Do not use on any
shared computer
May 17, 2008 09:26am pdt
03.05.2008 at 10:10PM PST, ID: 23218602
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
6.7
Linksys QuickVPN stuck on verifying network
Zones: Virtual Private Networking (VPN), Remote Access Software
Tags: Linksys, QuickVPN, 1.2.8, Stuck verifying network
I cannot complete the connection with the QuickVPN Client, it gets stuck at the "verifying network". The router shows on the VPN Summary that I am connected, but cannot ping the router lan ip address of 10.0.3.1.

I am able to connect via PPTP with ease and sucsess but think that the QuickVPN Client will offer a higher level of security.

On my Laptop running XP Pro I am remotely wired directley to the DSL modem. Norton Firewall disabled, Microsoft firewall turned off. I have the latest version listed on Linksys web site version 1.2.8.

RV082 Public IP address 64.122.195.10

Contents of the log.txt file:
-----------------------------
2008/03/05 21:22:47 [STATUS]OS Version: Windows XP
2008/03/05 21:22:47 [STATUS]Windows Firewall is OFF
2008/03/05 21:22:47 [STATUS]One network interface detected with IP address 66.78.76.132
2008/03/05 21:22:47 [STATUS]Connecting...
2008/03/05 21:22:47 [STATUS]trying to connect to remote gateway with IP address: 64.122.195.10
2008/03/05 21:22:55 [STATUS]remote gateway was reached...
2008/03/05 21:22:55 [STATUS]Provisioning...
2008/03/05 21:23:02 [STATUS]Success to connect!
2008/03/05 21:23:02 [STATUS]Verifying Network...
2008/03/05 21:23:20 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:23:36 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:23:52 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:24:08 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:24:24 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:24:40 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:24:56 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:25:12 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:25:28 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:25:44 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:26:00 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:26:16 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:26:32 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:26:48 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:27:04 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:27:20 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:27:36 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:27:52 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:28:08 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:28:24 [WARRING]Fail to ping the remote DNS!
2008/03/05 21:29:50 [STATUS]Disconnecting...
2008/03/05 21:29:51 [STATUS]Fail to disconnect!


Contents of the wget_error.txt file:
------------------------------------
--21:22:47--  https://Patrick:*password*@64.122.195.10/StartConnection.htm?version=1?IP=66.78.76.132?PASSWD=*password*?USER=Patrick
           => `C://Program Files//Linksys//Linksys VPN Client//vpnserver.conf'
Connecting to 64.122.195.10:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    0K                                                         127.93 KB/s

21:22:55 (127.93 KB/s) - `C://Program Files//Linksys//Linksys VPN Client//vpnserver.conf' saved [131]


Contents of the wget_stop_error.txt file:
-----------------------------------------
--21:29:50--  https://Patrick:*password*@64.122.195.10/StopConnection.htm?version=1?status=disable?IP=66.78.76.132?PASSWD=*password*?USER=Patrick
           => `C://Program Files//Linksys//Linksys VPN Client//stopconn.conf'
Connecting to 64.122.195.10:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    0K                                                          97.66 KB/s

21:29:51 (97.66 KB/s) - `C://Program Files//Linksys//Linksys VPN Client//stopconn.conf' saved [100]
Start your free trial to view this solution
Question Stats
Zone: Software
Question Asked By: PatrickMahoney
Solution Provided By: dfriedland1
Participating Experts: 2
Solution Grade: A
Views: 284
Translate:
Loading Advertisement...
03.06.2008 at 08:28AM PST, ID: 21061899

Rank: Master

mwecomputers:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 09:24AM PST, ID: 21062593
PatrickMahoney:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 11:45AM PST, ID: 21063954

Rank: Master

mwecomputers:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 12:18PM PST, ID: 21064258
PatrickMahoney:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 12:19PM PST, ID: 21064266

Rank: Master

mwecomputers:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 12:25PM PST, ID: 21064338
PatrickMahoney:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 12:38PM PST, ID: 21064469

Rank: Master

mwecomputers:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 12:40PM PST, ID: 21064498

