WinNT 4 Server, and runnning RRAS. I was successful in connecting the Win98 client to LAN by forwarding port 1723 to the server, but was unable to do it for WinXP client. I think the problem is with XP because the netBEUI protocol cannot bind to the VPN adapter only TCP/IP. I need netBEUI because that is the protocol we use for file and print sharing. But all-in-all I want to just use the tunnel on the router to connect to our LAN. To my understanding the router is the VPN server and I don't need a VPN server behind the router, is that right? Unfortunately we don't have the funds to upgrade our server operating system. Please help! I've configured the router correctly according to Linksys' instructions, but I don't trust their instructions anymore. I feel better if you can help, because you seem to be the expert in this area.

Thanks,

Kevin

 

[gacollier]

Maxim,

Expert huh, not likely, but I'll take a stab.

Not sure I completely understand your question. I'm assuming that you're running "PPTP services" on the NT 4.0 machine given that you were "successful in connecting the Win98 client to LAN by forwarding port 1723 to the server".

As far as NetBEUI is concerned, you would only use that protocol as an "encapsulated" protocol from within your VPN setup, not an actual VPN connection method. Let me know if that's not clear.

As for "To my understanding the router is the VPN server and I don't need a VPN server behind the router, is that right?", actually yes and no. It is true you can use the router as a VPN server, but in the scenrio you've described your NT 4.0 server would be the VPN server not the router. The router only acts as a port/protocol forwarding device. You say that Win98 works but not XP... what VPN connection options are you using for Win98?

Greg

 

[Maximvs]

Greg,

Thanks for responding. Yes I'm running "PPTP service" on the NT 4.0 machine. I'm not clear on "encapsulated" protocol, does that mean the NetBEUI will in a way piggy back the TCP/IP? The main idea I want is to get WinXP to connect through the router only and not have to setup a vpn server behind it. When I setup the vpn connection using the wizard on the XP machine, the WANmini port does not support NetBEUI like it does in Win2K. To by-pass this problem I setup my WinXP computer to be a VPN server for WinXP clients, but I can only have one concurrent connection. So that's why I bought the Linksys WRV54G router with VPN tunnel built-in so I can connect any OS to our LAN. I was unsuccessful in getting this to work. Has anyone you know of that actually got this dang router to work the way it's supposed to work? I want to connect remote users with winXP, win2K and win98 to the router and not the VPN server behind the router.

Thanks,

Kevin

 

[gacollier]

Kevin,

You'll have to configure the group IPSec connections on your router. Unfortunatley I don't own a WRV54G, (I own a few RV082's which are similar) so I'm not sure on the group setup for this router. You may be able to utilize XP's IPSec connection or use a client like SSH Sentinel. You can pick up a copy here: ftp://ftp.up.ac.za/pub/linux/ssh/pub/sentinel/

Unfortunatley I don't have an answer for the NetBEUI component if you use this procedure. Why do you use NetBEUI and not TCP/IP for file sharing?

 

[Maximvs]

Greg,

We are using the "Multiple IP" method of sharing for our LAN. NetBEUI was installed because all of our computers were connected to the internet before we had any type of firewall or router. Does that make any sense? We then added a router and never reconfigured our servers to use TCP/IP for file and printer sharing. I guess now that we have a router I can get rid of the NetBEUI protocol. What are your thoughts?

Thanks,

Kevin

 

[gacollier]

Kevin,

I order to use file and print sharing with TCP/IP you'll need to enable "NetBIOS for TCP/IP" on each system. If you do go this route, I'd remove NetBEUI from all systems. We've kinda got off track here a bit. Did you still have a question related to VPN?

Greg

 

[Maximvs]

Hey Greg,

I'm going to remove NetBEUI from all systems to see if that will work. If not then I'll be contacting you again next week Tuesday or Wednesday.

Thanks,

Kevin

 

[gacollier]

Kevin,

Good luck man.

Greg

 

[Maximvs]

Hi AndyJG,

This is how I manage to get PPTP working on my LAN. Its obvious you need PPTP passthrough enabled and have port 1723 forwarded to your VPN server, which is on the "Port Range Forwarding" page. Here is the the trick, you need to enable port triggering. In the "Port Triggering" page under "triggered range" the start and end port is 47. Under "forwarded range" the start and end port is 1723 and I set the protocol to both TCP and UDP. There is one more port to trigger. Under "triggered range" is 50 and "forwarded range" is 500. Not sure what this one is, but it seemed to work just fine. On another note, I still haven't been able to setup the router to open a tunnel using either "GreenBow" or "Sentinel". That is the very reason why I purchased this unit so I wouldn't have to setup the VPN server behind the router.

Kevin

 

[beerlvr]

Wow, I guess I'm not the only one enjoying the excellent Linksys tech support.

