Quadeeb2003
asked on
VPN tunneling on linksys where there is no static ip for client
OK Experts, can this be solved?
I have a Linksys RV082 VPN Router that claims to have the ability to create
50 VPN tunnels. I want to create a tunnel for an offsite laptop to
communicate through the tunnel and work on line utilizing Windows 2K or XP
on the offsite laptop.
XP and Windows 2K have an internal component called IPSEC that you can use
as the "client" to connect to the VPN router. It requires a static IP in
order to work. In the setup for the router, there is a selection for a
dynamic IP with email authentication. You must select that. No one in
Linksys can tell me how to make it work. No one can tell me if it has ever
been tested.
I have found a VBS script on the Internet that someone uses to make the
connection. It reads the dynamic IP and goes into IPSEC and enters it as a
static IP and then queries the router. There is a problem in the script.
(script attached as a text file). When you click on it, you get an error
message.
the script i found:
lanAddress = GetLANAddress()
if trim(lanAddress) = "" then
set shell = createobject("wscriptshell
'Set up the connection Make sure you change the 666.666.666.666 to the correct server side IP.
shell.run """ipseccmd"" -f 192.168.1.*=0 -t " & lanAddress & " -1s 3DES-SHA-2 -n ESP[3DES,SHA]480SP1NPASS -1p -a P:""vpn!!!medex7"" -w reg -p WORK -r servertome -x",0,1
shell.run """ipseccmd"" -f 0=192.168.1.* -t 199.227.120.242 -1s 3DES-SHA-2 -n ESP[3DES,SHA]480SP1INPASS -1p -a P:""vpn!!!medex7"" -w reg -p WORK -r metosever -x",0,1
'Ping the VPN server's internal ip address
shell.run "ping 192.168.1.1"0,1
set shell = nothing
msgbox "VPN setup complete"
else
msgbox "Unable to set up VPN security policy" & vbCr & "Unable to determine IP address" & vbCr & "Please verify that your dial-up connection is established"
end if
Function GetLANAddress()
LANFound = False
set sh = createobject("wscript.shel
set fso = createobject("scripting.fi
Set Env = sh.Environment("PROCESS")
if ENV("OS") =Windows_NT" then
workfile = fso.gettempname
sh.run "%comspec% /c ipconfig > "& workfile,0,true
else
msgbox "This script is intended to run on NT/2K/XP only"
end if
set sh = nothing
set ts = fso.opentextfile(workfile)
data = split(ts.readall,vbcrif)
ts.close
set ts = nothing
fso.delete workfile
set fso = nothing
for n = 0 to unbound(data)
if LANFound then
if instr(data(n),"IP Address") then
parts = split(data(n),":")
GETLANAddress = trim(cstr(parts(1)))
msgbox GetLANAddress
Exit For
end if
else
if instr(lcase(data(n)),"ethe
end if
next
End Function
I have a Linksys RV082 VPN Router that claims to have the ability to create
50 VPN tunnels. I want to create a tunnel for an offsite laptop to
communicate through the tunnel and work on line utilizing Windows 2K or XP
on the offsite laptop.
XP and Windows 2K have an internal component called IPSEC that you can use
as the "client" to connect to the VPN router. It requires a static IP in
order to work. In the setup for the router, there is a selection for a
dynamic IP with email authentication. You must select that. No one in
Linksys can tell me how to make it work. No one can tell me if it has ever
been tested.
I have found a VBS script on the Internet that someone uses to make the
connection. It reads the dynamic IP and goes into IPSEC and enters it as a
static IP and then queries the router. There is a problem in the script.
(script attached as a text file). When you click on it, you get an error
message.
the script i found:
lanAddress = GetLANAddress()
if trim(lanAddress) = "" then
set shell = createobject("wscriptshell
'Set up the connection Make sure you change the 666.666.666.666 to the correct server side IP.
shell.run """ipseccmd"" -f 192.168.1.*=0 -t " & lanAddress & " -1s 3DES-SHA-2 -n ESP[3DES,SHA]480SP1NPASS -1p -a P:""vpn!!!medex7"" -w reg -p WORK -r servertome -x",0,1
shell.run """ipseccmd"" -f 0=192.168.1.* -t 199.227.120.242 -1s 3DES-SHA-2 -n ESP[3DES,SHA]480SP1INPASS -1p -a P:""vpn!!!medex7"" -w reg -p WORK -r metosever -x",0,1
'Ping the VPN server's internal ip address
shell.run "ping 192.168.1.1"0,1
set shell = nothing
msgbox "VPN setup complete"
else
msgbox "Unable to set up VPN security policy" & vbCr & "Unable to determine IP address" & vbCr & "Please verify that your dial-up connection is established"
end if
Function GetLANAddress()
LANFound = False
set sh = createobject("wscript.shel
set fso = createobject("scripting.fi
Set Env = sh.Environment("PROCESS")
if ENV("OS") =Windows_NT" then
workfile = fso.gettempname
sh.run "%comspec% /c ipconfig > "& workfile,0,true
else
msgbox "This script is intended to run on NT/2K/XP only"
end if
set sh = nothing
set ts = fso.opentextfile(workfile)
data = split(ts.readall,vbcrif)
ts.close
set ts = nothing
fso.delete workfile
set fso = nothing
for n = 0 to unbound(data)
if LANFound then
if instr(data(n),"IP Address") then
parts = split(data(n),":")
GETLANAddress = trim(cstr(parts(1)))
msgbox GetLANAddress
Exit For
end if
else
if instr(lcase(data(n)),"ethe
end if
next
End Function
First you need to make sure that the router firmware is up to date. Then with this particular router I believe you must disable firewall functions in order for the vpn to work. It seems you could connect using the dynamic ip and email ( I would assume the email is the password.
