?
Solved

Easy VPN access with an RV082 router, and ping utility??

Posted on 2006-03-19
58
Medium Priority
?
4,324 Views
Last Modified: 2013-11-29


I recentely connected a linksys RV082 VPN router in line last week.  It seems to be working fine.  Even the remote site to site vpn gateway access seems to work very well.  However when I attempt to use the client to site utility access software, it seems not to provide one basic function that I assumed would have been there.  [And that is the Ping command ].   After authenticating the Easy VPN client, is it  possible to successfully ping from the internet [public side], of the RV082 and ping any device that is connected to the priviate side [ LAN] of the RV082?

Information :
I have succesfully established a site to site tunnel with the RV082.
The WAN interface is cofigured with a Static IP address.
I do successfully authenticate.
I am able to access devices that are on the priviate side using telnet, tftp, ftp, remote disk top,, etc.


hugh
0
Comment
Question by:hbowen
  • 27
  • 25
  • 5
57 Comments
 
LVL 12

Expert Comment

by:oceanbeach
ID: 16232606
Yes.  I just did it right now.

Connected via QuickVPN.  Pinged a server and a printer on remote LAN.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16232638
hbowen, you should be able to unless a local machine software firewall is blocking it. The Windows firewall will block ICMP (ping) requests by default, but I assume you have it disabled if you can access with all of those services. If not try disabling the firewall on a couple of workstations to test.

The other reason a ping will not work is if the RV082 is not the default gateway for those machines. In the case where you have multiple gateways, the ping is sent to the appropriate machine but returned to the default gateway. If the RV082 is not the default gateway, the reply is lost.

Just a couple of "points to ponder".
0
 

Author Comment

by:hbowen
ID: 16232687
I am successful in pinging any device on the LAN when my laptop is connected to the LAN..   However when I try it from a different location, it fails.  

All of the devices are recieving their settings from my dhcp services, with the exception of the RV082, and all printers.

What I will try is diabeling the firewall on my laptop when I am connected to a remote network,, just to see if the XP firewall is presenting a problem..
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 78

Expert Comment

by:Rob Williams
ID: 16232752
If you can bing when connected to the LAN then the local workstation firewalls should not be an issue. Also because it is an "out going" request from your laptop their should be no need to disable the firewall on the laptop.

As mentioned above, is the RV042 the default gateway for the computers you are trying to ping?

Another test, out of curiosity would be to log onto the RV082, and go to the System Management/Diagnostic page. Try pinging the computers in question from there. It may help to narrow down where the problem is occurring.
0
 

Author Comment

by:hbowen
ID: 16232867
I can ping from the Rv082 to any device on teh lan, and it works...  I can also ping to a  public address, and that works as well..

I am wondering if my mtu setting is too high..  It is set to what Linksys recomends [ 1428]..  

0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16232939
Is the 1428 on the RV082 ? I would leave it at auto. Generally if you are going to reduce the MTU you want to do so at the point where the packet is generated, on the client machine and possibly on the client's router. You could try lowering those to see if their is a difference. If you want to adjust the client computer have a look at the following and you acn use the DrTCP tool to change.:
http://www.dslreports.com/faq/7752
0
 

Author Comment

by:hbowen
ID: 16234833
Ok,,  I wil change back to auto, and then I will see what happens.   I will test it this morning..

Hugh
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16234887
Let us know how you make out Huge, I'm curious. Good luck,
--Rob
0
 

Author Comment

by:hbowen
ID: 16236631
I changed the MTU setting back to auto,, however it still didn't seem to make any difference. I am still able to telnet to my printer..  However,, I don't seem to be able to establish, or gain access to a share on ne of the systems that I set up for testing..

I can establish access to a router that I am setting up, by telnet as well as by using the WEB interface, yet still not able to ping..

I looked at the system log, firewall lof, ans well as the vpn log on the RV082, hoping to see some indication that I am attempting to ping..  Nothng..  

For what ever it is worth, one of the help desk staff indicated that i will not be able to ping from the public side to the priviate side..  I am not sure if I beleive that but that is all I have to go on..
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16236735
You should be able to ping any device behind the RV042 if it is through the connected VPN tunnel, you wouldn't without the tunnel. A good basic test is, can you ping the LAN side of the RV042, when the VPN tunnel is established. You should also be able to connect to the router's web interface using the LAN IP from the remote site with the VPN.

Outside of the VPN you can ping the public IP of the router if you disable on it's firewall "block WAN request"

One other thing to check is the remote site must be using a different IP subnet than the RV082 office. If for example the RV042 office is using 192.168.0.x then the remote site must use something different like: 192.168.2.x  Not doing so will cause errors similar to what you are experiencing.
0
 

Author Comment

by:hbowen
ID: 16236929
Rob,,

Ok..  More data..  I hope it helps..

The RV082 is configured on a class B non published 172.16.200.0 network..  [ 172.16.200.1]..

I am located, on a network that has been assigned 130.64.x.x..