Rank: Master

mwecomputers:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.06.2008 at 09:14PM PST, ID: 21067519
PatrickMahoney:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.07.2008 at 05:48AM PST, ID: 21069874

Rank: Master

mwecomputers:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.07.2008 at 08:42AM PST, ID: 21071916
PatrickMahoney:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.07.2008 at 10:43AM PST, ID: 21073081

Rank: Master

mwecomputers:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.07.2008 at 11:25AM PST, ID: 21073433
PatrickMahoney:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.07.2008 at 12:16PM PST, ID: 21073824

Rank: Master

mwecomputers:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.11.2008 at 12:46PM PDT, ID: 21099362
dfriedland1:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Handhelds / PDAs
  • Displays / Monitors
  • Components
  • Networking Hardware
  • Peripherals
  • Laptops/Notebooks
  • Storage
  • Servers
  • Desktops
  • New Users
  • Misc
  • Apple
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMWare
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMWare
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Community Advisor
  • Lounge
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • Community Advisor
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
03.06.2008 at 08:28AM PST, ID: 21061899

Rank: Master

mwecomputers:
A couple of questions...

1) Are you running the latest firmware for both the RV082 and the latest QuickVPN software release?
2) What is handling the DHCP server for the VPN network -- the router or an actual DHCP server?

Even though you might have the XP Firewall client-side turned off, you might need to apply the patch below.

ICMP packets are dropped even though you have configured the Windows firewall feature to allow ICMP packets on your Windows XP Professional Service Pack 2-based computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;889527

 
03.06.2008 at 09:24AM PST, ID: 21062593
PatrickMahoney:
On the Linksys RV082 I have 1.3.5 firmware.

The QuickVPN is 1.2.8

I am using static IP's on the RV082 with a LAN addresses of 10.0.3.x. I don't see any option from the VPN|VPN Client Access to use DHCP for VPN clients.

I have installed the Microsoft HotFix and will again try when I am oustide my WAN.
 
03.06.2008 at 11:45AM PST, ID: 21063954

Rank: Master

mwecomputers:
What does the System Log of your RV082 report?

 
03.06.2008 at 12:18PM PST, ID: 21064258
PatrickMahoney:
I attached my VPN log from my RV082
 
LinkSYS-Log.txt (39 KB) (File Type Details) 
Linksys RV082 VPN log
 
 
03.06.2008 at 12:19PM PST, ID: 21064266

Rank: Master

mwecomputers:
Also, are you running the QuickVPN client on the PC as administrator?
 
03.06.2008 at 12:25PM PST, ID: 21064338
PatrickMahoney:
Yes, I have Administrator rights with my logon
 
03.06.2008 at 12:38PM PST, ID: 21064469

Rank: Master

mwecomputers:
What is your MTU setting at? Best results have been found with a setting of 1492.
 
03.06.2008 at 12:40PM PST, ID: 21064498

Rank: Master

mwecomputers:
QUICKVPN CONNECTION FOR WRV54G/RV0XX SERIES ROUTERS
http://www.linksysinfo.org/forums/showthread.php?t=47114
 
03.06.2008 at 09:14PM PST, ID: 21067519
PatrickMahoney:
Ok, I have re-tried after the hotfix was installed and same problem, stuck on verifying networks.

I have attached updated logs.
 
Log.txt (1 KB) (File Type Details) 
This is the log file in the Linksys VPN Client folder
 
 
LinkSYS-Log.txt (10 KB) (File Type Details) 
This the RV082 VPN log
 
 
03.07.2008 at 05:48AM PST, ID: 21069874

Rank: Master

mwecomputers:
Well, I have run out of options for using the QuickVPN client.

I know of a work around if you want to use the Microsoft VPN client though:

Log in to RVO82
- Under the VPN tab, select Client to Gateway
- create a Group VPN
- Name the connection
- Enter your local secure group info (internal network info)
- select remote client to be "Microsoft XP/2000 VPN Client"
- Set phase 1 and phase 2
- Create a PreShared key
- Under advanced select 'Netbios' and 'Keep Alive'
- Save your changes

 
03.07.2008 at 08:42AM PST, ID: 21071916
PatrickMahoney:
I found PPTP to work with the built in VPN Private Network Connector. But I am told it is not so safe.