The router firmware is up to date. I spoke with questioner and confirmed it. Shutting off the firewall defeats the purpose of the VPN router. Linksys has a probloem and they are ignoring it. I have the same router and am experiencing the same problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ewtaytor,
I tried that VBS script but keep gettng an error on line 40 in the script. If it works, I can't tell. No experience with VB scripting. maybe someone can check it out
I tried that VBS script but keep gettng an error on line 40 in the script. If it works, I can't tell. No experience with VB scripting. maybe someone can check it out
Maybe this site can help ya some also http://routerworld.dyndns.org/
Linksys has a knowledgebase article for doing exactly this, although with a different router of theirs. It should almost certainly work with the RV082:
<href = "http://kb.linksys.com/cgi-bin/om_isapi.dll?clientID=1363806&QuestionText=windows&SelectName1=&advquery=%5bs%5d%5bRank%2c%2050%3a%5bSum%3a%20windows%5d%5bMerge%3a%20%5bThesaurus%3a%20windows%5d%5d%5d&infobase=linksysrev.nfo&record={3BB}&softpage=IKW_ENU_JD
<href = "http://kb.linksys.com/cgi-bin/om_isapi.dll?clientID=1363806&QuestionText=windows&SelectName1=&advquery=%5bs%5d%5bRank%2c%2050%3a%5bSum%3a%20windows%5d%5bMerge%3a%20%5bThesaurus%3a%20windows%5d%5d%5d&infobase=linksysrev.nfo&record={3BB}&softpage=IKW_ENU_JD
I'm sorry, the link was:
<a href = "http://kb.linksys.com/cgi-bin/om_isapi.dll?clientID=1363806&QuestionText=windows&SelectName1=&advquery=%5bs%5d%5bRank%2c%2050%3a%5bSum%3a%20windows%5d%5bMerge%3a%20%5bThesaurus%3a%20windows%5d%5d%5d&infobase=linksysrev.nfo&record={3BB}&softpage=IKW_ENU_JD
<a href = "http://kb.linksys.com/cgi-bin/om_isapi.dll?clientID=1363806&QuestionText=windows&SelectName1=&advquery=%5bs%5d%5bRank%2c%2050%3a%5bSum%3a%20windows%5d%5bMerge%3a%20%5bThesaurus%3a%20windows%5d%5d%5d&infobase=linksysrev.nfo&record={3BB}&softpage=IKW_ENU_JD
Well I guess you can't post HTML. I'll post the pure URL, hopefully you will be able to find it. :-(
http://kb.linksys.com/cgi-bin/om_isapi.dll?clientID=1363806&QuestionText=windows&SelectName1=&advquery=%5bs%5d%5bRank%2c%2050%3a%5bSum%3a%20windows%5d%5bMerge%3a%20%5bThesaurus%3a%20windows%5d%5d%5d&infobase=linksysrev.nfo&record={3BB}&softpage=IKW_ENU_JDo
http://kb.linksys.com/cgi-bin/om_isapi.dll?clientID=1363806&QuestionText=windows&SelectName1=&advquery=%5bs%5d%5bRank%2c%2050%3a%5bSum%3a%20windows%5d%5bMerge%3a%20%5bThesaurus%3a%20windows%5d%5d%5d&infobase=linksysrev.nfo&record={3BB}&softpage=IKW_ENU_JDo
To all of you who have made suggestions, Thank you! to Linksys, BITE MINE!
All right guys. It is agreed that this a linksys issue that they are kindof ignoring. In actuality, the MS IPSEC client is not equipped to work with Dynamic Endpoints. This was the intent of that persons script they wrote, but the reason it doesnt work, it because 99% of the time you are behind a NAT.
This solution will work for single clients connecting to an RV082, but if mutiple people try to connect from the same location, only the first will recieve data.
First off, a little lesson about IPSEC. IPSEC must have two endpoints. The server either has to know where you are, or you have to tell the server where you are, plus you must know where the server is.
Second, DYNDNS.org and other Dynamic DNS clients are the solution to your problem. This will allow you to know the outside of your NAT and use that to tunnel back to.
Third, you must use a VPN client software that will allow you to use Aggresive mode, since the Linksys forces Aggresive mode for every connection. This rules out the typical client. Our company has this solution working perfectly for about 100 laptops in a test environment.
We are currently finishing development of our own Dynamic Endpoint software and will present it to Linksys very soon.
Any questions, let me know.
Ryan
This solution will work for single clients connecting to an RV082, but if mutiple people try to connect from the same location, only the first will recieve data.
First off, a little lesson about IPSEC. IPSEC must have two endpoints. The server either has to know where you are, or you have to tell the server where you are, plus you must know where the server is.
Second, DYNDNS.org and other Dynamic DNS clients are the solution to your problem. This will allow you to know the outside of your NAT and use that to tunnel back to.
Third, you must use a VPN client software that will allow you to use Aggresive mode, since the Linksys forces Aggresive mode for every connection. This rules out the typical client. Our company has this solution working perfectly for about 100 laptops in a test environment.
We are currently finishing development of our own Dynamic Endpoint software and will present it to Linksys very soon.
Any questions, let me know.
Ryan
Thank youi for your comment. I finally got Linksys to state that CheckPoint VPN Client works with this router. When I called CheckPoint to order it. They had absolutely no Knowledge of their software working with the RV082. I have since learned that Sentinal SSh also has problems with it. I am going to try "ProSafe VPN Client and will report back.
Again, thanks.
Wildroot4
Again, thanks.
Wildroot4