I checked to see if the 172.16.200.0/24 network was used, and it is not being used.   I checked all of my network masks to verify that I didn't do something stupid..  Al seems to be ok..

I assumed that the RV082 would have issued my lap-top an ip address but it bid not..  

When I looked at the routing table of the RV082 I see my local ip address,, and what seems to be arout to get here..

Hugh

 
0
 
LVL 12

Expert Comment

by:oceanbeach
ID: 16236992
Speaking of different subnets as pointed out by RobWill, the quickVPN will pose problems (when using a WAN IP) if it is being used from a LAN that already has a site to site VPN tunnel established (e.g. trying to use the client software from your remote location that already has the router to router tunnel established).  The client software will appear to be using the same subnet that has been already used by the router for the site to site connection.
0
 
LVL 12

Expert Comment

by:oceanbeach
ID: 16237116
I had a similar problem.  To access shared resources, I ended up adding the appropriate WINS server IP info on the remote machine (w2000Pro).  I do not remember if I had ping issues at the same time.  I have since removed the WINS server info from the remote machine, and all is still well...I am not sure why.

I reviewed this article, and found parts of it useful (third party Linksys QuickVPN setup guide from linksysinfo.org):
http://www.linksysinfo.org/modules.php?name=Forums&file=viewtopic&t=11664

Linksys suggestions for MTU modification:
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=386&p_created=1084210366&p_sid=iQZtqY2i&p_accessibility=0&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MiZwX3Byb2RzPTE3NiwxODYmcF9jYXRzPSZwX3B2PTIuMTg2JnBfY3Y9JnBfc2VhcmNoX3R5cGU9YW5zd2Vycy5zZWFyY2hfbmwmcF9zY2ZfbGFuZz0xJnBfcGFnZT0xJnBfc2VhcmNoX3RleHQ9cGluZw**&p_li=&p_topview=1

Hope this helps.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16237673
hbowen, as oceanbeach brought up are you using the QuickVPN client from a site where you have a site to site VPN tunnel already set up with 2 routers? If so there is no need and I doubt it will work. The QuickVPN is a solution for remote locations were no existing hardware VPN tunnel exists. (always use hardware tunnel whenever possible, much more dependable)

The RV042 doesn't issue an IP to the remote user, unlike a VPN such as the Windows PPTP VPN that installs a virtual adapter, that is done by your local DHCP server.

I am assuming the 172.16.200.0/24 network is the LAN side of the RV042. Just thought I should confirm that.
Also the WAN side of the RV042 should be configured with a true public IP not a NATed private IP such as 192.168.x.x, 10.x.x.x, or 172.16-31.x.x

I guess start with basics. Are you using the gateway to gateway hardware option or connecting with the client?
0
 

Author Comment

by:hbowen
ID: 16237744
If I understand you comment correctely, my configuration is not quite what you have stated..  I am located ont eh 130.64.x.x network,, and I am trying to get back to my homeoffice network..  The wan address of my homeoffice is 71.245.x.x  and the lan network is 172.16.x.x,,  whare the lan gateway address is 172.16.x.1 ...  

Now I do have a site to site tunnel established to another wan VPN device with a static ip as well..  

In conducting these teste, I decided to disconnect that site to site tunner..  I am working only to complete the client to site access issues.  

BTW:  I did see this article regarding not using that dhcp services on the RV082..  I tried that this weekend but it didn't seem to work..  I can try it again..

Hugh
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16238225
So to confirm:

Office - 172.16.200.x - RV082 - 130.64.x.x -Internet -  x.x.x.x - RV082 - an other office
                                                                          |
                                                                          | -71.245.x.x - Home Network not 172.16.200.x

Above sounds good.
"I am trying to get back to my homeoffice network" I assume you mean you are trying to connect to the Office from home using the QuickVPN client.
When you do so, does the QuickVPN client go through the connecting/verifying stages and say connected?
On the RV082 all that needs to be configured is UserName, password, set active and saved, for the QuickVPN client.
Is their a router at your home site? If so have you tried connecting directly to the modem, by-passing the router, and trying to connect. The QuickVPN client has problems with a few routers, as well some routers do not support VPN traffic. If you do have a router at home you should enable IPSec pass through if it is an option.

The article oceanview referred to is a good one for troubleshooting. As for the disabling DHCP, I have seen that before, but I am very doubtful that is necessary. I have 10 or more RV042's and DHCP is enabled on all and I have no problems.
Another article with a QuickVPN check list is ( a lot of duplication):
http://www.linksysinfo.org/modules.php?name=Content&pa=showpage&pid=19

0
 

Author Comment

by:hbowen
ID: 16238779
Almost..

I am in my office now, using the easyVpn client....   I am tryong to get back to my other office that has the rv082..  There was a site to site tunnel between the RV082, and another RV042..   I am not on, or near that tunnel..
This is truly a VPN client to site RV082 problem..

office [easy VPN]............>              [RV082<...... to .........>RV042]..

