Solved

VPN to our Clients for Service, programming changes, updates.

Posted on 2006-07-14
17
391 Views
Last Modified: 2012-08-13
We are a custom install company, specializing in high end home integration systems, audio, video, security, automation, voice an data wiring, etc….
I’d like to be able to connect remotely to clients homes and provide service to the systems we install that are on the network (ie CCTV DVR,  HAI Alarm / control system, etc…)

We installed a Linksys RV042 linksys router with VPN and updated the firmware it to get PPTP.
We assigned static ip addresses in the router (DHCP) by way of entering the mac and ip address – making a reservation for the particular device.
I’ve turn on remote admin on the router to be able to make changes at will from home or work.

Problem:
I’m able to connect to the VPN via WinXP built in software client with out problems
I can Ping (VIA CMD)

192.168.1.60 = CCTV DVR – pings ok
192.168.1.50 = Wap – no response
192.168.1.51 = Wap #2 - no response
192.168.1.53 = HAI Control system – no response

I have software that’s used to program and customize the HAI system which is done via network.

For some reason I’m not able to connect to the control system using this software, as I’ve do in the past with a port forward on the router.
I was hoping that a VPN connection would avoid the need for a port forward.

In fact I thought once I’ve made a VPN connection everything on that network is “Pingable” and as if you are on the LAN.
That seems to not be the case here.


0
Comment
Question by:mitchel_kuijper
  • 7
  • 6
17 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17112766
Are you connecting the Windows PPTP client to the RV042 or to a Windows VPN server behind the router. As far as I was aware the RV042 could only be configured as an IPSec VPN end point connected to from another IPSec router, 3rd party client, Windows L2TP/IPSec client (not an easy task, or the simplest option using the Linksys QuickVPN client.

Perhaps you could confirm that.
Also the client's site and your site need to be on different subnets. If the client is using 192.168.1.x, your office should be something different such as 192.168.2.x To avoid future conflicts you might want to choose less common subnets such as using the last 2 digits of the clients address as the 3rd octet (easy to remember); e.g. 1921 Maple St = 192.168.21.x

If you can ping the various devices can you connect to them by IP rather than name? Names do not always resolve correctly over a VPN.
You are correct though you should be able to access all devices once connected without any port forwarding.

If interested in looking at the Linksys QuickVPN, below is a copy of an earlier post explaining how to set it up. The QuickVPN client is available for free from:
http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109974&packedargs=sku%3D1115416833192&pagename=Linksys%2FCommon%2FVisitorWrapper

Setting up the VPN may be easier than getting all the services running. Pick one remote computer to test and get everything working before tackling the others. I am assuming the Linksys Quick VPN ==>RV042 scenario. You may want to temporarily enable remote management of the RV042 so you can make changes while you are at the remote site. Here are some pointers.
 -On the RV042 (main office) go to the VPN page and choose "VPN client access". Enter user name, password, enable active and choose add and save. If you want to use a better client such as http://www.thegreenbow.com/vpn.html  you can set that up on the "Client to gateway page". Next, still on the VPN page switch to VPN pass through. Enable IPSec pass through and save.
 -At the remote site, enable "IPSec pass-through" or "VPN pass through" depending what it is called. The router at the remote end needs to support VPN pass-through. Most recent routers do. (One problematic one is the Linksys WRV45G)
 -On the remote user's PC install the Linksys Quick VPN client software. Next, create a profile by right clicking on the connection icon on the task bar and then entering a user name, password and the Linksys VPN router's IP Address. The address is the WAN/Internet address of the RV042. If you do not know it you can obtain by going to http://www.whatismyip.com from the site where the RV042 is located. Also if you are not using a static IP, you can set up a DDNS service (Dynamic Domain Name Service) to track the changes. Get it working first and we can deal with this later if you need to.
NOTE: On the remote PC the Local IP's have to be in a different subnet than the main office. For example if the office is using 192.168.1.x you have to change the 3rd octet to something like 192.168.2.x  Also, the XP firewall will have to be configured for the VPN connection. I have never configured that with this client, but the first time you try to connect it should warn you, and you can choose to allow. If you have problems connecting you should temporarily disable it for testing purposes.
 -You should now be able to connect to at least the RV042. Click on your Quick VPN icon, enter the password and see if it will connect. It will warn you if not. You can test by trying to ping the LAN side of the RV042.
Next, at the location where the RV042 resides, is the RV042 the default gateway for the servers and PC's. If so, you should be able to ping those devices as well. If not, I you will have to add a route to the remote devices using the route add command, not the best scenario.

