VPN does not work through home router 1

[edgetool]

I'm hoping some one can help me with this problem.

I set up a VPN on my office network that allows me to access my office computers from wherever. I was able to connect via my home network (linksys WRT54G router, peer to peer setup between my winxp pro sp2 laptop and spouse's winxp home edition desktop) whenever I wanted to until a month or so ago.

Now I can still connect the VPN through the home network but cannot, for the life of me, connect to any of the office computers no matter what I try as far as searching, adjusting router settings, firewalls etc

PLEASE NOTE that I can still connect the vpn and connect to all my office computers if I simply connect to the internet via a DUN connection.

My experience tells me that the problem must be in the router in the home network but I can't figure out what it is. I did update the firmware and try adjusting the MTU settings etc. Some have suggested opening ports in the router but I don't know why I should have to do that on the client side (I did on the server side)

any help would be greatly appreciated

 

[nsantin]

What type of VPN connection are you using? PPTP? IPSec? L2TP?

 

[edgetool]

PPTP. The server is running NT 4.0 Server and using the integral RAS to create the VPN.

Just to be clear I can connect with the vpn fine through dial-up but not through my home router.

I should also mention that the home internet connection is a cable modem supplied by Comcast that is connected directly to the router. My laptop connects wirelessly to the network.

Also, I can connect my laptop with the router, connect to the other computer on the home network, get mail and access internet fine from the home network.

Thanks!

 

[substitute]

Has any change been made to the IP address range on either your home LAN or your office LAN?

For example if your office LAN is using address A.B.C.D for its server or gateway and your home LAN also uses A.B.C.D for the router there is no way for IP messages to get through the VPN.

This is my biggest cause of user VPN problems because our office uses 192.168.1.1 for the main server and most home routers such as the Linksys also default to 192.168.1.1 for the router.

Sometimes the problem arises suddenly because having initially been set up appropriately the router gets a hard reset and goes back to its default IP.

When you connect using DUN your IP addresses are assigned by the ISP so there's no clash.

If this looks like the problem you can change the router's base IP address and DHCP pool to a non-clashing value like 192.168.2.x to get round the problem. If you do change the address you must change the IP and DHCP at the same time, then you have to reboot the router and the attached PCs so they all end up back in the right address range

 

[edgetool]

The plot thickens... Thanks to the advice given here I was able to get my vpn to work by changing the ip addresses on the server and everything worked well until this morning I went into my home office and the linksys router was dead. After many tests determining that the unit was broken or at least in need of major repair ( no action on the LEDs, No response through a browser, power supply registers correct voltage at connection )

I went and bought a new router linksys WRT54GS , set it up, made all my connections and everything seems to work. I can surf the internet and connect with my other computers BUT now I cannot connect to my VPN at all. (I continually get error 619) I have fiddled with router settings etc and no luck. I tried Linksys support and they had nothing useful to add. I can still connect to the vpn bypassing the router and connecting to the cable modem directly.

Any help would be Greatly Appreciated!

 

[substitute]

I set someone up on a new Linksys router the other day. You may have to go into the security setup and explicitly enable VPN passthrough. You probably only need PPTP. If you have internet access I can't think of anything else that would cause a problem.

Ian.

 

[edgetool]

I tried every immaginable combination of VPN pass through setting on the router. No Luck. Bear in Mind that the VPN works fine bypassing the router directly into the cable modem and via regular old Dial-up.

 

[substitute]

The fact VPN works through the modem and Internet works through the router is what made me think of the VPN passthrough setting. The problem seems to come down to "the router is not passing the VPN protocols"

Somewhere on the router is a setting that is blocking something. Check ports, addresses, applications, protocols, etc. Otherwise I'm stumped.

Ian

 

[edgetool]

I'm stumped as well. I spent most of yesterday twiddling with settings etc. Now I am no expert but it has been my understanding and experience that there is no need for port forwarding on the router used by the CLIENT computer to access the internet to create the VPN. I have set up port forwarding on the router on the server side and can attest that it works. I just don't know enough about all the protocols, ports etc. to divine the root of the problem.

When I saw that the original router had died a feeling of dread descended on me: Linksys support is abysmal. My experience trying to solve the problem that started this thread was so painful that I have given up trying to make contact with someone who can do more than read a script to me. Everytime I try to get to a higher level of support I get disconnected. It is maddening.

 

[substitute]

Trouble is, you pay £60 for a router and the seller's margin is £20 and the parts cost £20 and the other £20 pays for manufacturing, promotion, profit and technical support. You might be better off ebaying the Linksys it and buying something else (Belkin?) in the hope that it works out of the box.

Ian

 

[edgetool]

I may take it back to where I got it and buy another brand. Even there I don't know if other products are superior: Belkin, D-link, Netgear etc etc. I have stuck with Linksys only because of my fear of the learning curve for another manufacturers. I don't play games or have any particularly demanding requirements for the router only that it provide a switch for wired computers; wireless capability for wireless computers; internet gateway and vpn pass through that works.
Does anyone have any sense of the relative merits of the various products on the market?

 

[reissmann]

Not to start a brand name war, but we've had the most trouble with LinkSys brand routers (619, limited support of multiple IPSec seesions,...). Flip side, we've had good success with SMC.

 

[edgetool]

I took the Linksys back and got a Netgear RangeMax WPN824 router. It installed easily and the VPN works like a charm.

Now I have new issue with the new router. After booting up my laptop and making a wireless connection with the router and internet all is well for ten or so minutes and then my Norton Internet Worm Protection issues an Intrusion Alert that reads like this:

Intrusion: Invalid ICMP Code.
Intruder: 192.168.2.1.
Risk Level: High.
Source IP address: 192.168.2.1.
Destination IP address: 192.168.2.3.
ICMP Type: 8.
ICMP Code: 19. This ICMP Code is invalid.

The source IP address is the router and Norton then blocks all communication with the router for 30 minutes. I checked the Ip config of the laptop after one of these events and the IP address was something way different than anything I had ever seen before something like 192.168.63.88, not within any of the parameters of the router setup.

I don't really know what is going on here. Any help would be appreciated

 

[vcsinfo]

DOnt VPNs use port 500 and 501?

 

[edgetool]

I figured out a work around for the worm intrusion in Norton Anti Virus by excluding the invalid ICMP Code and ICMP type signatures. Hardly a comforting solution but one I guess I will have to live with till I can find a better solution.

 

[avayaconsultant]

IP Sec VPN uses port 500.

 

[ms1mm0]

Have you checked you DNS settings in your either your wireless connection or the VPN software ? Without those you will establish a VPN session but not be able identify internal systems etc.

regards