I am hopig to show that there was [is] a site to site between the two RV devices.  However, I am out side of those two devices with a VPN client, trying to get to one of the RV's..

BTW:  Since I started to send information, it seems as if some one it trying to gain access to the router..  Interesting information coming from the logs..

Ok,, was that a bit more clear??

Hugh
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16239853
>>"was that a bit more clear??"
Pretty much :-)

>>"it seems as if some one it trying to gain access to the router"
I don't think that would be a result of anything posted here, as you have masked all public IP's.

When you try to connect with the QuickVPN, does the QuickVPN client go through the connecting/verifying stages and say connected or does it report an error.

Do you have any other VPN/IPSec clients on the machine with the QuickVPN client?

0
 

Author Comment

by:hbowen
ID: 16240042
Bill,,

I started to look more closely at the logs, because I needed to verify that I am authenticating with success.  And yes, I see the dialog, and at the end it states Tunnel connected.   As a matter of fact, I am reviewing the logs, because, I have a VPN session withthe RV..    I am able to invoke any configuration action to the RV..   I am able to invoke a web session to one of the other systems on the private LAN that is managed by the RV..    I just can't ping the systems that I am connected to using some other applicatin, like telnet, etc.


Hugh
0
 
LVL 12

Expert Comment

by:oceanbeach
ID: 16242992
I know you just set all of this up, but do you possibly have an older version of QuickVPN?

QuickVPN Client 1.0.38 Release Note
********** Version : 1.0.38 **********  01/16/2006

1. Fix the Windows XP SP2 Firewall Issue. Now the client uses both DNS and Ping function to check the status of remote gateway.

2. Fix the Port 443 Forwarding issue. Now the client will try port 60443 if it fails to connect with the remote router using port 443.
0
 

Author Comment

by:hbowen
ID: 16243762
Sorry that I could not get back sooner..  Had a few meetings ..    In so far as the easy VPN client, I have two versions, the 1.0.38, as well as a beta 1.0.40..   I am trying both..  

After you abd Bill asked a few questions today, I started to revisit the network environment that I am in during the day.  I did discover that there are a few 172.16.x.x networks in the environment, so I thought it best to assign the home office with a different network..  Also, I will try both clients tomorrow,, just to see if I may have a problem with one of them..

I really appreciate all of the help and time that Bill and you have spent with me..  Tomorrow evening, I will disable the DHCP service from the RV082 one more time..

Linksys felt that I may have a bed RV..  I am trying to get anoher just ot verify..  

I shall be back..  Thanks again !!
0
 

Author Comment

by:hbowen
ID: 16252112
Still testing, and not getting very far very fast.  I am now sure that I don't have any network conflicts.  But I am still puzzeled as to why I can't ping, as well as I just noticed, that I ca't seem to map drives.   It get to the point where it almost looks as if it is going to work, but then I get a error stating that the share may not be valid.

Any other thoughts???
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16252153
Did you ever try changing the MTU size on the client as per:
http://www.dslreports.com/faq/7752

A typical indication of to large an MTU size is being able to see a folder but not open it or a file within. Also there is some packet overhead with Pings, I don't know the details but it may be related.
0
 

Author Comment

by:hbowen
ID: 16253973
Rob,,

I am going to give that try tomorrow morning.  I can't believe that it is the hardware,, I still feel as if it is configuration..  Last night a started working on the configuring a cisco 2600 for a project.  I gave it enough of a config, such I assumed that I would have been able to gain access to it from my remote location, and complete it..  Well it didn't work..  I assumed that something may have been mis configured on teh router. Yet when a came back to the office this evening, I connected that same laptop to the network, and was able to communicate with the router.  I am able to telnet to the jet Direct cards that are in the various printers. Also able to open RDP sessions with one of the systems in teh office as well.

After 9:30 tomorrow morning I will know..  Thanks again for the help..

Hugh  
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16254000
Thanks for the update Hugh, definitely odd.
--Rob
0
 
LVL 12

Expert Comment

by:oceanbeach
ID: 16257842
Any luck?

Have you tried re-booting the router?  Stranger things have happened. (I do not remember where I heard that, but it seems to work often enough to remember the phrase!)

Linksys recommends you not have any other VPN clients installed when using QuickVPN.

VPN Qlient Access & PPTP Server will not work on the router at the same time.

I recall hearing somewhere that the VPN Client usernames and/or passwords can become corrupt (under what circumstances, I do not remember).  If I remember correctly, one solution to this was to delete the username and add it again (as opposed to resetting the password).

Just thought I would share some thoughts.  Good Luck!
0
 

Author Comment

by:hbowen
ID: 16258717
You know,,  I have not tried that !!   You are so right,, linksys recomends doing things like that.. !!  I will try to restart it remotely first.  Then I wiil ask someone in the office to power it down then back up..

This is what I seem to be able to do with htis thing..  After successfully connecting to the RV082..
 
