VPN connection established but can't access files

[aquinox]

Hi,
I was wondering if anyone might be able to help me here. I have a linksys WAG200G wireless modem router for my ADSL broadband connection at home. And i have troubled with getting the VPN connection to work.
Here is how the network is set up at home.
ADSL goes to Linksys modem router. Then, i have a Netgear router FVS318 hooked up to Linksys modem. The VPN connection has been set or configured in the Netgear router. Then, i have one PC connected to the Netgear router.
I've been trying to get the VPN connection to work so that i can work from home.
Here is the log info i got from Netgear router.
Sun, 07/01/2007 21:59:20 - FVS318 IPsec:drop connection: BLOOFFICE
Sun, 07/01/2007 21:59:20 - FVS318 IPsec:delete_out()
Sun, 07/01/2007 21:59:20 - FVS318 IKE:[BLOOFFICE] TX >> DELETE SA :
101.10.78.16 (SPI=4094c29d)
Sun, 07/01/2007 22:06:56 - FVS318 IPsec:call ipsecdoi_initiate
Sun, 07/01/2007 22:06:56 - FVS318 IPsec:New State index:0, sno:1
Sun, 07/01/2007 22:06:56 - FVS318 IPsec:Initiating Main Mode
Sun, 07/01/2007 22:06:56 - FVS318 IKE:[BLOOFFICE] Initializing IKE Main Mode
Sun, 07/01/2007 22:06:56 - FVS318 IKE:[BLOOFFICE] TX >> MM_I1 : 101.10.78.16
Sun, 07/01/2007 22:06:56 - FVS318 IPsec:inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Sun, 07/01/2007 22:06:56 - FVS318 IPsec:Receive Packet address:0x1397554
from 101.10.78.16
Sun, 07/01/2007 22:06:56 - FVS318 IKE:[BLOOFFICE] RX << MM_R1 : 101.10.78.16
Sun, 07/01/2007 22:06:56 - FVS318 IPsec:Oakley Transform 2 accepted
Sun, 07/01/2007 22:06:56 - FVS318
IKE:OAKLEY_PRESHARED_KEY/OAKLEY_3DES_CBC/MODP768
Sun, 07/01/2007 22:06:56 - FVS318 IKE:[BLOOFFICE] TX >> MM_I2 : 101.10.78.16
Sun, 07/01/2007 22:06:56 - FVS318 IPsec:inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:Receive Packet address:0x1397554
from 101.10.78.16
Sun, 07/01/2007 22:06:58 - FVS318 IKE:[BLOOFFICE] RX << MM_R2 : 101.10.78.16
Sun, 07/01/2007 22:06:58 - FVS318 IKE:[BLOOFFICE] TX >> MM_I3 : 101.10.78.16
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:Receive Packet address:0x1397554
from 101.10.78.16
Sun, 07/01/2007 22:06:58 - FVS318 IKE:[BLOOFFICE] RX << MM_R3 : 101.10.78.16
Sun, 07/01/2007 22:06:58 - FVS318 IPsececoded Peer's ID is
ID_IPV4_ADDR:101.10.78.16 and 101.10.78.16 in st
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:inserting event EVENT_SA_REPLACE,
timeout in 86340 seconds for #1
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:STATE_MAIN_I4: ISAKMP SA established
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:New State index:1, sno:2
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:New Message ID generated:400006
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS
Sun, 07/01/2007 22:06:58 - FVS318 IKE:[BLOOFFICE] TX >> QM_I1 : 101.10.78.16
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:in get_ipsec_spi() spi=4094c29e
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:My generated SPI=4094c29e
Sun, 07/01/2007 22:06:58 - FVS318 IPsec:inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #2
Sun, 07/01/2007 22:07:00 - FVS318 IPsec:Receive Packet address:0x1397554
from 101.10.78.16
Sun, 07/01/2007 22:07:00 - FVS318 IKE:[BLOOFFICE] RX << QM_R1 : 101.10.78.16
Sun, 07/01/2007 22:07:00 - FVS318
IKE:[ESP_3DES/AUTH_ALGORITHM_HMAC_SHA1/In SPI:4094c29e,Out SPI:ef5639ce]
Sun, 07/01/2007 22:07:00 - FVS318 IPsec: ESP(3DES-CBC SHA-1)
Sun, 07/01/2007 22:07:00 - FVS318 IPsec: ESP(3DES-CBC SHA-1)
Sun, 07/01/2007 22:07:00 - FVS318 IKE:[BLOOFFICE] TX >> QM_I2 : 101.10.78.16
Sun, 07/01/2007 22:07:00 - FVS318 IKE:[BLOOFFICE] established with
101.10.78.16 successfully
Sun, 07/01/2007 22:07:00 - FVS318 IPsec:inserting event EVENT_SA_REPLACE,
timeout in 28740 seconds for #2
Sun, 07/01/2007 22:07:00 - FVS318 IPsec:STATE_QUICK_I2: sent QI2, IPsec SA
established
Sun, 07/01/2007 22:07:04 - FVS318 IPsec:Receive Packet address:0x1397554
from 101.10.78.16
Sun, 07/01/2007 22:07:04 - FVS318 IPsec:loglog[10] retransmitting in
response to duplicate packet; already STATE_QUICK_I2
Sun, 07/01/2007 22:07:10 - FVS318 IPsec:Receive Packet address:0x1397554
from 101.10.78.16
Sun, 07/01/2007 22:07:10 - FVS318 IPsec:loglog[10] retransmitting in
response to duplicate packet; already STATE_QUICK_I2
Sun, 07/01/2007 22:07:14 - FVS318 IPsec:Receive Packet address:0x1397554
from 101.10.78.16
Sun, 07/01/2007 22:07:14 - FVS318 IPsec:loglog[3] discarding duplicate
packet -- exhausted retransmission; already STATE_QUICK_I2
End of Log ----------

From the log shown above, i believe the connection should have been established but unsure about the last bits where it said discarding duplicate packet -- exhausted retransmission. I was hoping if there is anyone who might be able to tell me what's happening here.

