mitchel_kuijper
asked on
VPN to our Clients for Service, programming changes, updates.
We are a custom install company, specializing in high end home integration systems, audio, video, security, automation, voice an data wiring, etc….
I’d like to be able to connect remotely to clients homes and provide service to the systems we install that are on the network (ie CCTV DVR, HAI Alarm / control system, etc…)
We installed a Linksys RV042 linksys router with VPN and updated the firmware it to get PPTP.
We assigned static ip addresses in the router (DHCP) by way of entering the mac and ip address – making a reservation for the particular device.
I’ve turn on remote admin on the router to be able to make changes at will from home or work.
Problem:
I’m able to connect to the VPN via WinXP built in software client with out problems
I can Ping (VIA CMD)
192.168.1.60 = CCTV DVR – pings ok
192.168.1.50 = Wap – no response
192.168.1.51 = Wap #2 - no response
192.168.1.53 = HAI Control system – no response
I have software that’s used to program and customize the HAI system which is done via network.
For some reason I’m not able to connect to the control system using this software, as I’ve do in the past with a port forward on the router.
I was hoping that a VPN connection would avoid the need for a port forward.
In fact I thought once I’ve made a VPN connection everything on that network is “Pingable” and as if you are on the LAN.
That seems to not be the case here.
I’d like to be able to connect remotely to clients homes and provide service to the systems we install that are on the network (ie CCTV DVR, HAI Alarm / control system, etc…)
We installed a Linksys RV042 linksys router with VPN and updated the firmware it to get PPTP.
We assigned static ip addresses in the router (DHCP) by way of entering the mac and ip address – making a reservation for the particular device.
I’ve turn on remote admin on the router to be able to make changes at will from home or work.
Problem:
I’m able to connect to the VPN via WinXP built in software client with out problems
I can Ping (VIA CMD)
192.168.1.60 = CCTV DVR – pings ok
192.168.1.50 = Wap – no response
192.168.1.51 = Wap #2 - no response
192.168.1.53 = HAI Control system – no response
I have software that’s used to program and customize the HAI system which is done via network.
For some reason I’m not able to connect to the control system using this software, as I’ve do in the past with a port forward on the router.
I was hoping that a VPN connection would avoid the need for a port forward.
In fact I thought once I’ve made a VPN connection everything on that network is “Pingable” and as if you are on the LAN.
That seems to not be the case here.
ASKER
Thanks RobWill your responce
My office and home office use an ip range in the 10.76.23/24 range to avoid conflicts
Actually there are no PC at the remote end that I want to connect to, in fact we only want to connect to our equipment not the clients computers.
Our equipment is an HAI embedded controller for alarm and a dedicated micro CCTV DVR to rec cameras.
As for PPTP on the rv042 that’s something that I found whiel on the phone with Linksys tech support, he said to update firmware and bam there was the PPTP option on the far right of the vpn menu.
Is pptp a good way to connect? It seems easy to setup even though I’m not finished.
I need to be able to do this by way of a “client software” to VPN router connection, I don’t’ want to involve onsite PC’s that belong to clients.
That way I can setup the same VPN shortcuts on my laptop and have “remote” / remote access to my clients systems should they have a problem with their lighting control scenes or brightness for instance.
I’ve tried the “quickVPN” SW that Linksys has but prefer the built in winXP – unless there is a reason to rethink that – please let me know.
My office and home office use an ip range in the 10.76.23/24 range to avoid conflicts
Actually there are no PC at the remote end that I want to connect to, in fact we only want to connect to our equipment not the clients computers.
Our equipment is an HAI embedded controller for alarm and a dedicated micro CCTV DVR to rec cameras.
As for PPTP on the rv042 that’s something that I found whiel on the phone with Linksys tech support, he said to update firmware and bam there was the PPTP option on the far right of the vpn menu.
Is pptp a good way to connect? It seems easy to setup even though I’m not finished.
I need to be able to do this by way of a “client software” to VPN router connection, I don’t’ want to involve onsite PC’s that belong to clients.