 *  Telnet to my printers..
 * Open an http session to the printers..
 *  Open a Remote Desk Top session to one or two desk tops..
 *  When I check the network settings of my laptop using ipconfig /all  I see that the Ipaddress of teh RV is entered as the first DNS entry..
     Therefore I started to invoke a series of nslookup's.  It was completely served by the RV082..  If for any reason the RV didn't respond in time
     my laptop used the second entry in the DNS order..
 * When I invoked an nslookup lookup for the names of the systems that were in my office, it successfully provided name and ip address of each
    system that recieved a ip address from the DNS service of the RV082..   Any system that has not been issued an ip address from the RV, it
    doesn't know about. All of the stull seems ok so far..
 * I am going ot try to change the MTU setting of my laptop today, just to see it that translates to any form of success..  
 * If I run the diagnostic function from the RV082, and ping the ip addresses of systems that are on teh lan,, it all works fine..


 More data to follow....


Hugh

This morning, I was successful in printing a file through the VPN tunnel to one of the printers that are behind the RV082..



 
0
 

Author Comment

by:hbowen
ID: 16272914
Update for the day,,

**  I reset the RV082...  Didn't notice any difference, but still checking.
**  Placed a Linux, system on the LAN, and was successful in establishing an FTP session [ port 21 & 22 ]
**  RDP,, seems to work fine for the few systems that we configured for testing..
**  Ran a port scan on the device,, didn't see any evidence that states whether functions such as ping..

I am completely baffeled!!   However, I will admit, what I need is telnet [ssh],, and FTP..  As long as those services are supported, then I am partially ok with this device..  Some diagnostic support would be nice,, but maybe that is the next chapter.  

My next quest is to see if I can get a second device, and compare..

Hugh
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16277640
Hugh, I was playing with the Windows firewall tonight. If the Windows firewall were enabled on your systems it is easily possible that multiple services would be available but not ping/ ICMP requests. I hadn't noticed it before, but in the windows firewall configuration [Network adapter properties | Advanced | Settings | ICMP tab ] There is a specific option that has to be enabled to allow pings to reply; "Allow incoming echo requests". Is it possible your systems have the firewall enabled locally or through group policy?
--Rob
0
 

Author Comment

by:hbowen
ID: 16317856
Rob,,

Sorry that it has taken me so long to reply..  My past few days were spent working out other issues in meetings..  Not the best place to do that sort of thing sometimes, but one has to do what one has to do..

Status:  as of 28 Mar 2006

** I modified some of the firewall configurations of a few desktops, but no success.  Same responce to ping..
** I places one of my unix servers on line, and I was successful in establishing a telnet session,, but no ping..
** RDP works for any desktop that is configured for it..  No Ping..
** Tried a new client [ TheGreenBow VPN clinet],, that clinet enabled me to access the same services as did the
      Linksys client, however, I was able to ping by name or IP address!!!  
**  I then disabled TheGerrnBow client, and eabled the Linksys again..  Same results,, no ping !!

At this point,,  I am starting to conclude that the RV082 is operatiing correctely, it simply may be that the clinet dosen't support this function..   However, I thought that others have said that hte client works  for them..  

" I am very confused at the moment..  But still looking for answers.."  I will send an update by tomorrow..

Hugh

0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16317956
This is very unusual. To summarize, if I am correct, QuickVPN client works for all services but ping, and same equipment with Greenbow client, works for all services as well as ping. Is that correct?

Very curious as to why.
--Rob
0
 

Author Comment

by:hbowen
ID: 16323460
Rob,,

That is correct..  Rob,, you are so correct in saying " unusual"..  There is one item that i neglected to mention.  While on the priviate LAN of the RV082..  I can telnet to a cisco 2600 router that i am working on,, however, that is not the case while off the LAN, and using the Easy VPN client.  I believe that may be something that I may have not configured correctely..  

Hugh  
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16328775
>>"I believe that may be something that I may have not configured correctely."
There really is nothing to configure with the Linksys QuickVPN, other than user name and password.

You keep referring to EasyVPN. Linksys calls their VPN client QuickVPN and you just mentioned Cisco. EasyVPN is a Cisco name. Have we been talking about the same Linksys client all along :-p  ?

Where is the Cisco located that you are telnetting into? on the LAN side of the Linksys? Can you telenet to any other devices on the same LAN as the Cisco while using the QuickVPN client?
0
 

Author Comment

by:hbowen
ID: 16329234
Rob,,,

Sorry,,, it is QuickVPN,, and not EasyVPN..  As you can assume, I have been using Cisco products for a while, and unfortunately I tend to fall back on using those terms..  Even though, linksys is now part of the Cisco family..  

The Cisco 2600 router is on the LAN side of the Linksys..  And I am able to telnet to other addresses [ devices ] that are on the same LAN..  However only when I am on the same LAN with the device... As soon as I use the QuickVPN product from a different network, it fails to connect.

Hugh
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16329294
>>"it is QuickVPN,, and not EasyVPN..  "
Good, just concerned we were on the wrong track.

In your opening statement you mentioned you could telnet. I assume then that was only locally, not through the VPN?

