How to configure Linksys Quick VPN software with Linksys RVS4000

The RVS4000 is slightly different than the earlier models, but just as easy.
- Go to the VPN page and then click the VPN client accounts tab
-add a user name, password, and click the add button
-mark as active and click save settings at the bottom of the page
-On the connecting client install the QuickVPN client software
-make sure it is the latest version (important) ver 1.1.0 It is available on the Linksys site;
http://www.linksys.com/servlet/Satellite?c=L_CASupport_C2&childpagename=US%2FLayout&cid=1169671133867&pagename=Linksys%2FCommon%2FVisitorWrapper&displaypage=nodata#versiondetail
-right click on the client icon (lower right) and choose connect
-you can name the connection whatever you like, then enter you RVS4000's WAN/external static IP, your user name, and password, and click connect
-done

One note the 2 sites need to use different subnets. As an example if the main site uses 192.168.1.x then the remote site must use something else like 192.168.2.x Because of the potential conflicts with mobile clients using similar subnets at hotels and such try to use something less common at the RVS4000 site if possible, like 192.168.123.x
Another point is sometimes name resolution doesn't work over VPN's. Though this is usually "fixable" try connecting to resources by IP if having problems, such as:
\\192.168.123.123\ShareName

I upgraded the Quick VPN software, but I can still not connect on either port and get an error.  I even disabled the port forwarding that sent HTTPS traffic to my server and disabled VPN passthrough.

I have the router firmware up to the latest version.

Any ideas?

The reason I suggested you used the newest client is because of th potential HTTPS conflict but that should be resolved by using the port 60443 option, even if you didn't disable you port forwarding.
VPN pass-through on the RVS4000 should be turned off, but may help on the client router if it is an option.

The QuickVPN can be finicky some times. One thing I find is though with some routers NAT-T (Network Address Translation-Traversal) is supposed to be supported it doesn't work all the time.
a) is the static IP on the RVS4000)'s WAN interface a true public IP, i.e. not 192.168.x.x, 10.x.x.x, or 172.16-31.x.x  It needs to be a true public IP.
b) on the client PC, as a test only, try connecting it directly to the modem as a test. Make sure the Windows firewall is enabled, and Windows and virus updates are current.

You might want to have a look at the following VPN check list:
From:
http://www.linksysinfo.org/modules.php?name=Forums&file=viewtopic&t=11664
QUICKVPN CONNECTION FOR WRV54G/RV0XX SERIES ROUTERS

NOTE: There may be variances in some areas of web interface, but this document is proven to work!  

ON THE WRV54G/RV0XX ROUTERS:
1) Setup Page

Internet Connection Type: Automatic Configuration (DHCP)

MTU: Auto

DHCP Server: Disable

Time Setting: (GMT) England [Obviously set this to your own zone or leave at default]

NOTE: If your ISP has recently changed from “data” to “ipstream” you may have to change the MTU from “auto” to “manual” in order to allow vpn data transfer. A common symptom of change in Ethernet technology is when you try to transfer information across a tunnel and you get “Network is no longer available.” In this instance, the MTU is set “too high” (i.e., 1492) and isn’t able to “pass through” the segment at the distant end. Think of a 6 foot tall man trying to fit through a door made for a 4 foot child. By adjusting the MTU to suit the situation, you now have a means of assuring data gets through. (Doc/1 Aug 05)

2) Security ---> VPN Page

Ipsec: Enable
PPTP: Enable
L2TP: Disable

NOTE: This goes away from previous advice I’ve given but we’re trying something new. People were able to connect before, so this slight change really shouldn’t alter that much. Furthermore, the 50 vpn tunnels that come with the WRV54G/RV0XX routers are designed to work with third party vpn clients (i.e., SSH Sentinel, Greenbow, Logmein, etc...) and "not" with quickvpn. Quickvpn handles all aspects of negotiation by itself (now that the mystery is solved, it's a clever little tool to me  )
Also, in the WRV54G/RV0XX manual, where it shows you how to create an IPSEC policy, if you're using quickvpn, this, by default of installation is already done for you by Quickvpn (look in the Program Files\Linksys\Linksys VPN Client directory on your computer and you will see this.) If you are "not" going to use Quickvpn, you could try this (yes, some people have been able to do it). Also, as noted by Chris Watts (a..k.a. Chris547), quickvpn uses a randomly created pre shared key everytime it connects. I think I may love quickvpn now...

Remaining settings on this page should be disabled.

3) Access Restrictions:

- Start off by using a simple name and password combination such as

username: test
password: tester

4) Apps & Gaming

"NO" vpn port forwarding settings of any kind (500, 1701, 1723, etc...) are required for quickvpn to work. It establishes its own tunnel.

Additionally:

- Try using firmware 2.37.13, 2.38 (you can download 2.38 from linksysinfo.org), or 2.38.6. I’m currently using the 50 user license upgrade from Linksys (firmware version 2.37E) and it works perfectly!

- SNMP & UPNP are disabled.

- Make sure the ipsec service under settings is started. If you’ve ever loaded SSH Sentinel, SSH knocks ipsec offline and you never even know it unless you happen to be checking services to see why your tunnel doesn’t come up (I found this information out surfing forums).

- "DO NOT" have any other vpn application "LOADED" on your machine other than quickvpn; even if you have another vpn application loaded and its process is shut off in the back ground, quickvpn still "will--not--run" if it's loaded. If you happen to be able to do this, you're quite fortunate, otherwise, load quickvpn only to avoid conflict.