I have a Linksys BEFVP41(v1) router with a Windows 2000 Advanced Server behind it and running RAS. I've enabled the PPTP Pass Through on the router and I'm forwarding port 1723 and 47 to the server. The router is running firmware version 1.41.1. Whenever I try to connect via a VPN, the client recieves Error: 721. Even putting the server in the DMZ doesn't help. Has anyone figured out how to get the VPN connection to work with this Linksys model?

Thanks in advance.

 

[DaH00Psta]

Fellas...
You must know that this thread is THE official, Unofficial support manual for getting VPN to work with the Linksys WRV54G Router.
A little background on my setup...

Internet >> Cable Modem >> WRV54G >> Win 2003 VPN Server
Router Firmware 2.25.2
Just want to give my clients and business partners the ability to access my network and data.

I had been plodding away for a few weeks just following the documentation put out by Linksys, trying to get the VPN portion of the router to work. Forget about their documentation, it will only get you non-stop 721 errors. I called Linksys, they said all you had to do was forward ports 47 & 1723 to your vpn server. DOH! Why didn't I think of that I say, knowing it wasn't going to work! Of course it didn't! It amazes me that Linksys puts out a product like this to begin with, but they don't even know how to support it, that is just plain funny...

But then I stumbled upon this thread.

2 posts did it for me...
The post by AndyG RE: Editting the router config file -

"Create a forwarding rule using either TCP/UDP or both. Name the rule GRE. Use port 47.

Go into Config management on the WRV54G and download the current config. Make a backup just in case something goes wrong. Edit this file and look for "GRE". Replace the protocol numbers (6) or (17) with 47. Save this file and Upload it back to the router. Now it should work. BTW, everytime you change any of the port fowarding options, you will have to re-do this fix as the protocol numbers default back to 6 or 17."

And in addition, I also had to follow the post by Maximvs RE: Port Triggering -

"This is how I manage to get PPTP working on my LAN. Its obvious you need PPTP passthrough enabled and have port 1723 forwarded to your VPN server, which is on the "Port Range Forwarding" page. Here is the the trick, you need to enable port triggering. In the "Port Triggering" page under "triggered range" the start and end port is 47. Under "forwarded range" the start and end port is 1723 and I set the protocol to both TCP and UDP. There is one more port to trigger. Under "triggered range" is 50 and "forwarded range" is 500. "

With these changes in hand, I was able to get clients to authenticate to the VPN server no problem...

Now if I could only figure out why they can't map to my shared network drives, that would be it...(wink,wink, HELP!)


BTW...Big props to gacollier for all his work on this one!

-Rob

 

[knwilson]

Well, As like many of you I bought the WRV54G to use it as the actual VPN server (endpoint), but to no avail. I have everything set up properly (according to all the docs I have found on several different sites/forums) on the router and I have tried using XP IPSec Policy, TheGreenbow VPN client, and the SSH Sentinel client all of which do not work. Here is my layout:

Home office 1:
Internet->Cable Modem->BEFW11S4>WinXP Pro (Ethernet), and WinXP Pro (wireless)

Home office 2:
Internet->Cable Modem->Windows 2000 Pro (USB Connection)

From either and preferrable both Home Offices I would like to connect to the WRV54G VPN Endpoint in the Company Office:
Internet->Cable Modem->WRV54G->4 Windows XP Pro clients (ethernet) and a WinXP Pro client (wireless)

As menioned earlier, I have tried everything I can possible think of as well as evcrything I could find online.

Can someone please please please please help me make this work?

I am now using the 2.25.2 firmware (upgrade didn't help).

I really don't want to build a VPN server on one of the XP Pro Clients running in the Company office, but if this is the only option then do I even need the WRV54G?

Thank you all in advance........

Kevin W.
PHX, AZ

 

[rrowald]

Hey I don't know if anyone is still out there listening on this thread but here it goes...

I have the following setup

Home office: WRV54G with Firmware 2.36
winxp laptop on the wireless

Main office: Sonicwall pro 200
Many pcs/servers behind this puppy

I am trying to get an IPSEC tunnel established from the WRV54G to the Sonicwall.

I have tried to get an IKE tunnel opened but it never connects.
I have gotten a Manual keys tunnel to "connect" but it will pass no information between the two devices. It shows a status of connected on the linnksys but not on the sonic wall.

If anyone has any insight as to how i might get these two beasts to communicate i would really appreciate it.

Thanks
Rob

 

[Maximvs]

rrowald,

If your main office has a sonicwall and you are trying to connect to it, don't you just need the Global VPN Client software installed on your machine? At your WRV54G router you need to enable NAT Transversal and VPN Passthrough for this to work. You can get the software on the sonicwall web site and search for "Global VPN Client download". If you are the adminisrator of the sonicwall device, then you know how to setup a VPN policy, if not then you will need your administrator to do it for you. I've dumped the WRV54G router and got the Sonicwall TZ 170 and works great, but the down side you have to pay yearly subscription for VPN connections. I use the WRV54G router as my wireless AP now, thats all its good for.

Cheers, good luck!

Maximvs