[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

VPN Issues with Linksys (WRT54GS) Wireless Router: I can establish a VPN connection but can't ping anything in the network.

Posted on 2006-06-06
21
Medium Priority
?
886 Views
Last Modified: 2008-01-09
I have a NetGear ProSafe VPN firewall at my work. I've got a VPN policy up and working. I've tested it from outside the network and I'm able to successfully to tunnel in and ping everything in our network and map drives, etc...
However, when I connect to the VPN from home via wireless router (WRT54GS), it does not work. I'm able to successfully establish a connection with the VPN (or at least the VPN software tells me it has successfully connected) but I can't ping anything on the network. My OS is Windows XP Home. I upgraded to the latest version of firmware for my wireless router last night to no avail. I've also got McAfee Internet Security Suite installed on my XP Home. I tried disabling the McAfee firewall and just having the router firewall and that didn't work either. Under my VPN option when I log into the router, I've got IPSec, PPTP, and L2TP all enabled. I'm not for sure where the hang up is. If I'm able to successfully establish a connection with my VPN, why can't I ping anything or map any drives? Any help will be much appreciated. Thanks for looking.
0
Comment
Question by:HbugProject
  • 8
  • 8
  • 2
  • +2
20 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16842497
Usually, assuming the office end VPN is working, when you can show a connection but not ping or connect to resources it is due to 1) blocked encapsulation protocol, or 2) identical subnets. #1 should be looked after by having enabled on the router, IPSec pass-through. However, if at home you are using the same subnet as the office you will have to change the subnet at home. They must be different to allow routing of traffic. If for example the office is using 192.168.1.x at home change to something like 192.168.2.x
I have seen problems when connecting from a WRT54G router several times so it may have to do with the router as well. If in doubt try connecting directly to the modem. When doing so make sure your Windows patches are up to date, Windows Firewall enabled, and Virus protection up to date, to play it safe.
0
 

Author Comment

by:HbugProject
ID: 16842564
I forgot to mention that I already changed that. I modified my router IP from 192.168.1.1 to 192.168.10.1 and the DHCP modified my PC and my other laptops so that worked. Yes, I'm able to connect to the VPN by directly connecting into the modem but then that leaves my wireless router inoperable and then none of my other laptops can connect to the internet. I would rather not have to unplug my PC from the router and plug it into the modem and cut off internet to all my other computers just so I can tunnel into my work VPN. Any other ideas?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16842619
Is the only problem connecting with a wireless connection or does the same problem exist with a wired connection to the WRT54GS ? VPN's and wireless seem to be a frequent problem.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:HbugProject
ID: 16842984
I haven't tried installing the client VPN software on one of my wireless laptops yet but it I have tried on the desktop that's directly wired to the router. This is my setup: cable modem to wireless router; wireless router directly connected to desktop PC; wireless router wirelessly connected to 3 more laptops. The desktop will successfully establish a vpn tunnel but I can't ping anything on the network or map drives. However I haven't changed my workgroup name at home to match the one at the office. I don't know if that would help. That would probably screw up my file and print sharing on my home network though.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16843055
No need to change the workgroup settings.
Only other thing I can think of is your modem may be a combined router and modem. To verify check the status page of your router and see what the WAN/Internet/Public IP is (not LAN). If it is 192.168.x.x, 10.x.x.x, or 172.16-31.x.x it means your router has been assigned a private IP address. If this is the case you will need to log on to the modem and change it to Bridge mode and set up the WAN configuration of the router. If a PPPoE connection you will need to know the user name an password for the account. If in doubt post the make and model of the modem and we can advise with specifics.
0
 

Author Comment

by:HbugProject
ID: 16843333
I'll have to wait until lunch to go home and check. I don't know what PPPoE is. I will log into my router when I get home and check the WAN/Internet/Public IP (not 192.168.10.1). Do you happen to know what tab that configuration would be under on my router. I'm sure I can find it on my own but if you happen to know, it could save me some time. I will also post the make and model of my modem after I get back from lunch. It is almost 10:30 am (CST) and my lunch break is from 12pm to 1pm so I will get back to you then. If you have any other info you would like to share before then, I'll keep watching this post in case. Thanks again.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16843450
WAN/Public IP should be on "Status" page next to Configuration Type, under IP Address. It will show the connection type above. If you end up needing to change the connection information it will be on the "set up" page. It will also show connection type beside "Internet Connection Type" and will show Static, Dynamic, or PPPoE
If Dynamic -you do not need any configuration information
If PPPoE -you need to know user name and password
If Static (unlikely on a home connection) -need to know the IP address, subnet mask, gateway, and DNS servers
0
 

Author Comment

by:HbugProject
ID: 16844615
I guess my router set up is dynamic.
Here's the specs:
Firmware: v4.71.1, Apr. 11, 2006
Login Type: Automatic Configuration - DHCP
IP Address: 12.207.45.167
Subnet Mask: 255.255.255.0
Default Gateway: 12.207.45.1
DNS 1: 204.127.203.135
DNS 2: 216.148.225.135
MTU: 1500

Modem Specs:
Motorolla
SB4200
Surfboard Cable Modem
0
 

Author Comment

by:HbugProject
ID: 16844722
Here's some more info on my router set up:
Under the Security tab I have "Block Anonymous Internet Requests" checked, "Filter IDENT (port 113)" checked, "Filter Multicast" unchecked, and "Filter Internet NAT Redirection" unchecked.
DMZ is disabled
Wireless QoS is disabled
UPnP is enabled
Nothing under Advanced Routing is setup.
Maybe some of this might bring a clue.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16844890
Sorry, I am out of ideas. Your Internet connection is fine and all above settings are fine as well. For the record some like to disable UPnP as there are some security issues with it, but it won't affect your VPN regardless. All I can suggest is there have been others who have been un-able to connect with IPSec VPN clients when behind a WRT54G (not the GS), though I don't know why.
0
 

Expert Comment

by:georgsiotis
ID: 16845339
What happens if you try one of the following firmwares for your router?

