[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3004
  • Last Modified:

VPN with RV082

I set up this router and I love the way it is dependable, but I wasn't able to get the IPSec with L2TP to work.  I've been using PPTP lately.  I'm even having trouble with browsing the network while going through PPTP.  I'm only able to contact workstations if I use their Private IP addresses.  For some reason, the DNS isn't working properly.

I used the directions that came with the router, but they didn't work.  Does anyone know of any good tutorials that can get me through setting this thing up?  I don't want to have to set up VPN on my Server.  I like the idea of packets being authenticated at the router before they get into the network.
0
warriorfan808
Asked:
warriorfan808
  • 8
  • 7
  • 7
  • +1
2 Solutions
 
rliptrotCommented:
If you only have a small number of workstations try using a hosts file on the vpn client machine.
0
 
Rob WilliamsCommented:
Have you considered using the Linksys QuickVPN client with it? It uses IPSec and is very easy to set up. You simply set up on the router, on the VPN client page a UserName and password, and the same on the client:
http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109974&packedargs=sku%3D1115416833289&pagename=Linksys%2FCommon%2FVisitorWrapper

Another alternative that works well is TheGreenBow client, but it is not free:
http://www.thegreenbow.com/vpn.html
Detailed instructions:
http://www.thegreenbow.fr/doc/tgbvpn_cg_LinksysRV082_en.pdf



0
 
warriorfan808Author Commented:
Yeah GreenBow is pretty expensive.  I don't have a lot of people going in through VPN at one time, usually one or two at a time.  If I were to purchase client software, I would want to install the same license on 4 different laptops.  It just seems like a waste if one laptop will only use it once or twice a month and never at the same time.

Does anyone know if you have to activate this software?

There's also an option to use Window's built in client, which I'm using now but for PPTP.  I actually got that info from Robs link.  I'll give it a go and let you know.

rliptrot, do you have a link to a tutorial on making host files?  I've made one a long time ago when I went through a Cisco course, but that was years ago.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
Rob WilliamsCommented:
Did you look at the QuickVPN ? It is free for Linksys users .
You can use the Windows client with L2TP & IPSec but it's not a simple process.

LMHosts file creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfd_lmh_QXQQ.asp
0
 
JJT2750Commented:
I had the same problem running accross a DSL connection, are you on DSL?
0
 
warriorfan808Author Commented:
Thanks man.

I tried the QuickVPN Client, but couldn't get it to work.  I actually dont' really understand it.  The only options it asks for is:

Profile Name
User Name:
Password:
Server Address

Is this suppose to work with IPSec and L2TP?  I mean, it looks like a setup for a PPTP connection if anything.

Before I create that LMHost file, I better start converting certain workstations to static.  I wish DNS would work on the router.  It's funny because when you look under DHCP Clients on the router, you get computer names.  I wonder if it's just the way I'm setting this thing up.
0
 
JJT2750Commented:
When you try the Linksys Quick VPN client are you seeing any entries in the log on the router?
0
 
Rob WilliamsCommented:
The QuickVPN seems simple and less secure but it is actually an IPSec connection, however it is just preconfigured for you, so you don't have the option to make any encryption or other configuration choices.
0
 
JJT2750Commented:
Actually I think it does more of an SSL VPN connection that is why it doesn't require much configuration.
0
 
warriorfan808Author Commented:
It might have been the way I set it up.  I mean, I can't get it to work at all.  I followed the directions, but wasn't able to.  I created tunnel's and groups, but no luck at all.  I got them to log on for a few minutes, but that's all.

If I set up PPTP, will that automatically turn of L2TP connections?
0
 
Rob WilliamsCommented:
QuickVPN uses IPSec you can see it start the IPSec service.

Should be very straight forward to set up. On the router just go to the "VPN client Access Page". Create a user and password, activate it and save. No other configuration on the router is necessary such as groups, gateways or IPSec pass-through. Then on the client machine install the QuickVPN client and enter the public IP of the router (router must have a true public IP. If dynamic DDNS service is fine) the UserName and password and click connect. Make sure you have the latest version of the Linksys router and client. Both are available from:
http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109974&packedargs=sku%3D1115416833289&pagename=Linksys%2FCommon%2FVisitorWrapper

If you are still having problems have a look at the QuickVPN check list, or let me know, I will be glad to help:
http://www.linksysinfo.org/modules.php?name=Content&pa=showpage&pid=19

>>"If I set up PPTP, will that automatically turn of L2TP connections?"
Are you setting up a connection to the router itself or to a L2TP/PPTP VPN server such as a Windows VPN server behind the router?
0
 