It is starting to sound like the router is filtering some services that come through the QuickVPN access. I am guessing you have not manually configured firewall rules to block any of these services. I would suggest updating to the latest firmware. If you have already done that, I would re-install the same version. Then I would make sure you have the latest QuickVPN client. There was a new one released last month. If the problem persists, I would call Linksys. Be very specific about the problem so they don't keep you on the phone for 2 hours running tests. I am thinking you may have a problem with the router. The updates and client can be found at:
http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109974&packedargs=sku%3D1115416833289&pagename=Linksys%2FCommon%2FVisitorWrapper
0
 

Author Comment

by:hbowen
ID: 16329343
Rob,,

Yes,, I can successfully invoke a telnet session locally, but it fails when I use the VPN client.

Ok,,  I will repeat the same tests again..  I was given the latest client from Linksys, and they did suggest that I re-immage the product.  All of that was completed..  The only item that seems to be left to conclude is tha the router is bad..

Hugh
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16329360
If you have already updated it, then I suspect the router. A few people on this site have battled with oddities only to find a replacement resolved. I cannot test from this site, but I will try to do so tomorrow to confirm I can ping remote computers over the QuickVPN. I'm sure I have, but just to confirm. I am certain I can over a hardware tunnel with 2 RV042's.
--Rob
0
 

Author Comment

by:hbowen
ID: 16335456
Rob,,

Thanks for the feedback..  I thought the same regarding new hardware, but after testing the "TheGreenBow VPN Client", and it worked, I am thinking that it is more compadibility than hardware.  However, a test of new hardware would clear up concerns.  
 
Later today, I will try the Cisco client, just to see if it works..  

In the mean time, I am requesting a new RV082 to be delivered.

Hugh
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16336678
As much as I like the RV0xx series routers, if you have a choice of using Cisco, go that route. There is no comparison for dependability, and support.
Still haven't had a chance to test the QuickVPN and ping.
There have been a lot of people reporting problems with the QuickVPN,though the few times I have used it, it seems to work well. I use the RV0xx's as hardware to hardware tunnels and those seem to be trouble free.
0
 

Author Comment

by:hbowen
ID: 16356289
Rob,,

I realize it is Sunday, and I realize that there better selected times to communicate.   Sorry...  I have some additional information regarding some recent outcomes.  

Note:   I am more confused now, tan ever before.

Yesterday, I connected a small system on my home network, providing the following functions, DNS & WINS..  It is server 2000 on a very small platform..  About mid afternoon, I connected to a remote network, and decided to try to connect back to my home network..  I tried the  Linksys VPN clinet, and successfully invoked an FTP session to one of my Unix services..  I then disabled the linksys clinet and tried the GreenBow clinet.  I was successful in using the ping command with the GreenBow.  This test was not surprise.  It worked that way once before.  

I then disabled the GreenBow clinet, and reinvoked the Linksys client.  I tried to ping, and it worked!!.  I gained access to MS Sharess without a problem.  I tried a number of other tests and each one worked.   Now,  I am completely confused.  From what  I saw before, these tests failed with the Linksys client.   Now I feel as if I tried something, and destroyed the evidence of the tests.  

Now I am looking for answere!!  I assumed that since I did't restart the lap-top, as I switched from one client to the other, there may have been some portion of the GreenBow client still in memory, specificaly the stack, and the Linksys client was simply using it..  

It is too much of a nice day, therefore I am going to resume my testing later tonight..  I will sned status either tonight, or tomorrow morning..

Hope that you are having pleasant weather there as well..

Hugh
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16356890
>>"there may have been some portion of the GreenBow client still in memory, specifically the stack, and the Linksys client was simply using it.."
More likely remnants of previous GreenBow installation causing problems with the QuickVPN client. The Linksys can be very fussy about any other IPSec client on the same machine. Seems to work in conjunction with Cisco client but won't work at all with some others such as WatchGuard, SonicWall and others, unless completely uninstalled.

Another possibility, I have seen removing the existing user account and reinstalling withe the same user name and password, especially on the router resolve some issues. However I didn't suggest as this is usually when there is  no connectivity as opposed to your 90% connection.
0
 

Author Comment

by:hbowen
ID: 16363176
Rob,,

Great to haer form you..  And you comments seem to be right on target..  There was some remnanat of the GreenBow client in the stack.   After I reset the lap-top, it's behavior was more in line with what I have been seeing all along.  Namely, no ping functionality..

These are my notes from the weekend.. After setting up DNS & DHCP service on a sepreate system, and disabeling the DHCP on the Linksys, I now started to make not of the true behavior of the product.

**  The Linksys workes very well whan configured as site to site.
**  The linksys works well when configured for what they call client to site.
**  The likssys product works well with two other products that I have interconnected..