As for services, some will work now such as remote desktop, telnet, etc.
In order to map your drives you are better to map to the IP and share rather than the computer name and share. e.g. Net Use H: \\192.168.1.101\ShareName

 -Name resolution can be improved by adding to your LMHosts file on the remote PC. It is located in C:\Windows\System32\Drivers\Etc\LMHosts.sam Open it up with Notepad, it has instructions included. At the bottom add an entry like " 192.168.1.101   ServerName   #Pre" hit enter at the end of the line (important). Then save as LMHosts without any extension. If you save as "LMHosts" with quotations you can be sure there is no hidden extension. Now you should be able to ping or connect to that device by name.
0
 

Author Comment

by:mitchel_kuijper
ID: 17112802
Thanks RobWill your responce

My office and home office use an ip range in the 10.76.23/24 range to avoid conflicts

Actually there are no PC at the remote end that I want to connect to, in fact we only want to connect to our equipment not the clients computers.

Our equipment is an HAI embedded controller for alarm and a dedicated micro CCTV DVR to rec cameras.

As for PPTP on the rv042 that’s something that I found whiel on the phone with Linksys tech support, he said to update firmware and bam there was the PPTP option on the far right of the vpn menu.

Is pptp a good way to connect? It seems easy to setup even though I’m not finished.

I need to be able to do this by way of a “client software” to VPN router connection, I don’t’ want to involve onsite PC’s that belong to clients.
That way I can setup the same VPN shortcuts on my laptop and have “remote” / remote access to my clients systems should they have a problem with their lighting control scenes or brightness for instance.

I’ve tried the “quickVPN” SW that Linksys has but prefer the built in winXP – unless there is a reason to rethink that – please let me know.


0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17112897
>>"My office and home office use an ip range in the 10.76.23/24 "
Are you saying both are using  10.76.23.0/24  or 10.76.23.0 and 10.76.24.0 that for their local LAN. If the former, you will need to make a change. Subnets on either end of a VPN tunnel need to be different. If not the routing devices do not know whether to keep the traffic local or send to the remote network, and they are lost.
This could well be your problem, if you can ping some devices but open/access none. It is a very common problem with symptoms similar to yours.

>>"bam there was the PPTP option on the far right of the vpn menu"
Far right as in under "VPN pass-through" = "PPTP pass through" ? If so that is not the same thing. I don't have any I can check with the latest firmware so you may well be right, but there is no mention of it in the release notes so I was curious. Would be a nice feature to have.

>>"Is pptp a good way to connect? "
If you can connect to the router (not a VPN server behind it) using PPTP it is an excellent choice. The Linksys QuickVPN client is a little more secure, and even easier to set up, but it it doesn't work well behind a few routers. In your case where you would be always connecting from the same site it should be OK, but some mobile users seem to have some problems from time to time. With the QuickVPN, there is no set up on the client site other than enabling it on the router. It just needs a user name and password. However, if PPTP works, great. I agree it is straight forward.I'll have to try the new firmware on a router next time I get my hands on one.

Also I assume the clients only have one router, the RV042.  If multiple routers, the RV042 needs to be set up as the default gateway for any device to which you wish to connect, or enter a static route.
0
 
LVL 30

Expert Comment

by:ded9
ID: 17113403
Try this vpn software

www.hamachi.cc


Reps
0
 

Author Comment

by:mitchel_kuijper
ID: 17113448
no waht i means is that my home is 10.76.23.XX
and my office is 10.76.24.XX

i have the same setup at my office using a rv042, i can connect and RDP to a computer at my office jsut fine.

internally we use 10.76????
but for clients is alway 192.bla.bla.bal

to avoid issues.

At my hoem office i have a Juniper networks Netscreen router.

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17115408
>>"no waht i means is that my home is 10.76.23.XX and my office is 10.76.24.XX"
     "internally we use 10.76????  but for clients is alway 192.bla.bla.bal"
That is good, shouldn't be any problem there.

Once the VPN is connected can you log onto the RV042's web management console using It's LAN IP (not public IP) such as http://192.168.1.1  ?