- Disable any firewall that you currently have running for the moment (again, we're establishing a baseline). I use Norton Internet Security 2003 and can connect to Dave's vpn segment with my firewall up so you might want to consider a new firewall in the event you can't connect with your current firewall running. Incidentally, when I’m at a wireless internet café, I have to drop my firewall on my laptop to make the connection to vpn, but I’m sure this is just something to do with how the router policies of that local business’s router are enforced. Other than that, I connect to a remote vpn host (from my home”) with my firewall up. Once you’ve made the connection, just turn your firewall back on.

- Copy and paste this link into your browser to get your WAN IP address if you don’t know it for sure (http://remote.12dt.com/rns/) to place in quickvpn's "Server Address" field.

Here's one more thing. Copy and paste this link into your browser (http://www.dslreports.com/drtcp). This application will allow you to adjust the MTU setting of your NIC "on the fly" if you bump into a problem with the MTU causing tunnel drops. Make your MTU setting "On The Client" 1458 “if” there are problems with tunnel connectivity.



REASONS YOU CANNOT CONNECT WITH QUICKVPN (NEW)

1. The quickvpn client is not the only vpn client loaded on the client machine.

2. MTU on the WRV54G you are connecting to isn't set at "auto" and/or the packets being sent from the client computer are too large (should this be the case, download "DrTCP" and set the MTU of the client's NIC to 1458). Additionally, it doesn't hurt to check and see if the MTU on the client router is set at "auto" also.

3. You are trying to connect through a dialup or ISDN connection.
NOTE: I have never been able to connect from a dialup/ISDN connection with quickvpn. More power to those who can.

UPDATE: Recently, someone was able to connect over dialup in a highly "unusual" manner Basically, when connecting over ISDN, quickvpn hangs at “verifying network” but it will still negotiate the ip security portion and allow you access to your LAN. The only way to close the connection is to terminate it through task manager.

4. The firewall software on your computer is registering the "ACK" conversation from the distant-end device (wrv54g) as an "Invalid ICMP Type." In this instance you can either "shut down" the firewall for the session or, as I've done, uninstalled my firewall software (NIS 2004) and quickvpn, then reinstalled both (Norton first followed by quickvpn). After that, launch quickvpn, and once Norton detects it, it establishes all the proper rules to allow it to pass through the firewall. Hopefully your firewall software should do the same.

In the case of #4, I never caught this until I noticed after reloading one of my computers, I had to drop the firewall on one of them to access "the same damn share" as the others, but I didn't have to bring the firewall down on any of the others except that one particular machine.

5. IPSEC Passthru is not enabled on the client/distant end router.

6. You have communication software loaded that is preventing quickvpn authentication with the wrv54g router

Note: I loaded software from motorola cellphone that installed its own "liveupdate" software that blocked quickvpn from talking to my wrv54g router. I knew there was a program I'd recently loaded that was most likely the problem because I had just used quickvpn an hour prior.

7. You have installed two nic’s on the client computer and quickvpn is trying to utilize the connection that is not assigned an ip address. Simply disable the card that is not being used.

8. IPSEC is not running on the client computer you’re connecting with. To remedy this, go into control panel, administrative tools, then click on services. If IPSEC isn’t started, set it to automatic and start the service. If you’ve ever used ssh sentinel, this knocks your ipsec out and you have to go into windows services to restart it.

9. The user account and password is not created or has not been typed in correctly.

10. Large downloads will disrupt the routers tables causing quickvpn to not respond every so often.

11. Quickvpn terminates in the middle of a quickvpn session. Just like #10, this hoses up the routing tables for vpn. The answer is to delete all existing accounts and recreate them (don’t create the same username and passwords twice) or reset the router to factory default and start from scratch.

These configurations are just what I’ve noticed when having quickvpn problems. People world wide have been following this guide with and have had success with the WRV54G, RV042 and the RV082 routers. Again, this is just a baseline. When you figure out what you need, just vary things as needed.

Hi doulos777,

You said: "but I can still not connect on either port and get an error. "
What's the error message you're getting? It might help in figuring out what's the issue with your connection.

Best regards,

LucF

QuickVPN makes the following proposals to the RVS4000 in the phase-1 IKE:
1) 3DES,SHA1,DH2,PSK,SA Lifetime=28800 sec
2) 3DES,MD5,DH2,PSK,SA Lifetime=28800 sec
3) DES,MD5,DH1,PSK,SA Lifetime=28800 sec
Try these settings on the RVS4000

VPN access apparently will not work if a DMZ is configured. I have not found this documented anywhere.

I hope this helps!

There's a known interoperability issue with the QuickVPN software and the RVS4000.  This is an excerpt from the QuickVPN release notes:

Known Issues:
     
1. There is a known issue with Windows XP SP2 Firewall - ICMP packets are always dropped by the Firewall when the Firewall is enabled. The issue will cause the QuickVPN Client not being able to establish a tunnel with the remote QuickVPN Server successfully. Microsoft has released a patch to fix this issue. Once you install the patch, the issue should be resolved.
http://support.microsoft.com/kb/889527/en-us

2. QuickVPN Client v1.2.5, when running on Vista, has an interop issue with RVS4000 firmware v1.1.09 and v1.1.11 (beta). The interop issue was fixed by firmware v1.1.13 (beta).

3. QuickVPN Client v1.2.5, when running on Vista, has an interop issue with WRVS4400N firmware v1.0.12, v1.0.13 and v1.0.15 (beta). The interop issue was fixed by firmware v1.0.16.

4. Users need to have the administrative rights in order to use QuickVPN Client. This is a constraint posed by the Windows operating systems.

This issue is also apparent in Windows XP Pro SP2, which I'm running on my laptop.  The RVS4000 1.1.13 Beta code is available on http://www.linksysinfo.org.  Use it at your own risk!!

The primary issue that I've seen is that the client hangs on "Verifying Network" although the VPN connection is active.  So it's really just an annoyance and should not affect the perform or connectivity of your QuickVPN connection.
-Todd