Since I am new to VPN, how does the connection in Client -> Gateway authenticate if I am at some WiFi Hot Spot? I see that the RV082 ask for some way to identify the location of the client.

It looks that maybe I should be looking for a different manufacture other than Linksys to solve this issue.
 
03.07.2008 at 10:43AM PST, ID: 21073081

Rank: Master

mwecomputers:
The VPN tunnel authentication is between the client and the VPN endpoint (in this case the RV082) via the PreShared Key. Once matched up, the VPN tunnel is then encrypted and connectivity is established.
 
03.07.2008 at 11:25AM PST, ID: 21073433
PatrickMahoney:
What I am asking is on the RV082, on the configuration VPN|Client to Gateway|Remote Client Setup there are options for Remote Client.

Which option would you recomend since I intend to be mobile?
 
03.07.2008 at 12:16PM PST, ID: 21073824

Rank: Master

mwecomputers:
If you use the Microsoft VPN client, then use the 'Microsoft XP/2000 VPN Client selection'.

Microsoft XP/2000 VPN Client: This option is used for Dynamic IP users (e.g. PPPoE or DHCP) which using Microsoft VPN client. The difference between Microsoft and other VPN client is that Microsoft client does not support Aggressive mode and FQDN/USER FQDN ID options.
Assisted Solution
 
03.11.2008 at 12:46PM PDT, ID: 21099362
dfriedland1:
I was running into the same issue and just needed to start the IPSEC Service.  An extremely helpful guide for troubleshooting this particular VPN client is located at:  http://www.linksysinfo.org/forums/showthread.php?t=50208

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:

The quickvpn program appears to do the following :
 
From the c:\program_files\linksys\linksys VPN Client directory, the application calls :
I have spent the past couple of weeks trying to debug quickvpn connecting to a linksys wrv54G access point.
From what I have determined, quickvpn is just a shell that calls a set of programs that establish the connection to the wrv54G.
 
The quickvpn program appears to do the following :
 
From the c:\program_files\linksys\linksys VPN Client directory, the application calls :
 
Step 1 - wget https://userid:*password*@remotelink...?USER=pvanamst
 
The output is saved to a file called vpnserver.conf, which should look like :
version=1
msgtype=configuration
conn userid_rw_rw
presharedkey=preshared_key_info_stored_here
rightsubnet=10.0.1.0/24
dnsserver=10.0.1.1
domain=linksys
 
The output of the wget command is stored in a file called wget_error.txt, which all going well should look like :
--04:11:20-- https://userid:*password*@remotelink...?USER=pvanamst
=> `C://Program Files//Linksys//Linksys VPN Client//vpnserver.conf'
Resolving remotelinksyshostname.yourdomainname.com... 24.5.173.73
Connecting to remotelinksyshostname.yourdomainname.com[remotelinksys_ip_address]:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified
 
0K 139.65 KB/s
 
04:11:29 (139.65 KB/s) - `C://Program Files//Linksys//Linksys VPN Client//vpnserver.conf' saved [143]
 
wget is just a simple utility that is shareware that allows you to call a url. So if you go to your browser and call https://userid:*password*@remotelink...10?USER=userid
 
If you get no response from this url, then you need to investigate why the router is not responding to this https request. Maybe you have port forwarding turned on for port 443 (default https port), or the backup port of 60433 ? Either way, you should be able to see the file vpnserver.conf that has the valid connect information with the ip addresses and the presharedkey present. Note that the preshared key will change every 60 mins or so.
 
If this step fails, you will get a nice little popup window, showing that you were unable to connect, as the firewall is blocking the connection, or you have entered the incorrect userid/password. But get this first step resolved before you look any further.
 