That way I can setup the same VPN shortcuts on my laptop and have “remote” / remote access to my clients systems should they have a problem with their lighting control scenes or brightness for instance.
I’ve tried the “quickVPN” SW that Linksys has but prefer the built in winXP – unless there is a reason to rethink that – please let me know.
>>"My office and home office use an ip range in the 10.76.23/24 "
Are you saying both are using 10.76.23.0/24 or 10.76.23.0 and 10.76.24.0 that for their local LAN. If the former, you will need to make a change. Subnets on either end of a VPN tunnel need to be different. If not the routing devices do not know whether to keep the traffic local or send to the remote network, and they are lost.
This could well be your problem, if you can ping some devices but open/access none. It is a very common problem with symptoms similar to yours.
>>"bam there was the PPTP option on the far right of the vpn menu"
Far right as in under "VPN pass-through" = "PPTP pass through" ? If so that is not the same thing. I don't have any I can check with the latest firmware so you may well be right, but there is no mention of it in the release notes so I was curious. Would be a nice feature to have.
>>"Is pptp a good way to connect? "
If you can connect to the router (not a VPN server behind it) using PPTP it is an excellent choice. The Linksys QuickVPN client is a little more secure, and even easier to set up, but it it doesn't work well behind a few routers. In your case where you would be always connecting from the same site it should be OK, but some mobile users seem to have some problems from time to time. With the QuickVPN, there is no set up on the client site other than enabling it on the router. It just needs a user name and password. However, if PPTP works, great. I agree it is straight forward.I'll have to try the new firmware on a router next time I get my hands on one.
Also I assume the clients only have one router, the RV042. If multiple routers, the RV042 needs to be set up as the default gateway for any device to which you wish to connect, or enter a static route.
Are you saying both are using 10.76.23.0/24 or 10.76.23.0 and 10.76.24.0 that for their local LAN. If the former, you will need to make a change. Subnets on either end of a VPN tunnel need to be different. If not the routing devices do not know whether to keep the traffic local or send to the remote network, and they are lost.
This could well be your problem, if you can ping some devices but open/access none. It is a very common problem with symptoms similar to yours.
>>"bam there was the PPTP option on the far right of the vpn menu"
Far right as in under "VPN pass-through" = "PPTP pass through" ? If so that is not the same thing. I don't have any I can check with the latest firmware so you may well be right, but there is no mention of it in the release notes so I was curious. Would be a nice feature to have.
>>"Is pptp a good way to connect? "
If you can connect to the router (not a VPN server behind it) using PPTP it is an excellent choice. The Linksys QuickVPN client is a little more secure, and even easier to set up, but it it doesn't work well behind a few routers. In your case where you would be always connecting from the same site it should be OK, but some mobile users seem to have some problems from time to time. With the QuickVPN, there is no set up on the client site other than enabling it on the router. It just needs a user name and password. However, if PPTP works, great. I agree it is straight forward.I'll have to try the new firmware on a router next time I get my hands on one.
Also I assume the clients only have one router, the RV042. If multiple routers, the RV042 needs to be set up as the default gateway for any device to which you wish to connect, or enter a static route.
ASKER
no waht i means is that my home is 10.76.23.XX
and my office is 10.76.24.XX
i have the same setup at my office using a rv042, i can connect and RDP to a computer at my office jsut fine.
internally we use 10.76????
but for clients is alway 192.bla.bla.bal
to avoid issues.
At my hoem office i have a Juniper networks Netscreen router.
and my office is 10.76.24.XX
i have the same setup at my office using a rv042, i can connect and RDP to a computer at my office jsut fine.
internally we use 10.76????
but for clients is alway 192.bla.bla.bal
to avoid issues.
At my hoem office i have a Juniper networks Netscreen router.
>>"no waht i means is that my home is 10.76.23.XX and my office is 10.76.24.XX"
"internally we use 10.76???? but for clients is alway 192.bla.bla.bal"
That is good, shouldn't be any problem there.
Once the VPN is connected can you log onto the RV042's web management console using It's LAN IP (not public IP) such as http://192.168.1.1 ?
"internally we use 10.76???? but for clients is alway 192.bla.bla.bal"
That is good, shouldn't be any problem there.