Thank you in advance

 

[burtsbees]

You want to connect to work from home? Why do you have a VPN config at home?

Burt

 

[aquinox]

Hi Burtsbees,

Thank you for your reply.

I'm not quite sure of what you meant there. Yes, i want to connect to work from home and i think the more secure way is to use VPN connection. So i bought a VPN router at home so that it can talk to the VPN router at the office. Hence, i configured the netgear VPN box at home so that it can connect to the Office's VPN router.

Please correct me if i'm wrong. This setup has always been working without any dramas. It's just that recently we bought the new linksys modem router to replace the netcomm modem router. Since then, i got problem with VPN. The problem is listed above.

Any ideas?

Thank you in advance

 

[burtsbees]

What I mean is that you only need a VPN config where you work---there, the VPN device, whether it be a Windows server, Cisco router (my favorite) or a Cisco VPN concentrator, will allow you to connect and hold all of the authentication and firewall stuff. There is no need for a VPN device at home.
For example---I connect from work to my house during the day sometimes. I have a Cisco 837 adsl router at home that holds the complete vpn configuration. I have configured nothing on the work router---just on my laptop at work, and on it I have Cisco VPN client.
Your setup at home seems a bit convoluted to even work properly. My question now is---what serves the VPN connections where you work? If it is a Windows server, then the only thing you need at home other than a modem/router is a client configuration in your computer, and the proper credentials used to connect (I.E. IP address of the VPN server, username, password).

Burt

 

[VPNSteve]

If the problem started when you bought the new linksys modem router, then that is likely the source of your problem. I'm assuming that this is a branch office tunnel. It may very well be that the new router is not passing all of the traffic (there have been issues with all vendors with home routers). It's difficult to say b/c I'm not familiar with your Netgear box.

As for your setup, there's nothing wrong with doing it the way you describe. It sounds as though you have set up a branch office tunnel (which connects two sites and allows multiple users) instead of simply having a vpn client on your pc. While some may say it's convoluted, it's actually fairly simple.

 

[burtsbees]

That's not necessarily true, Steve. Tunnels are used for site-to-site VPN's. What he has here is a VPN server (router) at work. Now if this VPN router at work connects site-to-site, then yes, it tunnels.

Burt

 

[VPNSteve]

Maybe I missed something. I'm not sure I understand your point burtsbees. IPSEC tunnels can be site-to-site (p2p BOT or ABOT) or client tunnels (like your cisco client). A p2p or ABOT is formed between two VPN routers, a client tunnel is formed between a PC and a VPN router (for the most part, anyway). From his description he is clearly making a tunnel from his Netgear to his work - it is not clear (to me anyway) what type of tunnel he is making. It could be a p2p or ABOT, or it could be the Netgear is acting in client mode (similar to the Nortel 221). I don't know the Netgear at all to know if it even does that.

Having said that, what was it that I said that might not be true?

 

[burtsbees]

I thought that normally when people operate from a SoHo, they are a client and are establishing a VPN session with the remote router, or a remote access VPN. Aquinox seems to be describing a site-to-site VPN, like a point-to-point intranet VPN. My question was why he had a router connected to another router and then his pc, as he said...
"ADSL goes to Linksys modem router. Then, i have a Netgear router FVS318 hooked up to Linksys modem. The VPN connection has been set or configured in the Netgear router. Then, i have one PC connected to the Netgear router."
This is why I was saying that his setup is a bit convoluted. Maybe VPN's are my weak area, but I would not hook my PC to a router with a VPN config and another router for my adsl connection.

Burt

 

[VPNSteve]

Ok, I see. I would agree with you on the way you describe it, but he didn't connect the PC to both routers. The PC goes to the Netgear, the Netgear (which establishes the tunnel) goes to the linksys router out to the internet. And I wouldn't say VPNs were a weak area for you - you seem to have a better understanding than many. I was just confused as to what *I* might have missed - and like I said - I don't know much about the Netgear products.

Anyway, aquinox, I think that if the problem started when you introduced the new router then it's a very good bet that your problem lies there.

 

[burtsbees]

I see now...as far as I know, depending upon what LinkSys router you have, they generally have only a VPN Passthrough feature, so that IPSec, GRE or L2PP are allowed to pass through to the VPN server. If this is all you have configured at the office, then it will not work until you have something actually doing the IKE and encryption, like a Windows server or a VPN concentrator. Does anyone else have problems connecting?

Burt

 

[aquinox]

Thank you All for your replies.

Sorry for creating such a confusion here.

To be honest, unsure if i set it up as PTP tunnelling connection there. All i did was creating IKE Policy and VPN Policy there on Netgear Router at the office. One thing i'm sure of is that it's tunnelling.

Burtsbees, yes, i can have the VPN client configuration software installed on my laptop and get connection to the office. But i prefer to use the actual VPN router and set up the VPN configuration on the box there. When i want to work from home, i can just hook up my laptop to the VPN router(in this case, Netgear FVS318) which would establish VPN connection to the Netgear FVS318 at the office.

It now works after having the Linksys changed to a different Linksys model. But i still don't know why it didn't work with the earlier Linksys. It too supports the VPN Pass-thru. strange!!!.

Thank you

 

[burtsbees]

Is the earlier LinkSys a model that existed before Cisco took them over?

Burt

 

[aquinox]

Hi Burt,

I believe so because i bought it last week. don't know when Cisco took them over.

Thank you