Step 2 - The file ipsec.exe is called, which reads a file called ipsec.conf:
The ipsec.conf file looks like :
 
conn HostToRemote
left=%any
right=remotelinksyshostname.yourdomainname.com
rightsubnet=10.0.1.0/24
presharedkey=preshared_key_info_stored_here
auto=start
pfs=yes
 
You can actually run the ipsec command from the command line, with the flag -debug to see what is going on :
 
C:\Program Files\Linksys\Linksys VPN Client>ipsec -debug
IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller
Getting running Config ...
Microsoft's Windows XP identified
Debugging on.
Setting up IPSec ...
 
Deactivating old policy...
Removing old policy...
 
Connection HostToRemote:
MyTunnel : 192.168.0.10
MyNet : 192.168.0.10/255.255.255.255
PartnerTunnel: remotelinksyshostname.yourdomainname.com
PartnerNet : 10.0.1.0/255.255.255.0
CA (ID) : Preshared Key ******************
PFS : y
Auto : start
Auth.Mode : MD5
Rekeying : 3600S/50000K
 
Command 1: ipseccmd -w REG -p FreeSwan -r Host-HostToRemote -t remotelinksyshostname.yourdomainname.com -f 192.168.0.10/255.255.255.255=10.0.1.0/255.255.255.0 -n ESP[MD5,3DES]3600S/50000KPFS -a PRESHARE:"preshared_key_info_stored_here" -lan -1p > NUL:
 
Command 2: ipseccmd -w REG -p FreeSwan -r HostToRemote-Host -t 192.168.0.10 -f 10.0.1.0/255.255.255.0=192.168.0.10/255.255.255.255 -n ESP[MD5,3DES]3600S/50000KPFS -a PRESHARE:"preshared_key_info_stored_here" -lan -1p > NUL:
Activating policy...
 
Command 3: ipseccmd -w REG -p FreeSwan -x > NUL:
 
C:\Program Files\Linksys\Linksys VPN Client>
 
All going well, your tunnel should now be connected and you should be able to ping the local port of the wrv54G, which in this case is 10.0.1.1
 
If you get a response saying 'Negotiating IP security' when pinging, it means that the ipsec policy was established, but there is a problem with the wrv54G responding and acknowledging the policy/ipsec tunnel creation.
 
A way to debug this, is to turn on the logging for the ipsec stack in windows, by enabling the oakley.log to be created.
Please follow the steps in the document : https://thesource.ofallevil.com/tech...o/ispstep.mspx
--- start cut and paste from the above url:
To enable debug logging by IKE
 
1. From the Windows desktop, click Start, click Run, and type regedt32 in the text box. Click OK. This starts the Registry Editor.
 
2. Navigate to HKEY_LOCAL_MACHINE on Local Machine.
 
3. Navigate to the following location: System\CurrentControlSet\Services\PolicyAgent.
 
4. Double-click PolicyAgent.
 
5. If the Oakley key doesn't exist, on the Edit menu, click Add Key.
 
6. Enter the Key Name (case sensitive): Oakley.
 
7. Leave Class blank, and click OK.
 
8. Select the new key, Oakley.
 
9. On the Edit menu, click Add Value.
 
10. Enter the Value Name (case sensitive): EnableLogging
 
11. Select Data Type: REG_DWORD and click OK.
 
12. Enter value 1
 
13. Click Hex as the Radix. Click OK
 
14. Exit from the Registry Editor.
 
15. At the Windows 2000 command prompt, type net stop policyagent, then type net start policyagent to restart the IPSec related services.
 
The file will be written to windir\debug\oakley.log by default, and the file oakley.log.sav is the previous version of the log after the policy agent service is restarted.
 
The log is limited to 50,000 entries, which usually limits the file size to less than 6 megabytes.
--- end cut and paste.
 