**  The linksys VPN clinet on teh other hand, falls short of working well as  VPN clinet.  
**  When I connected with the linksys client, I then viewed my ip settings, only to discover, that the clinet uses the IP address of the gateway
      interface as a DNS entry.  That as it stands is not too bad, provided you continue to use the DHCP sercvices of the RV082.   It seems as if it uses
      the DHCP host list entries, as a menas of getting to other systems.  Therefore when you disable that function, it doesn't seem to know what to do.
      If I force my lap-top to spcifically use my DNS services [ DNS on the same Lan as the RV ],  then I am able to resolve and work..
** ON the other hand, when I use the GreenBow client, it enables me to configure DNS & WINS services per connection.  With that I am able to work.
     I can ping, telnet, etc..  


It seems as if the Linksys VPN client is still rather green [ lacks features ]..  Maybe that may come with subsequent releases.  

My next test is to try the Cisco's EasyVPN..   Do you know if that is compadable with this low cost RV082 product??  I will keep yu posted..  

Have a great day..
 

Hugh    
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16366484
Hi Hugh, when done you will be able to publish this as a thesis. Very impressive and valuable list of test results.

Though I have had "reasonably" good results with the Linksys client, I have to admit it can be very fussy in certain conditions. The number of questions on this and other message board reflects that. I find behind some routers it will not work. Also behind most routers that have an existing VPN hardware tunnel in place it will not work. Which is why I haven't been able to test from my site lately.

Initially I was very concerned about the simplicity of the Linksys client, but it was once explained to me that it is quite secure but all options have been chosen for you. Although very nice in some ways, it limits you as to the amount of control you have. The GreenBow is far more flexible in that regard. The client I use with WatchGuard routers is somewhat similar to the GreenBow in it's configuration. WatchGuard, SonicWall, Netgear and a couple of others use the SafeNet Client with their own name branded on it.

Cisco again has the flexibility and security. No question if it is an option, it is the way to go. I don't now if it will work with the Linksys I have never tried. Although I have set up the Cisco client many times I have not done the router end, to date. Any sites where I visit that have Cisco, has a Cisco tech look after that. I do hope to install and experiment with 3 Cisco PIX 501's later this month.

Would be nice to know if the Cisco client will work with the Linksys. The fewer clients needed to manage different systems, the better. I would remove any existing IPSec clients though before testing the Linksys QuickVPN. That is one of it's quirks.

Keep me posted. Very interested,
Thanks,
--Rob


0
 

Author Comment

by:hbowen
ID: 16367175
Rob,,

Thanks for the feedback..  I agree with you completely regarding the simplisity of the Linksys VPN clinet, as well as the RV082..   It was such a pleasure to just enter some basic information into the RV082, and it operated with three of the linksys products.  My reason for selecting the Linksys RV was the expectation of simplicity of configuration.  And it was simple to get it operating.  

The client also configured easlly and fast.   Maybe because of my exposture to a few other types of clients, this one was a pleasure to quickly setup.  Furthuremore it [ VPN clinet ] operates very well with the RV..  In retrospect, the only feature that didn't work for me was ping..  I strongly feel it is a configuration issue with the clinet, even though two help desk tech's have indicted that the client doesn't support it as yet.  

I am still very intereested in this product, therefoere I am still going to work on this..  I enjoy it..  As I find out more I will forward my findings..

THis evening, I downloaded a copy of the most recent version of Cisco's client..  I will try it tomorrow..  It is time to get some rest..   I will send results tomorrow..  Have a great evening..

Hugh    
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16367522
Good luck with the Cisco client. Let me know how it goes.
The SafeNet client works very well by the way, with the units I have, but it is pain in the neck to set up the first time. I hear CheckPoint, although can be very elaborate to manage, has a very simple client as well, much like the QuickVPN.
0
 

Author Comment

by:hbowen
ID: 16377898
Rob,,

It has been four hours, and I convinced that I can't get the Cisco Client operating with the RV..   If it is possible, I need to get some assistance.  During my testing, I noticed a few new items about the RV..  When the Linksys VPN client is used to authenticate to the RV, the VPN client modifies the DNS entry of the XP stack.  Regardless, if it was set to obtain the DNS IP address from a DHCP server.  It is provided with the host address of the RV..  There as the system [ Lap-Top] is used to browse the internet, it makes it DNS request tote the RV, and then the RV forwards that request to the IP address of the DNS assigned to the external [ WAN ] interface.  

Note: to say it differentely, the RV does not know how to use an internal DNS service.  It only uses [ forwards ] DNS
         requests to external sevices, like from one's ISP..

Internal hosts are provided DNS, and WINS addresses because of enabeling that DHCP services of the RV..

Therefore, when you use that VPN clinet, you can go beyond the private network, but you can't obtain any internal name space resoultion, of devices that are on the LAN..  

To verify this, I gained access to the Web interface of the RV, and tried to conduct an nslookup of names of systema that are on the LAN..  It failed !!  However, when I invoked nslookup, of systems on the internet, or off the LAN,, it worked !!

I then called linksys, and after 45 minutes of talk,, and more talk,, a level 2 tech came on line and indicated that this is one on may difficenties of the RV..  They took my name, and indicated that this feature [ lack ] will be added to the list for the next revision..  Who knows it that is going to happen !!  But at least they admitted that it was not part of the feature list..

