VPN Issues with Linksys (WRT54GS) Wireless Router: I can establish a VPN connection but can't ping anything in the network.
I have a NetGear ProSafe VPN firewall at my work. I've got a VPN policy up and working. I've tested it from outside the network and I'm able to successfully to tunnel in and ping everything in our network and map drives, etc...
However, when I connect to the VPN from home via wireless router (WRT54GS), it does not work. I'm able to successfully establish a connection with the VPN (or at least the VPN software tells me it has successfully connected) but I can't ping anything on the network. My OS is Windows XP Home. I upgraded to the latest version of firmware for my wireless router last night to no avail. I've also got McAfee Internet Security Suite installed on my XP Home. I tried disabling the McAfee firewall and just having the router firewall and that didn't work either. Under my VPN option when I log into the router, I've got IPSec, PPTP, and L2TP all enabled. I'm not for sure where the hang up is. If I'm able to successfully establish a connection with my VPN, why can't I ping anything or map any drives? Any help will be much appreciated. Thanks for looking.
However, when I connect to the VPN from home via wireless router (WRT54GS), it does not work. I'm able to successfully establish a connection with the VPN (or at least the VPN software tells me it has successfully connected) but I can't ping anything on the network. My OS is Windows XP Home. I upgraded to the latest version of firmware for my wireless router last night to no avail. I've also got McAfee Internet Security Suite installed on my XP Home. I tried disabling the McAfee firewall and just having the router firewall and that didn't work either. Under my VPN option when I log into the router, I've got IPSec, PPTP, and L2TP all enabled. I'm not for sure where the hang up is. If I'm able to successfully establish a connection with my VPN, why can't I ping anything or map any drives? Any help will be much appreciated. Thanks for looking.
ASKER
I forgot to mention that I already changed that. I modified my router IP from 192.168.1.1 to 192.168.10.1 and the DHCP modified my PC and my other laptops so that worked. Yes, I'm able to connect to the VPN by directly connecting into the modem but then that leaves my wireless router inoperable and then none of my other laptops can connect to the internet. I would rather not have to unplug my PC from the router and plug it into the modem and cut off internet to all my other computers just so I can tunnel into my work VPN. Any other ideas?
Is the only problem connecting with a wireless connection or does the same problem exist with a wired connection to the WRT54GS ? VPN's and wireless seem to be a frequent problem.
ASKER
I haven't tried installing the client VPN software on one of my wireless laptops yet but it I have tried on the desktop that's directly wired to the router. This is my setup: cable modem to wireless router; wireless router directly connected to desktop PC; wireless router wirelessly connected to 3 more laptops. The desktop will successfully establish a vpn tunnel but I can't ping anything on the network or map drives. However I haven't changed my workgroup name at home to match the one at the office. I don't know if that would help. That would probably screw up my file and print sharing on my home network though.
No need to change the workgroup settings.
Only other thing I can think of is your modem may be a combined router and modem. To verify check the status page of your router and see what the WAN/Internet/Public IP is (not LAN). If it is 192.168.x.x, 10.x.x.x, or 172.16-31.x.x it means your router has been assigned a private IP address. If this is the case you will need to log on to the modem and change it to Bridge mode and set up the WAN configuration of the router. If a PPPoE connection you will need to know the user name an password for the account. If in doubt post the make and model of the modem and we can advise with specifics.
Only other thing I can think of is your modem may be a combined router and modem. To verify check the status page of your router and see what the WAN/Internet/Public IP is (not LAN). If it is 192.168.x.x, 10.x.x.x, or 172.16-31.x.x it means your router has been assigned a private IP address. If this is the case you will need to log on to the modem and change it to Bridge mode and set up the WAN configuration of the router. If a PPPoE connection you will need to know the user name an password for the account. If in doubt post the make and model of the modem and we can advise with specifics.
ASKER
I'll have to wait until lunch to go home and check. I don't know what PPPoE is. I will log into my router when I get home and check the WAN/Internet/Public IP (not 192.168.10.1). Do you happen to know what tab that configuration would be under on my router. I'm sure I can find it on my own but if you happen to know, it could save me some time. I will also post the make and model of my modem after I get back from lunch. It is almost 10:30 am (CST) and my lunch break is from 12pm to 1pm so I will get back to you then. If you have any other info you would like to share before then, I'll keep watching this post in case. Thanks again.
WAN/Public IP should be on "Status" page next to Configuration Type, under IP Address. It will show the connection type above. If you end up needing to change the connection information it will be on the "set up" page. It will also show connection type beside "Internet Connection Type" and will show Static, Dynamic, or PPPoE
If Dynamic -you do not need any configuration information
If PPPoE -you need to know user name and password
If Static (unlikely on a home connection) -need to know the IP address, subnet mask, gateway, and DNS servers
If Dynamic -you do not need any configuration information
If PPPoE -you need to know user name and password
If Static (unlikely on a home connection) -need to know the IP address, subnet mask, gateway, and DNS servers
ASKER
I guess my router set up is dynamic.