* www.dd-wrt.com : i believe the stable version is v23 sp1, great site, free upgrade software to your router
* www.sveasoft.com: a fee of 20$ for one year support, their talisman 1.1 is state of the art + they got an excellent forum for the wrt:s

Of course, the standard disclaimers apply (this can break your router, kill your cat etc...)
Both sites have great howto:s and very powerful forums (sveasoft is bigger, though) . Be sure to read the installation instructions before you proceed.
These firmware upgrades can do the trick, because you can change adjust the way the wrt54gs acts in a more sofisticated way.

Kindest regards , Georg
0
 

Author Comment

by:HbugProject
ID: 16852239
Georg,
I went to the dd-wrt website link that you gave me and I searched for dd-wer v23 sp1 and found it. However, when I click on the v23 link it opens links to several zip files.
dd-wrt.v23_sp1_micro.zip
dd-wrt.v23_sp1_mini.zip
dd-wrt.v23_sp1_standard.zip
dd-wrt.v23_sp1_voip.zip
dd-wrt.v23_sp1_vpn.zip
I downloaded the dd-wrt.v23_sp1_vpn.zip. I read the support notes in the download and this is what the support notes stated for the wrt54gs router:
"For upgrading from the original Linksys firmware, please use the generic mini version (dd-wrt.vXX_mini_generic.bin) and flash it from the web GUI interface.  After this first flashing you can change to any other distribution, if you want. For flashing via the web GUI interface, always use the included 'generic' binaries. The other Linksys router specific binaries are only meant for tftp upgrades."
There is no such file called dd-wrt.v23_mini_generic.bin in that download. Here's a list of the *.bin files in the download:
dd-wrt.v23_vpn_generic.bin
dd-wrt.v23_vpn_wrt54g.bin
dd-wrt.v23_vpn_wrt54gs.bin
dd-wrt.v23_vpn_wrt54gsv4.bin
I'm not sure which firmware to upgrade to. I've got the latest firmware upgrade from linksys right now. It was released in April of this year.
Any ideas, Georg?
0
 

Expert Comment

by:georgsiotis
ID: 16860925
Hello,

dd-wrt.v23_sp1_mini.zip

will do the trick.

Be aware that you are voiding warranty etc. etc. Linksys will not support this firmware
I am using dd-wrt on 5-6 routers, and sveasoft on 20+. They work great, if you know what you are doing.

Be sure to read the documentation before you flash.

Generally:
* flash when you are cable connected, not wireless
* allow the router 2-3 minutes to accept and load the new firmware.

Good luck
0
 

Expert Comment

by:donvfp
ID: 16881144
I was just at friend's house who had cable internet and a linksys wireless g router. I tried connecting to my office VPN and it didn't work!

I did a little troubleshooting and was able to connect. Here is what I did:

Click Start->Connect To
Right-click your vpn connection and go to properties
Click the networking tab
Select PPTP VPN from the drop-down menu on top
Click the settings button on top
Make sure all 3 boxes are unchecked
Click OK

Try to connect
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16881179
I feel stupid asking this question this late in the game but; are you using a built-in Windows PPTP VPN at the office, or an IPSec VPN connecting to the "NetGear ProSafe VPN firewall " ? I was assuming the later.
If using Windows enable PPTP pass-through on the WRT54GS rather than IPSec pass through.

As for the "Make sure all 3 boxes are unchecked" they are usually auto-negotiated.
0
 

Author Comment

by:HbugProject
ID: 16946075
I've been unsuccessful in all of these attempts. I appreciate everyone's help in trying to get this straightened out. I'm now abandoning the NetGear ProSafe VPN setup and now I will try to set up a VPN with the Microsoft software in XP Pro and Server 2003. Thanks again for everyone's help but we'll see how this other venture goes.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16946187
If setting the Windows VPN the following links may be helpful:
Windows 2003 VPN server:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows 2000 VPN server
http://www.onecomputerguy.com/w2k/w2k_vpn/w2k_vpn.htm
Windows XP VPN server:
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
Windows VPN VPN client:
http://www.onecomputerguy.com/networking/xp_vpn.htm
You also need to create a rule on the Netgear to forward port 1723 on the Netgear to the VPN server/computer. In addition GRE packets have to be allowed to pass, but on the Netgear if when creating the rule you use the built-in PPTP port 1723 service it will automatically do this for you. An example using the Netgear FVS318:
http://www.portforward.com/english/routers/port_forwarding/Netgear/FVS318/Point-to-Point_Tunneling_Protocol.htm
0
 

Author Comment

by:HbugProject
ID: 17154839
Problem has been solved. I quit trying to set up a VPN with the Netgear VPN firewall and just set up a Microsoft PPTP VPN and now things work fine.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 17158387
Definitely much easier. Glad to hear you got it up and running.
--Rob
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 17399790
PAQ / Refund
ee ai construct, community support moderator
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question