While still using the Linksys Clinet, I then added the [ my ] local DNS & WINS information to the entries of the XP IP stack..  It behaved differentely..  However it still didn't  provide ping services..

I then looked again at the GreenBow clinet..  As you know, the client allows you to enter [ configure ] the DNS & WINS information if you require.  That worked very well..  It allowed me to conduct an nslookup, of my local network, as well as and external system..

After all of that, I decided it was time to get some dinner.  I stopped, and decided to get some status over to you, most of which you may already know about..  Sorry if it is stuff you already know about,, but it was fun to discover the information, and share it..

As I discover more I will let you know..

Hugh        
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16377947
Hugh, I do appreciate hearing your results. We should all be financing your research. No question DNS behaves differently with every router, and every client. I do find on the upper end ones, Cisco, WatchGuard, CheckPoint etc., you have the option to configure DNS and WINS servers and they work seamlessly. As for the RV's and various clients, it is almost trial and error to get it working. If interested below is a list I often post for folks who are trying to connect to remote devices. You have covered 99% of it already.

I do find Linksys seem to keep repairing things and adding new features so you may see those changes they promise. Watch their site for updates they are coming out all the time.

One thing I have noticed and others have reported, is if creating hardware tunnels, if you enable NetBIOS broadcast under the advanced VPN configuration, some bizarre services do not work. I have lots of RV's set up with Avaya VoIP systems. If I enable that, all file sharing still works, the phones connect, but cannot get a dial tone. Can't explain why but watch out for that little loophole. Someone else reported something similar with another service.

In your research have you come across the 3rd party firmware for the Linksys routers? I guess that adds a whole other set of options. Now that the source code is publicly available for Linksys routers, some individuals and companies are supplying their own modified versions with more features.

-- Rob
------------------------------------------------
"The list":
NetBIOS names (computer names) are not broadcast over most VPN's.
You can resolve this in several ways:
1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfd_lmh_QXQQ.asp
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]
 

0
 

Author Comment

by:hbowen
ID: 16392047
Rob,,

Good news..  I know how to get the Linksys VPN clinet to interact with ping !!  It was rather simple..  I was something that you stated in one of your previous e-mail,, and that was completely disable the XP firewall..  Don't try to make entry modifications, that would attempt to allow exception. but completely disable it.  Well I did that last night, and it works !!!  I am still rather puzzeled as to why the exception entries don't work..  But that is a dissirent issue for a different time.

Additional New..  My RV082 needs to be returned.. It is defective..  IT was confirmed during that process of attmepting to enter [enable]  the one-to-one nat ..   I recieved four additional Static IP addresses from my ISP [ Verizon], and after enabeling teh one-to-one nat, the router still didn't respond to the additional IP addresses.  So I tested each one seperately, and each address worked. So it was not the ISP issue, but it was the RV..

Additiona news.  The Linksys VPN clinet, needs to have teh capibility of supporting [offering] a user to set a DNS & WINS in the clinet.   Or,, or,, offer that feature within the RV,, where when a [ their] VPN client is used, and the DHCP services are disabled within the RV..  In either case, such a modification would mean better operation..   Now I do realize that what I am asking is more than likely focused towards a small population.  Id most of the users are not going to use a VPN clinet, and they are going to always use teh DHCP services of the RV,, then it is a moot point...

I did notice that the GreenBow Clinet seems to authenticate faster than that of the linksys clinet..  However, one could argue that group authentication is less secure than user authentication, therefore eat the 15 additional seconds..  

Rob,, thie has been fun,, and it seem as if most of the issues have been identified, and solutions have been identified..   Not all of the solutions are in line with my needs, but such is life..  

My next challange [ project ] is to design, and deploy a Sun LDAP multi-master environment here at ethe university..  However I know I will be getting back to you regarding other networking based projects..  Like,, SSL VPN,, and some cost effective appliances..
 
I will keep in contact with you.. It has been agreat exchange of ideas, and thoughts!!


Hugh  
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16394447
Thanks for the update Hugh. Guess I have been able to ping with QuickVPN in the past, as on those sites Windows firewall is disabled. Great learning experience for both of us. Good luck with the other projects.
--Rob
0
 

Author Comment

by:hbowen
ID: 16394574
Rob,,

By the Way..  This worked with the XP firewall enabled on all of the systems, and with the exception of my lap-top..  In order to ping, I was forced to turn off the windows firewall on my lap-top..    Now, I am not very versed in the XP firewall, therefore I don't know if there is ai specific setting that I could disable, while leaving the rest of the firewall operational.   That is another question, for another time..  

Thanks again..

Hugh
0
 

Author Comment

by:hbowen
ID: 16483934
Rob,,

Greetings,, and how are things going ??    I wanted to provide you with an update on the new RV082 that came in today..  

The first thing that I noticed was a new version of firmware...  1.3.x ..  