Now you should be able to look at the oakley.log and see if the policy was created successfully on the PC, and if it was if you are receiving a correct reply from the wrv54G. If all is going well, the oakley.log should look like :
 
12-15: 04:11:43:643:cc4 Acquire from driver: op=0000000D src=192.168.0.10.0 dst=10.0.1.1.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=remotelinksyshostname.yourdomainname.c om Inbound TunnelEndpt=192.168.0.10
12-15: 04:11:43:643:7f0 Filter to match: Src remotelinksyshostname.yourdomainname.com Dst 192.168.0.10
12-15: 04:11:43:643:7f0 MM PolicyName: 2
12-15: 04:11:43:643:7f0 MMPolicy dwFlags 2 SoftSAExpireTime 28800
12-15: 04:11:43:643:7f0 MMOffer[0] LifetimeSec 28800 QMLimit 1 DHGroup 2
12-15: 04:11:43:643:7f0 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
12-15: 04:11:43:643:7f0 MMOffer[1] LifetimeSec 28800 QMLimit 1 DHGroup 2
12-15: 04:11:43:643:7f0 MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
12-15: 04:11:43:643:7f0 MMOffer[2] LifetimeSec 28800 QMLimit 1 DHGroup 1
12-15: 04:11:43:643:7f0 MMOffer[2] Encrypt: DES CBC Hash: SHA
12-15: 04:11:43:643:7f0 MMOffer[3] LifetimeSec 28800 QMLimit 1 DHGroup 1
12-15: 04:11:43:643:7f0 MMOffer[3] Encrypt: DES CBC Hash: MD5
12-15: 04:11:43:643:7f0 Auth[0]:PresharedKey KeyLen 38
12-15: 04:11:43:643:7f0 QM PolicyName: Host-HostToRemote filter action dwFlags 1
12-15: 04:11:43:653:7f0 QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
12-15: 04:11:43:653:7f0 QMOffer[0] dwFlags 0 dwPFSGroup -2147483648
12-15: 04:11:43:653:7f0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
12-15: 04:11:43:653:7f0 Starting Negotiation: src = 192.168.0.10.0500, dst = 24.5.173.73.0500, proto = 00, context = 0000000D, ProxySrc = 192.168.0.10.0000, ProxyDst = 10.0.1.0.0000 SrcMask = 255.255.255.255 DstMask = 255.255.255.0
12-15: 04:11:43:653:7f0 constructing ISAKMP Header
12-15: 04:11:43:653:7f0 constructing SA (ISAKMP)
12-15: 04:11:43:653:7f0 Constructing Vendor MS NT5 ISAKMPOAKLEY
12-15: 04:11:43:653:7f0 Constructing Vendor FRAGMENTATION
12-15: 04:11:43:653:7f0 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
12-15: 04:11:43:653:7f0 Constructing Vendor Vid-Initial-Contact
12-15: 04:11:43:653:7f0 
12-15: 04:11:43:653:7f0 Sending: SA = 0x000EC0A8 to remotelinksyshostname.yourdomainname.com:Type 2.500
12-15: 04:11:43:653:7f0 ISAKMP Header: (V1.0), len = 276
12-15: 04:11:43:653:7f0 I-COOKIE 593b334649fe1f50
12-15: 04:11:43:653:7f0 R-COOKIE 0000000000000000
12-15: 04:11:43:653:7f0 exchange: Oakley Main Mode
12-15: 04:11:43:653:7f0 flags: 0
12-15: 04:11:43:653:7f0 next payload: SA
12-15: 04:11:43:653:7f0 message ID: 00000000
12-15: 04:11:43:653:7f0 Ports S:f401 D:f401
12-15: 04:11:44:554:7f0 
12-15: 04:11:44:554:7f0 Receive: (get) SA = 0x000ec0a8 from 24.5.173.73.500
12-15: 04:11:44:554:7f0 ISAKMP Header: (V1.0), len = 84
12-15: 04:11:44:554:7f0 I-COOKIE 593b334649fe1f50
12-15: 04:11:44:554:7f0 R-COOKIE b2acc5a80ae7e6aa
12-15: 04:11:44:554:7f0 exchange: Oakley Main Mode
12-15: 04:11:44:554:7f0 flags: 0
12-15: 04:11:44:554:7f0 next payload: SA
12-15: 04:11:44:554:7f0 message ID: 00000000
12-15: 04:11:44:554:7f0 processing payload SA
12-15: 04:11:44:554:7f0 Received Phase 1 Transform 2
12-15: 04:11:44:554:7f0 Encryption Alg Triple DES CBC(5)
12-15: 04:11:44:554:7f0 Hash Alg MD5(1)
12-15: 04:11:44:554:7f0 Oakley Group 2
12-15: 04:11:44:554:7f0 Auth Method Preshared Key(1)
12-15: 04:11:44:554:7f0 Life type in Seconds
12-15: 04:11:44:554:7f0 Life duration of 28800