Once the VPN is connected can you log onto the RV042's web management console using It's LAN IP (not public IP) such as http://192.168.1.1 ?
ASKER
nope jsut tryed that ping 10.76.25.1 no responce - but i am connectd to the network via WinXP VPN client.
and i can RDP to a old PC that's on site.
i jsut called Linksys for help 2:12hrs on the phone - mostly on hold, didn't get anywhere.
other then finding out that thier quickVPN software client dose NOT work with RV042 dispite what thier own site says.
i was told dont' worry abotu that as it will be updated on the site, sorry about that. LOL
i tried a client call thegreenbow, but can tell if it's connected or working or not.
i'm to the point where i'll jsut hire a IT guy to meet with and sort this out - im happy to pay to be trained by a pro.
and i can RDP to a old PC that's on site.
i jsut called Linksys for help 2:12hrs on the phone - mostly on hold, didn't get anywhere.
other then finding out that thier quickVPN software client dose NOT work with RV042 dispite what thier own site says.
i was told dont' worry abotu that as it will be updated on the site, sorry about that. LOL
i tried a client call thegreenbow, but can tell if it's connected or working or not.
i'm to the point where i'll jsut hire a IT guy to meet with and sort this out - im happy to pay to be trained by a pro.
>>"i am connectd to the network via WinXP VPN client"
>>"then finding out that thier quickVPN software client dose NOT work with RV042 "
Which client are you using? As I understand it, the Windows XP VPN client, connecting to the RV042? right?
Actually Linksys QuickVPN works quite well in most situations, but I must admit some people have problems, behind some routers/modems.
The RV042 must be set up as the default gateway for the devices to which you are connecting, or you have to add static routes.
Can you log on to web management console of the RV042 (using the public IP) and then on the diagnostic page ping the different devices? This doesn't require a functioning VPN, but is a good test for internal connectivity.
If you wish, I have logged on to numerous routers for others and checked the configuration. I would be happy to do so in this case. If so, do not post any private/security related information here, but send to the e-mail on my profile (click on RobWill). Please keep troubleshooting discussions here so they will benefit others. You mentioned "happy to pay to be trained by a pro", I am not interested in payment, and not what inspired the offer. Just willing to take a quick look, if you think it might help. Very odd you can connect to one computer but not be able to ping even the Linksys.
>>"then finding out that thier quickVPN software client dose NOT work with RV042 "
Which client are you using? As I understand it, the Windows XP VPN client, connecting to the RV042? right?
Actually Linksys QuickVPN works quite well in most situations, but I must admit some people have problems, behind some routers/modems.
The RV042 must be set up as the default gateway for the devices to which you are connecting, or you have to add static routes.
Can you log on to web management console of the RV042 (using the public IP) and then on the diagnostic page ping the different devices? This doesn't require a functioning VPN, but is a good test for internal connectivity.
If you wish, I have logged on to numerous routers for others and checked the configuration. I would be happy to do so in this case. If so, do not post any private/security related information here, but send to the e-mail on my profile (click on RobWill). Please keep troubleshooting discussions here so they will benefit others. You mentioned "happy to pay to be trained by a pro", I am not interested in payment, and not what inspired the offer. Just willing to take a quick look, if you think it might help. Very odd you can connect to one computer but not be able to ping even the Linksys.
ASKER
yes i'm connected via xp VPN
good tip on the diagnostic page.
i was able to ping a computer on site at out shop
Ping host or IP address: 10.76.25.100
Status: Test Succeeded
Packets: 4/4 transmitted, 4/4 received, 0% loss
Round Trip Time: Minimun = 1 ms
Maximun = 1 ms
Average = 1 ms
but if i try that using CMD . ping 10.76.25.100
i get failures - 100% loss
i used to be able to RDP to a computer onsite - but that's not workign wither anymore - that might be a PC lockup problem though.
i'll send you a priv message
good tip on the diagnostic page.
i was able to ping a computer on site at out shop
Ping host or IP address: 10.76.25.100
Status: Test Succeeded
Packets: 4/4 transmitted, 4/4 received, 0% loss
Round Trip Time: Minimun = 1 ms
Maximun = 1 ms
Average = 1 ms
but if i try that using CMD . ping 10.76.25.100
i get failures - 100% loss
i used to be able to RDP to a computer onsite - but that's not workign wither anymore - that might be a PC lockup problem though.
i'll send you a priv message
You might want to try reloading the firmware, where it is inconsistent, or a few people have reported with the RV042, reseting to factory defaults and re-configuring resolved their issues, as if some configuration setting had not been accepted first time around.
