Solved

VPN tunneling on linksys where there is no static ip for client

Posted on 2004-04-26
11
1,681 Views
Last Modified: 2010-04-12
OK Experts, can this be solved?

I have a Linksys RV082 VPN Router that claims to have the ability to create
50 VPN tunnels. I want to create a tunnel for an offsite laptop to
communicate through the tunnel and work on line utilizing Windows 2K or XP
on the offsite laptop.

XP and Windows 2K have an internal component called IPSEC that you can use
as the "client" to connect to the VPN router. It requires a static IP in
order to work. In the setup for the router, there is a selection for a
dynamic IP with email authentication. You must select that. No one in
Linksys can tell me how to make it work. No one can tell me if it has ever
been tested.

I have found a VBS script on the Internet that someone uses to make the
connection. It reads the dynamic IP and goes into IPSEC and enters it as a
static IP and then queries the router. There is a problem in the script.
(script attached as a text file). When you click on it, you get an error
message.  

the script i found:
lanAddress = GetLANAddress()

if trim(lanAddress) = "" then
set shell = createobject("wscriptshell")

'Set up the connection Make sure you change the 666.666.666.666 to the correct server side IP.
shell.run """ipseccmd"" -f 192.168.1.*=0 -t " & lanAddress & " -1s 3DES-SHA-2 -n ESP[3DES,SHA]480SP1NPASS -1p -a P:""vpn!!!medex7"" -w reg -p WORK -r servertome -x",0,1
shell.run """ipseccmd"" -f 0=192.168.1.* -t 199.227.120.242 -1s 3DES-SHA-2 -n ESP[3DES,SHA]480SP1INPASS -1p -a P:""vpn!!!medex7"" -w reg -p WORK -r metosever -x",0,1

'Ping the VPN server's internal ip address
shell.run "ping 192.168.1.1"0,1

set shell = nothing
msgbox "VPN setup complete"
else
msgbox "Unable to set up VPN security policy" & vbCr & "Unable to determine IP address" & vbCr & "Please verify that your dial-up connection is established"
end if

Function GetLANAddress()

LANFound = False

set sh = createobject("wscript.shell")
set fso = createobject("scripting.filesystemobject")

Set Env = sh.Environment("PROCESS")

if ENV("OS") =Windows_NT" then
workfile = fso.gettempname
sh.run "%comspec% /c ipconfig > "& workfile,0,true
else
msgbox "This script is intended to run on NT/2K/XP only"
end if

set sh = nothing
set ts = fso.opentextfile(workfile)
data = split(ts.readall,vbcrif)
ts.close
set ts = nothing
fso.delete workfile
set fso = nothing

for n = 0 to unbound(data)
if LANFound then
if instr(data(n),"IP Address") then
parts = split(data(n),":")
GETLANAddress = trim(cstr(parts(1)))
msgbox GetLANAddress
Exit For
end if
else
if instr(lcase(data(n)),"ethernet adapter local area connection:") then LANFound = True
end if
next
End Function
0
Comment
Question by:Quadeeb2003
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 11

Expert Comment

by:ewtaylor
Comment Utility
First you need to make sure that the router firmware is up to date. Then with this particular router I believe you must disable firewall functions in order for the vpn to work. It seems you could connect using the dynamic ip and email ( I would assume the email is the password.
0
 

Expert Comment

by:wildroot4
Comment Utility
The router firmware is up to date. I spoke with questioner and confirmed it. Shutting off the firewall defeats the purpose of the VPN router. Linksys has a probloem and they are ignoring it. I have the same router and am experiencing the same problem.
0
 
LVL 11

Accepted Solution

by:
ewtaylor earned 500 total points
Comment Utility
Yup, I have seen it on numerous news groups.
0
 

Expert Comment

by:wildroot4
Comment Utility
ewtaytor,

I tried that VBS script but keep gettng an error on line 40 in the script. If it works, I can't tell. No experience with VB scripting. maybe someone can check it out
0
 
LVL 11

Expert Comment

by:ewtaylor
Comment Utility
Maybe this site can help ya some also http://routerworld.dyndns.org/
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 3

Expert Comment

by:ysageev
Comment Utility
Linksys has a knowledgebase article for doing exactly this, although with a different router of theirs.  It should almost certainly work with the RV082:

<href = "http://kb.linksys.com/cgi-bin/om_isapi.dll?clientID=1363806&QuestionText=windows&SelectName1=&advquery=%5bs%5d%5bRank%2c%2050%3a%5bSum%3a%20windows%5d%5bMerge%3a%20%5bThesaurus%3a%20windows%5d%5d%5d&infobase=linksysrev.nfo&record={3BB}&softpage=IKW_ENU_JDocView">Configuring IPsec Between a Microsoft Windows 2000 or XP and the BEFVP41</a>
0
 
LVL 3

Expert Comment

by:ysageev
Comment Utility
0
 
LVL 3

Expert Comment

by:ysageev
Comment Utility
0
 

Expert Comment

by:wildroot4
Comment Utility
To all of you who have made suggestions, Thank you! to Linksys, BITE MINE!

0
 

Expert Comment

by:ryapeter
Comment Utility
All right guys.  It is agreed that this a linksys issue that they are kindof ignoring.  In actuality, the MS IPSEC client is not equipped to work with Dynamic Endpoints.  This was the intent of that persons script they wrote, but the reason it doesnt work, it because 99% of the time you are behind a NAT.

This solution will work for single clients connecting to an RV082, but if mutiple people try to connect from the same location, only the first will recieve data.

First off, a little lesson about IPSEC.  IPSEC must have two endpoints.  The server either has to know where you are, or you have to tell the server where you are, plus you must know where the server is.

Second, DYNDNS.org and other Dynamic DNS clients are the solution to your problem.  This will allow you to know the outside of your NAT and use that to tunnel back to.

Third, you must use a VPN client software that will allow you to use Aggresive mode, since the Linksys forces Aggresive mode for every connection.  This rules out the typical client.  Our company has this solution working perfectly for about 100 laptops in a test environment.

We are currently finishing development of our own Dynamic Endpoint software and will present it to Linksys very soon.  

Any questions, let me know.

Ryan
0
 

Expert Comment

by:wildroot4
Comment Utility
Thank youi for your comment. I finally got Linksys to state that CheckPoint VPN Client works with this router. When I called CheckPoint to order it. They had absolutely no Knowledge of their software working with the RV082. I have since learned that Sentinal SSh also has problems with it. I am going to try "ProSafe VPN Client and will report back.
Again, thanks.
Wildroot4
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now