0
 

Author Comment

by:mitchel_kuijper
ID: 17115679
nope jsut tryed that ping 10.76.25.1 no responce - but i am connectd to the network via WinXP VPN client.
and i can RDP to a old PC that's on site.

i jsut called Linksys for help 2:12hrs on the phone - mostly on hold, didn't get anywhere.
other then finding out that thier quickVPN software client dose NOT work with RV042 dispite what thier own site says.
i was told dont' worry abotu that as it will be updated on the site, sorry about that. LOL

i tried a client call thegreenbow, but can tell if it's connected or working or not.

i'm to the point where i'll jsut hire a IT guy to meet with and sort this out - im happy to pay to be trained by a pro.



0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 77

Expert Comment

by:Rob Williams
ID: 17115894
>>"i am connectd to the network via WinXP VPN client"
>>"then finding out that thier quickVPN software client dose NOT work with RV042 "

Which client are you using? As I understand it, the Windows XP VPN client, connecting to the RV042? right?
Actually Linksys QuickVPN works quite well in most situations, but I must admit some people have problems, behind some routers/modems.

The RV042 must be set up as the default gateway for the devices to which you are connecting, or you have to add static routes.

Can you log on to web management console of the RV042 (using the public IP) and then on the diagnostic page ping the different devices? This doesn't require a functioning VPN, but is a good test for internal connectivity.

If you wish, I have logged on to numerous routers for others and checked the configuration. I would be happy to do so in this case. If so, do not post any private/security related information here, but send to the e-mail on my profile (click on RobWill). Please keep troubleshooting discussions here so they will benefit others. You mentioned "happy to pay to be trained by a pro", I am not interested in payment, and not what inspired the offer. Just willing to take a quick look, if you think it might help. Very odd you can connect to one computer but not be able to ping even the Linksys.

0
 

Author Comment

by:mitchel_kuijper
ID: 17115956
yes i'm connected via xp VPN

good tip on the diagnostic page.
i was able to ping a computer on site at out shop

Ping host or IP address:   10.76.25.100
 
Status:  Test Succeeded
Packets:  4/4 transmitted, 4/4 received, 0% loss
Round Trip Time:  Minimun = 1 ms
Maximun = 1 ms
Average = 1 ms
 
but if i try that using CMD . ping 10.76.25.100
i get failures - 100% loss

i used to be able to RDP to a computer onsite - but that's not workign wither anymore - that might be a PC lockup problem though.

i'll send you a priv message
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17115985
You might want to try reloading the firmware, where it is inconsistent, or a few people have reported with the RV042, reseting to factory defaults and re-configuring resolved their issues, as if some configuration setting had not been accepted first time around.
0
 

Author Comment

by:mitchel_kuijper
ID: 17115992
i'd hav eto do that on site as that might casue me to loose remote managment.

0
 

Author Comment

by:mitchel_kuijper
ID: 17115993
i jsut sen dyou a priv message - not sure if you got that yet.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17116023
Good point about the firmware.
Just got you message and logged on now. I'll set up a PPTP from here and test. I'll let you know in about 15 minutes how I make out.
--Rob
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 17116055
Interesting results:
Using the new PPTP service I created a new account 'Rob' (deleted now) and set up a matching XP VPN client on my computer. I was able to connect with the VPN, ping the router 10.76.25.1, ping a computer 10.76.25.100, open the Linksys web management with 10.76.25.1, and start a RDP session with 10.76.25.100. The RDP session of course I just got the log on screen, don't have UserName, but should verify connectivity.

The problem must be on your end.
I did notice you have a gateway to gateway tunnel set up as well. If you are trying to connect using the PPTP VPN from the remote site where the other end of the gateway to gateway tunnel resides you could have routing issues. Can you disable the IPSec tunnel and test?
Also you have PPTP, L2TP, IPSec pass-through enabled on the router. Though it should not be a problem, perhaps disable those as they are not necessary.

An other thought would be to delete and re-create your Windows VPN client. Instructions here if in doubt:
http://www.onecomputerguy.com/networking/xp_vpn.htm

Lastly, I wonder if there could be a conflict with the router at your remote site. Can you try connecting with a PC and PPTP client while connected directly to your modem, bypassing any routers?

When we are complete, please change router/access password.
--Rob
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now