ASKER
i'd hav eto do that on site as that might casue me to loose remote managment.
ASKER
i jsut sen dyou a priv message - not sure if you got that yet.
Good point about the firmware.
Just got you message and logged on now. I'll set up a PPTP from here and test. I'll let you know in about 15 minutes how I make out.
--Rob
Just got you message and logged on now. I'll set up a PPTP from here and test. I'll let you know in about 15 minutes how I make out.
--Rob
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Perhaps you could confirm that.
Also the client's site and your site need to be on different subnets. If the client is using 192.168.1.x, your office should be something different such as 192.168.2.x To avoid future conflicts you might want to choose less common subnets such as using the last 2 digits of the clients address as the 3rd octet (easy to remember); e.g. 1921 Maple St = 192.168.21.x
If you can ping the various devices can you connect to them by IP rather than name? Names do not always resolve correctly over a VPN.
You are correct though you should be able to access all devices once connected without any port forwarding.
If interested in looking at the Linksys QuickVPN, below is a copy of an earlier post explaining how to set it up. The QuickVPN client is available for free from:
http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109974&packedargs=sku%3D1115416833192&pagename=Linksys%2FCommon%2FVisitorWrapper
Setting up the VPN may be easier than getting all the services running. Pick one remote computer to test and get everything working before tackling the others. I am assuming the Linksys Quick VPN ==>RV042 scenario. You may want to temporarily enable remote management of the RV042 so you can make changes while you are at the remote site. Here are some pointers.
-On the RV042 (main office) go to the VPN page and choose "VPN client access". Enter user name, password, enable active and choose add and save. If you want to use a better client such as http://www.thegreenbow.com/vpn.html you can set that up on the "Client to gateway page". Next, still on the VPN page switch to VPN pass through. Enable IPSec pass through and save.
-At the remote site, enable "IPSec pass-through" or "VPN pass through" depending what it is called. The router at the remote end needs to support VPN pass-through. Most recent routers do. (One problematic one is the Linksys WRV45G)
-On the remote user's PC install the Linksys Quick VPN client software. Next, create a profile by right clicking on the connection icon on the task bar and then entering a user name, password and the Linksys VPN router's IP Address. The address is the WAN/Internet address of the RV042. If you do not know it you can obtain by going to http://www.whatismyip.com from the site where the RV042 is located. Also if you are not using a static IP, you can set up a DDNS service (Dynamic Domain Name Service) to track the changes. Get it working first and we can deal with this later if you need to.
NOTE: On the remote PC the Local IP's have to be in a different subnet than the main office. For example if the office is using 192.168.1.x you have to change the 3rd octet to something like 192.168.2.x Also, the XP firewall will have to be configured for the VPN connection. I have never configured that with this client, but the first time you try to connect it should warn you, and you can choose to allow. If you have problems connecting you should temporarily disable it for testing purposes.
-You should now be able to connect to at least the RV042. Click on your Quick VPN icon, enter the password and see if it will connect. It will warn you if not. You can test by trying to ping the LAN side of the RV042.
Next, at the location where the RV042 resides, is the RV042 the default gateway for the servers and PC's. If so, you should be able to ping those devices as well. If not, I you will have to add a route to the remote devices using the route add command, not the best scenario.
As for services, some will work now such as remote desktop, telnet, etc.
In order to map your drives you are better to map to the IP and share rather than the computer name and share. e.g. Net Use H: \\192.168.1.101\ShareName
-Name resolution can be improved by adding to your LMHosts file on the remote PC. It is located in C:\Windows\System32\Driver