After I configured, I noticed that the nat to nat function worked as advertised..

The dhcp services now has a dhcp relay function..   The router advertises a dns function..  Well in my oopinion, it is nothing more than an RV host list.  
The previrous version maintained a host list of names and addresses of systems that it deployed IP addresses to with the dhcp function.   If you disabled that dhcp function, and used another dhcp service, the host list seemed not to work.
 
Now, the new version is advertised to support a dns function that works without the dhcp services being enabled.  The call it a dns lookup data base.  To me it is still nothing more than a host list..  This is great, however, if the systems on the network are servised by a stand alone dhcp server, I can't really inter those systems into the host list.  I can only enter devices that are assigned a static address.  

If dhcp is disabled, the RV still does not provide the option to configure an internal dns function.  To be honest,, it need to look more closely before at this service before commenting.  So I will need to get back to you on that one..    

I will send more info tomorrow..

Hugh
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16484043
Very interesting. I received an RV042 today to set up for a client. I haven't opened it yet to check the firmware but I see on the Linksys site the RV042 also has an updated ver 1.3.7.4.  I assume it is the same as the RV082. Although as you say far from perfect, they could be very useful additions in some situations.

>>"If dhcp is disabled, the RV still does not provide the option to configure an internal dns function"
I can see that as being the case were it wouldn't be updated by any other process.

Let me know how you make out. I am out of town tomorrow, but will 'play' with the RV042 on Thursday. Thanks for the update.
--Rob
0
 

Author Comment

by:hbowen
ID: 16545469
Rob,,,,

I am back and all seems to be going well on this end.  I trust that same is true with you as well..  

In so far as the RV082, it seems to be running ok..  The new additional features that were added to the new firmware seem to have rectified some of the short comings that I noticed..  If the DHCP service is disabled, and you are attempting to gain access using the VPN client, the DNS entry table helps out a bit.  The DNS entry field is a glorified lmhost lookup table..  So as long as you pleace entries for all of the systems that you feel you need to know about on the lAN side, it works well..   It will process an nslookup request by first traversing that DNS table for the system, and IP address you are looking for. It will NOT do areverse lookup!!  Now, I need to be very careful here,,  I did't see a way to place the entries in the table such that it would facilitate a reverse lookup.  " Need to look into that one "..

Ping works only if you turnoff your local XP firewall..   Not sure if it works the same way with other local Firewall software, as it does with XP..  " Another item to look into "..

There is a DHCP relay function, the I have not tested as yet.. I am not sure if  will have the time this week.. But I will look inot it at a later date.  Unless, someone has already done so, and has some resaults.

All in all this new firmware is an improvement..  The next item fo me is to see if Linksys will make an improvement to teh VPN client..

Well I need to go..  Regrards my friend..  Talk soon..

Hugh    
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16552434
Thanks for the update Hugh. The firmware updates sound very useful. I had one here the other day, but as it arrived I was informed I had 20 minutes to configure it, and a VoIP phone. So I only had time to import an old config file, change a few IP's and deliver. I had hoped to play with it for a bit. Scheduled to receive another in about 2 weeks, so I'll have a chance then

>>"Ping works only if you turnoff your local XP firewall..   Not sure if it works the same way with other local Firewall software, as it does with XP.. "
True of any I have seen. Prevents Denial Of Service attacks, and basic discovery of the device.

Good luck,
--Rob
0
 

Author Comment

by:hbowen
ID: 16574969
Rob,,

An observation on my part,, has resulted in a question that you may know the answer..  The RV082 has been running very well for the past 10 days.    Great news finally !!!

As I started to clean up some of my modifications to one of the Cisco routers that is part of my network.  During that time, I opened a port 80 session to that 192.168.1.1 host address.  Now according to me IP scheme, I don't have any devices on that network.  All of my systems are on a totally different network..   But to make a story short, when I opened the port 80 session to that address, the RV082 responded !!!   Now the Lan interface of the RV082 is assigned a 172.16.xxx.1 address..  The RV082 responds to port 80 resuests while using the 172.16.xxx.1 address.   But,, it also seems to respond to port 80 http requests on the 192.168.1.1 as well..

Now, either I am crazy,, or Liknsys has left a opening in their firmware for some reason,, maybe for diagnostics !!

Are you aware of this??  Or do you know it to be case for their other products as well??

Hugh
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 375 total points
ID: 16575017
Very Interesting. It could be very useful. For instance if someone handed you a pre-configured router, not connected to a network, you could access it without knowing the configuration. I don't know how it works though. I would assume like a network adapter, it is possible to assign multiple IP's to a single device. As far as the routing goes, the packets would be destined for a different subnet than yours and therefore sent to the default gateway, and intercepted by the Linksys.

I think you should offer to re-write the Linksys manual, you have discovered more the router, than any Linksys support person I have talked to knows. <G>
--Rob
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16747544
Thanks hbowen,
--Rob
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This program is used to assist in finding and resolving common problems with wireless connections.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question