Here's the specs:
Firmware: v4.71.1, Apr. 11, 2006
Login Type: Automatic Configuration - DHCP
IP Address: 12.207.45.167
Subnet Mask: 255.255.255.0
Default Gateway: 12.207.45.1
DNS 1: 204.127.203.135
DNS 2: 216.148.225.135
MTU: 1500
Modem Specs:
Motorolla
SB4200
Surfboard Cable Modem
Here's the specs:
Firmware: v4.71.1, Apr. 11, 2006
Login Type: Automatic Configuration - DHCP
IP Address: 12.207.45.167
Subnet Mask: 255.255.255.0
Default Gateway: 12.207.45.1
DNS 1: 204.127.203.135
DNS 2: 216.148.225.135
MTU: 1500
Modem Specs:
Motorolla
SB4200
Surfboard Cable Modem
ASKER
Here's some more info on my router set up:
Under the Security tab I have "Block Anonymous Internet Requests" checked, "Filter IDENT (port 113)" checked, "Filter Multicast" unchecked, and "Filter Internet NAT Redirection" unchecked.
DMZ is disabled
Wireless QoS is disabled
UPnP is enabled
Nothing under Advanced Routing is setup.
Maybe some of this might bring a clue.
Under the Security tab I have "Block Anonymous Internet Requests" checked, "Filter IDENT (port 113)" checked, "Filter Multicast" unchecked, and "Filter Internet NAT Redirection" unchecked.
DMZ is disabled
Wireless QoS is disabled
UPnP is enabled
Nothing under Advanced Routing is setup.
Maybe some of this might bring a clue.
Sorry, I am out of ideas. Your Internet connection is fine and all above settings are fine as well. For the record some like to disable UPnP as there are some security issues with it, but it won't affect your VPN regardless. All I can suggest is there have been others who have been un-able to connect with IPSec VPN clients when behind a WRT54G (not the GS), though I don't know why.
What happens if you try one of the following firmwares for your router?
* www.dd-wrt.com : i believe the stable version is v23 sp1, great site, free upgrade software to your router
* www.sveasoft.com: a fee of 20$ for one year support, their talisman 1.1 is state of the art + they got an excellent forum for the wrt:s
Of course, the standard disclaimers apply (this can break your router, kill your cat etc...)
Both sites have great howto:s and very powerful forums (sveasoft is bigger, though) . Be sure to read the installation instructions before you proceed.
These firmware upgrades can do the trick, because you can change adjust the way the wrt54gs acts in a more sofisticated way.
Kindest regards , Georg
* www.dd-wrt.com : i believe the stable version is v23 sp1, great site, free upgrade software to your router
* www.sveasoft.com: a fee of 20$ for one year support, their talisman 1.1 is state of the art + they got an excellent forum for the wrt:s
Of course, the standard disclaimers apply (this can break your router, kill your cat etc...)
Both sites have great howto:s and very powerful forums (sveasoft is bigger, though) . Be sure to read the installation instructions before you proceed.
These firmware upgrades can do the trick, because you can change adjust the way the wrt54gs acts in a more sofisticated way.
Kindest regards , Georg
ASKER
Georg,
I went to the dd-wrt website link that you gave me and I searched for dd-wer v23 sp1 and found it. However, when I click on the v23 link it opens links to several zip files.
dd-wrt.v23_sp1_micro.zip
dd-wrt.v23_sp1_mini.zip
dd-wrt.v23_sp1_standard.zi
dd-wrt.v23_sp1_voip.zip
dd-wrt.v23_sp1_vpn.zip
I downloaded the dd-wrt.v23_sp1_vpn.zip. I read the support notes in the download and this is what the support notes stated for the wrt54gs router:
"For upgrading from the original Linksys firmware, please use the generic mini version (dd-wrt.vXX_mini_generic.b
There is no such file called dd-wrt.v23_mini_generic.bi
dd-wrt.v23_vpn_generic.bin
dd-wrt.v23_vpn_wrt54g.bin
dd-wrt.v23_vpn_wrt54gs.bin
dd-wrt.v23_vpn_wrt54gsv4.b
I'm not sure which firmware to upgrade to. I've got the latest firmware upgrade from linksys right now. It was released in April of this year.
Any ideas, Georg?
I went to the dd-wrt website link that you gave me and I searched for dd-wer v23 sp1 and found it. However, when I click on the v23 link it opens links to several zip files.
dd-wrt.v23_sp1_micro.zip
dd-wrt.v23_sp1_mini.zip
dd-wrt.v23_sp1_standard.zi
dd-wrt.v23_sp1_voip.zip
dd-wrt.v23_sp1_vpn.zip
I downloaded the dd-wrt.v23_sp1_vpn.zip. I read the support notes in the download and this is what the support notes stated for the wrt54gs router:
"For upgrading from the original Linksys firmware, please use the generic mini version (dd-wrt.vXX_mini_generic.b
There is no such file called dd-wrt.v23_mini_generic.bi
dd-wrt.v23_vpn_generic.bin
dd-wrt.v23_vpn_wrt54g.bin
dd-wrt.v23_vpn_wrt54gs.bin
dd-wrt.v23_vpn_wrt54gsv4.b
I'm not sure which firmware to upgrade to. I've got the latest firmware upgrade from linksys right now. It was released in April of this year.