12-15: 04:11:44:554:7f0 Phase 1 SA accepted: transform=1
12-15: 04:11:44:554:7f0 SA - Oakley proposal accepted
12-15: 04:11:44:554:7f0 ClearFragList
12-15: 04:11:44:554:7f0 constructing ISAKMP Header
12-15: 04:11:44:604:7f0 constructing KE
12-15: 04:11:44:604:7f0 constructing NONCE (ISAKMP)
12-15: 04:11:44:604:7f0 
12-15: 04:11:44:604:7f0 Sending: SA = 0x000EC0A8 to remotelinksyshostname.yourdomainname.com:Type 2.500
12-15: 04:11:44:604:7f0 ISAKMP Header: (V1.0), len = 184
12-15: 04:11:44:604:7f0 I-COOKIE 593b334649fe1f50
12-15: 04:11:44:604:7f0 R-COOKIE b2acc5a80ae7e6aa
12-15: 04:11:44:604:7f0 exchange: Oakley Main Mode
12-15: 04:11:44:604:7f0 flags: 0
12-15: 04:11:44:604:7f0 next payload: KE
12-15: 04:11:44:604:7f0 message ID: 00000000
12-15: 04:11:44:604:7f0 Ports S:f401 D:f401
12-15: 04:11:45:556:7f0 
12-15: 04:11:45:556:7f0 Receive: (get) SA = 0x000ec0a8 from 24.5.173.73.500
12-15: 04:11:45:556:7f0 ISAKMP Header: (V1.0), len = 180
12-15: 04:11:45:556:7f0 I-COOKIE 593b334649fe1f50
12-15: 04:11:45:556:7f0 R-COOKIE b2acc5a80ae7e6aa
12-15: 04:11:45:556:7f0 exchange: Oakley Main Mode
12-15: 04:11:45:556:7f0 flags: 0
12-15: 04:11:45:556:7f0 next payload: KE
12-15: 04:11:45:556:7f0 message ID: 00000000
12-15: 04:11:45:556:7f0 processing payload KE
12-15: 04:11:45:576:7f0 processing payload NONCE
12-15: 04:11:45:576:7f0 ClearFragList
12-15: 04:11:45:576:7f0 constructing ISAKMP Header
12-15: 04:11:45:576:7f0 constructing ID
12-15: 04:11:45:576:7f0 MM ID Type 1
12-15: 04:11:45:576:7f0 MM ID c0a8000a
12-15: 04:11:45:576:7f0 constructing HASH
12-15: 04:11:45:576:7f0 
12-15: 04:11:45:576:7f0 Sending: SA = 0x000EC0A8 to remotelinksyshostname.yourdomainname.com:Type 2.500
12-15: 04:11:45:576:7f0 ISAKMP Header: (V1.0), len = 60
12-15: 04:11:45:576:7f0 I-COOKIE 593b334649fe1f50
12-15: 04:11:45:576:7f0 R-COOKIE b2acc5a80ae7e6aa
12-15: 04:11:45:576:7f0 exchange: Oakley Main Mode
12-15: 04:11:45:576:7f0 flags: 1 ( encrypted )
12-15: 04:11:45:576:7f0 next payload: ID
12-15: 04:11:45:576:7f0 message ID: 00000000
12-15: 04:11:45:576:7f0 Ports S:f401 D:f401
12-15: 04:11:46:557:7f0 
12-15: 04:11:46:557:7f0 Receive: (get) SA = 0x000ec0a8 from 24.5.173.73.500
12-15: 04:11:46:557:7f0 ISAKMP Header: (V1.0), len = 60
12-15: 04:11:46:557:7f0 I-COOKIE 593b334649fe1f50
12-15: 04:11:46:557:7f0 R-COOKIE b2acc5a80ae7e6aa
12-15: 04:11:46:557:7f0 exchange: Oakley Main Mode
12-15: 04:11:46:557:7f0 flags: 1 ( encrypted )
12-15: 04:11:46:557:7f0 next payload: ID
12-15: 04:11:46:557:7f0 message ID: 00000000
12-15: 04:11:46:557:7f0 processing payload ID
12-15: 04:11:46:557:7f0 processing payload HASH
12-15: 04:11:46:557:7f0 AUTH: Phase I authentication accepted
12-15: 04:11:46:557:7f0 ClearFragList
12-15: 04:11:46:557:7f0 MM established. SA: 000EC0A8
12-15: 04:11:46:557:7f0 QM PolicyName: Host-HostToRemote filter action dwFlags 1
12-15: 04:11:46:557:7f0 QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
12-15: 04:11:46:557:7f0 QMOffer[0] dwFlags 0 dwPFSGroup -2147483648
12-15: 04:11:46:557:7f0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
12-15: 04:11:46:557:7f0 GetSpi: src = 10.0.1.0.0000, dst = 192.168.0.10.0000, proto = 00, context = 0000000D, srcMask = 255.255.255.0, destMask = 255.255.255.255, TunnelFilter 1
12-15: 04:11:46:557:7f0 Setting SPI 1849049420
12-15: 04:11:46:557:7f0 constructing ISAKMP Header
12-15: 04:11:46:557:7f0 constructing HASH (null)
12-15: 04:11:46:557:7f0 constructing SA (IPSEC)
12-15: 04:11:46:557:7f0 constructing QM KE