JJT2750Commented:
You arfe right it does start the ipsec service but if you look at the wget_stop_error.txt file in the c:\program files\linksys\vpnclient \ directory you will see where it is attempting a https://usertname:*password*@youripaddress  it uses https much like the Juniper IVE.  Which is a great thing.  If you are on dsl the reason why pptp works and ipsec does not is that the dsl modem has a firewall built into it.  If it is a Westtel 6100 you can configure the firewall to allow ipsec in.  if it is a Westtel 6110 you can not configure it, it has no managememt interface.  If you are using your RVO router as a dhcp server make sure you have the IP address of the DNS that you want to use in the DHCP template  otherwise you do not have name resolution.  I just went through this with 10 RVO42 routers  on DSL for one of my customers at his remote sites.  Hids broadband sites were easy compared to the DSL sites.  

Please let me know if you have any questions.

Good Luck

Kirk Out  
0
 
Rob WilliamsCommented:
Thanks JJT2750. Just set up a QVPN client  so I could have a look. Interesting, shows connecting to port 443, which is the default (however, for the record, if in use it will default to 60443), are you saying it uses an IPSec/SSL combination?
0
 
JJT2750Commented:
Hi RobWill

Yes, according to the docs that come with the RVO series routers the Quick VPN CLient uses the IPSEC Passthru on the router so the router just act as an ssl terminator and puts you on the network behind the router.   It uses the Username and Password that was setup on the router for the connection.
0
 
warriorfan808Author Commented:
Thanks a lot for all the help.  I currently have users set up with PPTP for now.  Does anyone know if I have to disable this before I can use the IPSec?

Also, how would you all handle the password situation?  There doesn't seem to be a way to have the user change his/her password on the QVPNClient.

0
 
JJT2750Commented:
No you will not have to disable PPTP to use IPSEC.

How many users are you supporting?
0
 
warriorfan808Author Commented:
Hey JJT2750,

Total users for the office through VPN would probably be 15, but probably only 4 at a time.  So far, I"m kinda bottle knecked with PPTP.  I created a test account and tried to get my home workstation to get in with the quick vpn client.  I recieved an error, "The remote gateway is not responding, you will be disconnected".  I then tried using my PPTP logon and the Windows VPN Client, got in.

By the way, the subnets are both different

192.168.100.X - Server
192.168.30.X  - My house
0
 
warriorfan808Author Commented:
I just thought about it, I might not have VPN passthrough enabled on my home router.
0
 
warriorfan808Author Commented:
Looks like this will be a problem.  Whoever is coming in with this client, is going to have to have a router that has IPSec Passthrough enabled.  Not all the IOS's have this feature.

I have DSL at home and cable at work.  If I hook directly into my public IP at home, should I be able to use the client?
0
 
JJT2750Commented:
On your DSL at home, who is the provider and what kind of modem do you have?
0
 
Rob WilliamsCommented:
The quick VPN can be finicky some times or at least it is often reported as such here. Personally I have never had a problem. One thing is make sure you have the latest version, especially for the client. Also a good idea to review the QuickVPN check list  posted earlier.

As for PPTP, you shouldn't have any problem with 1/2 dozen simultaneous users unless they are doing some heavy downloading. PPTP works well, it's just the QuickVPN or GreenBow clients are little more secure and they do not require port forwarding so again a little more secure.
0
 
warriorfan808Author Commented:
I was able to use QuickVPN.  You all were right, it was extremely easy to set up.  Explaining to people about IPSec Passthrough might be rough though.

I never knew that you had to do port fowarding for PPTP.  I also remember reading somewhere in the router documentation that I'm limited in the amount of PPTP connections I can have.  I really wish IPSec Passthrough wasn't such a problem on people's home routers.  If they go through PPTP, then I have to make them a password, which I would rather not do.

I wonder if there's an updated firmware that will let me set the password restrictions for the router.

Thanks a lot guys.  I let this thread go on way too long.  I'm going to divide up the points because all of you have helped a lot.

Thanks again.
0
 
Rob WilliamsCommented:
Thanks warriorfan808.

For some reason IPSec pass-trough on the client end is not always necessary for outgoing connections. Seems to depend on the make and model of the router.

Port forwarding is not really necessary for PPTP, but rather when you are connecting to a VPN server behind the router. The packets have to be forwarded to the appropriate VPN device whether it is PPTP, L2TP or IPSec. The advantage of setting up the VPN on the router is it is the terminating device and no ports need to be forwarded.

I assume by password restrictions you mean the level of complexity. None as of yet but it is a good idea. You could set the passwords yourself and check the box that disables the users ability to change the password.

Cheers,
--Rob
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 7
  • 7
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now