Any ideas, Georg?
Hello,
dd-wrt.v23_sp1_mini.zip
will do the trick.
Be aware that you are voiding warranty etc. etc. Linksys will not support this firmware
I am using dd-wrt on 5-6 routers, and sveasoft on 20+. They work great, if you know what you are doing.
Be sure to read the documentation before you flash.
Generally:
* flash when you are cable connected, not wireless
* allow the router 2-3 minutes to accept and load the new firmware.
Good luck
dd-wrt.v23_sp1_mini.zip
will do the trick.
Be aware that you are voiding warranty etc. etc. Linksys will not support this firmware
I am using dd-wrt on 5-6 routers, and sveasoft on 20+. They work great, if you know what you are doing.
Be sure to read the documentation before you flash.
Generally:
* flash when you are cable connected, not wireless
* allow the router 2-3 minutes to accept and load the new firmware.
Good luck
I was just at friend's house who had cable internet and a linksys wireless g router. I tried connecting to my office VPN and it didn't work!
I did a little troubleshooting and was able to connect. Here is what I did:
Click Start->Connect To
Right-click your vpn connection and go to properties
Click the networking tab
Select PPTP VPN from the drop-down menu on top
Click the settings button on top
Make sure all 3 boxes are unchecked
Click OK
Try to connect
I did a little troubleshooting and was able to connect. Here is what I did:
Click Start->Connect To
Right-click your vpn connection and go to properties
Click the networking tab
Select PPTP VPN from the drop-down menu on top
Click the settings button on top
Make sure all 3 boxes are unchecked
Click OK
Try to connect
I feel stupid asking this question this late in the game but; are you using a built-in Windows PPTP VPN at the office, or an IPSec VPN connecting to the "NetGear ProSafe VPN firewall " ? I was assuming the later.
If using Windows enable PPTP pass-through on the WRT54GS rather than IPSec pass through.
As for the "Make sure all 3 boxes are unchecked" they are usually auto-negotiated.
If using Windows enable PPTP pass-through on the WRT54GS rather than IPSec pass through.
As for the "Make sure all 3 boxes are unchecked" they are usually auto-negotiated.
ASKER
I've been unsuccessful in all of these attempts. I appreciate everyone's help in trying to get this straightened out. I'm now abandoning the NetGear ProSafe VPN setup and now I will try to set up a VPN with the Microsoft software in XP Pro and Server 2003. Thanks again for everyone's help but we'll see how this other venture goes.
If setting the Windows VPN the following links may be helpful:
Windows 2003 VPN server:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows 2000 VPN server
http://www.onecomputerguy.com/w2k/w2k_vpn/w2k_vpn.htm
Windows XP VPN server:
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
Windows VPN VPN client:
http://www.onecomputerguy.com/networking/xp_vpn.htm
You also need to create a rule on the Netgear to forward port 1723 on the Netgear to the VPN server/computer. In addition GRE packets have to be allowed to pass, but on the Netgear if when creating the rule you use the built-in PPTP port 1723 service it will automatically do this for you. An example using the Netgear FVS318:
http://www.portforward.com/english/routers/port_forwarding/Netgear/FVS318/Point-to-Point_Tunneling_Protocol.htm
Windows 2003 VPN server:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows 2000 VPN server
http://www.onecomputerguy.com/w2k/w2k_vpn/w2k_vpn.htm
Windows XP VPN server:
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
Windows VPN VPN client:
http://www.onecomputerguy.com/networking/xp_vpn.htm
You also need to create a rule on the Netgear to forward port 1723 on the Netgear to the VPN server/computer. In addition GRE packets have to be allowed to pass, but on the Netgear if when creating the rule you use the built-in PPTP port 1723 service it will automatically do this for you. An example using the Netgear FVS318:
http://www.portforward.com/english/routers/port_forwarding/Netgear/FVS318/Point-to-Point_Tunneling_Protocol.htm
ASKER
Problem has been solved. I quit trying to set up a VPN with the Netgear VPN firewall and just set up a Microsoft PPTP VPN and now things work fine.
Definitely much easier. Glad to hear you got it up and running.
--Rob
--Rob
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have seen problems when connecting from a WRT54G router several times so it may have to do with the router as well. If in doubt try connecting directly to the modem. When doing so make sure your Windows patches are up to date, Windows Firewall enabled, and Virus protection up to date, to play it safe.