12-15: 04:11:46:607:7f0 constructing NONCE (IPSEC)
12-15: 04:11:46:607:7f0 constructing ID (proxy)
12-15: 04:11:46:607:7f0 constructing ID (proxy)
12-15: 04:11:46:607:7f0 constructing HASH (QM)
12-15: 04:11:46:607:7f0 
12-15: 04:11:46:607:7f0 Sending: SA = 0x000EC0A8 to remotelinksyshostname.yourdomainname.com:Type 2.500
12-15: 04:11:46:607:7f0 ISAKMP Header: (V1.0), len = 300
12-15: 04:11:46:607:7f0 I-COOKIE 593b334649fe1f50
12-15: 04:11:46:607:7f0 R-COOKIE b2acc5a80ae7e6aa
12-15: 04:11:46:607:7f0 exchange: Oakley Quick Mode
12-15: 04:11:46:607:7f0 flags: 1 ( encrypted )
12-15: 04:11:46:607:7f0 next payload: HASH
12-15: 04:11:46:607:7f0 message ID: c22f2bc6
12-15: 04:11:46:607:7f0 Ports S:f401 D:f401
12-15: 04:11:47:198:7f0 
12-15: 04:11:47:198:7f0 Receive: (get) SA = 0x000ec0a8 from 24.5.173.73.500
12-15: 04:11:47:198:7f0 ISAKMP Header: (V1.0), len = 300
12-15: 04:11:47:198:7f0 I-COOKIE 593b334649fe1f50
12-15: 04:11:47:198:7f0 R-COOKIE b2acc5a80ae7e6aa
12-15: 04:11:47:198:7f0 exchange: Oakley Quick Mode
12-15: 04:11:47:198:7f0 flags: 1 ( encrypted )
12-15: 04:11:47:198:7f0 next payload: HASH
12-15: 04:11:47:198:7f0 message ID: c22f2bc6
12-15: 04:11:47:198:7f0 Received commit re-send
12-15: 04:11:47:198:7f0 processing HASH (QM)
12-15: 04:11:47:198:7f0 ClearFragList
12-15: 04:11:47:198:7f0 processing payload NONCE
12-15: 04:11:47:198:7f0 processing payload KE
12-15: 04:11:47:198:7f0 Quick Mode KE processed; Saved KE data
12-15: 04:11:47:198:7f0 processing payload ID
12-15: 04:11:47:198:7f0 processing payload ID
12-15: 04:11:47:198:7f0 processing payload SA
12-15: 04:11:47:198:7f0 Negotiated Proxy ID: Src 192.168.0.10.0 Dst 10.0.1.0.0
12-15: 04:11:47:198:7f0 Dst id for subnet. Mask 255.255.255.0
12-15: 04:11:47:198:7f0 Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
12-15: 04:11:47:208:7f0 Checking Transform # 1: ID=Triple DES CBC(3)
12-15: 04:11:47:208:7f0 SA life type in seconds
12-15: 04:11:47:208:7f0 SA life duration 00000e10
12-15: 04:11:47:208:7f0 SA life type in kilobytes
12-15: 04:11:47:208:7f0 SA life duration 0000c350
12-15: 04:11:47:208:7f0 tunnel mode is Tunnel Mode(1)
12-15: 04:11:47:208:7f0 HMAC algorithm is MD5(1)
12-15: 04:11:47:208:7f0 group description for PFS is 2
12-15: 04:11:47:208:7f0 Phase 2 SA accepted: proposal=1 transform=1
12-15: 04:11:47:218:7f0 constructing ISAKMP Header
12-15: 04:11:47:218:7f0 constructing HASH (QM)
12-15: 04:11:47:218:7f0 Adding QMs: src = 192.168.0.10.0000, dst = 10.0.1.0.0000, proto = 00, context = 0000000D, my tunnel = 192.168.0.10, peer tunnel = remotelinksyshostname.yourdomainname.com, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 201 Direction 2 EncapType 1
12-15: 04:11:47:218:7f0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
12-15: 04:11:47:218:7f0 Algo[0] MySpi: 1849049420 PeerSpi: 3393993032
12-15: 04:11:47:218:7f0 Encap Ports Src 500 Dst 500
12-15: 04:11:47:218:7f0 Skipping Outbound SA add
12-15: 04:11:47:218:7f0 Adding QMs: src = 192.168.0.10.0000, dst = 10.0.1.0.0000, proto = 00, context = 0000000D, my tunnel = 192.168.0.10, peer tunnel = remotelinksyshostname.yourdomainname.com, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 201 Direction 3 EncapType 1
12-15: 04:11:47:218:7f0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
12-15: 04:11:47:218:7f0 Algo[0] MySpi: 1849049420 PeerSpi: 3393993032
12-15: 04:11:47:218:7f0 Encap Ports Src 500 Dst 500
12-15: 04:11:47:218:7f0 Skipping Inbound SA add
12-15: 04:11:47:218:7f0 isadb_set_status sa:000EC0A8 centry:000E34E8 status 0
 
Either way, look for the:
 
Sending: SA = 0x000EC0A8 to remotelinksyshostname.yourdomainname.com:500
and the corresponding response back from the wrv54G:
Receive: (get) SA = 0x000ec0a8 from remotelinksyshostname.yourdomainname.com.500
 
The final phase of what the quickvpn client does is to show you 'Verifying network'. During this phase it runs a small utility to set your dns server to the lan IP address of the wrv54G, which is 10.0.1.1. It does this using :
 
Command 3: ipseccmd -w REG -p FreeSwan -x > NUL:
 
C:\Program Files\Linksys\Linksys VPN Client>rw_regedit
Usage Error: Invalid number of arguments
Usage: program_name NAMESERVER|SEARCHLIST EDIT|DELETE [VALUE]
 
When you disconnect, it calls the ipsec.exe to kill the ipsec connection.
 
Good luck and I hope that this small update will help you debug which of the various steps the quickvpn client is failing on.
 
One other note. Using the wrv54g firmware of 2.39.2, I have noticed that you can not create two concurrent vpn tunnels if both client PC's are behind a Nat IP address. So if the PC's address starts with 10.x.x.x, or 172.x.x.x, or 192.168.x.x, you are very likely to be behind a NAT box, like another linksys router. Only one vpn tunnel can be created at any one time due to a limitation in the IPSEC software on the wrv54G. I will call linksys one of these days and see if they are willing and wanting to look into this issue.
 
Good luck !
Open in New Window
Accepted Solution
 
 
20080206-EE-VQP-25 / EE_QW_2_20070628