jb1013
asked on
GRE passthrough for VPN using Linksys WRT54G V5?
Is there any way to make this work, or am I looking a new router?
Rick Hobbs
Yes. GRE passthrough = Allow IPSEC. Under advanced select Allow IPSEC
I am sorry. It is under Security.
ASKER
Unfortunately that does not do the trick. Error 628 at the point of authenication. From what I've been reading for some reason V5 of this router does not support GRE despite having the IPSec Passthrough and PPTP passthrough settings enabled.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Doing it right now.
Check this URL, it is about the same problem. It says D-link also won't work. You need to get a Netgear.
Sorry, here is the URL: https://www.experts-exchange.com/questions/20799943/Setup-VPN-HELP.html
Hey! Check out this site. http://vowe.net/archives/004600.html
ASKER
Thanks Rick,
I've been looking at some of the alternative firmware, but apparently the V5 does not support the linux firmwares that previous models did/do. I've always recommended Linksys routers, but I guess that may be changing. I'll just switch to a Dlink that I know will work.
Thanks again for you help. I'm going to leave open this evening just to see if someone comes up with something I've not found, but chances are you'll be getting the points by tommorow.
I've been looking at some of the alternative firmware, but apparently the V5 does not support the linux firmwares that previous models did/do. I've always recommended Linksys routers, but I guess that may be changing. I'll just switch to a Dlink that I know will work.
Thanks again for you help. I'm going to leave open this evening just to see if someone comes up with something I've not found, but chances are you'll be getting the points by tommorow.
I have been searching all over. Everybody comes to the conclusion we have. One guy said "Turn off the firewall", but what would be the point of the unit without it?
ASKER
Exactly, thanks for your help.
Actually the WRT54G does support VPN pass-through.
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1149562300349&pagename=Linksys%2FCommon%2FVisitorWrapper
To enable GRE check "PPTP pass-through" rather than IPSec.
There can be other reasons GRE is blocked though.
Where is the WRT54G located at the VPN client site or VPN server site ?
Is this a router you are connecting to or a Windows VPN server?
Is the modem at either site a combined router and modem ?
A 628 error usually is not a GRE or PPTP pass-through error but more likely port forwarding or incorrectly configured VPN server. Have you forwarded port 1723 at the VPN server site ?
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1149562300349&pagename=Linksys%2FCommon%2FVisitorWrapper
To enable GRE check "PPTP pass-through" rather than IPSec.
There can be other reasons GRE is blocked though.
Where is the WRT54G located at the VPN client site or VPN server site ?
Is this a router you are connecting to or a Windows VPN server?
Is the modem at either site a combined router and modem ?
A 628 error usually is not a GRE or PPTP pass-through error but more likely port forwarding or incorrectly configured VPN server. Have you forwarded port 1723 at the VPN server site ?
ASKER
Everything I've read says that all versions of the WRT54G work except v5 due to the GRE limitation?
WRT54G is at the server site. I'm attempting to connect to a Windows VPN Server. PPTP and IPSec passthrough are enabled. All the recommeded ports are fowarded in the router to the server.
I believe the modem does have routing capabilities, but I'm almost certain it is bridge mode. Sorry, I don't have the model of the modem or access to until Tues to confirm that.
WRT54G is at the server site. I'm attempting to connect to a Windows VPN Server. PPTP and IPSec passthrough are enabled. All the recommeded ports are fowarded in the router to the server.
I believe the modem does have routing capabilities, but I'm almost certain it is bridge mode. Sorry, I don't have the model of the modem or access to until Tues to confirm that.
You may be right with that particular V#. I have used 2 of them with older versions. I have to admit that the WRT54G does have a couple of peculiarities, unlike all the other Linksys units.
However, if GRE were the problem you most often get a 721 or 678 error. Without GRE/PPTP actually you can often make a connection but cannot communicate. Though this may be part of the problem I would tend to look at other options first.
First thing to check is that basic traffic is reaching the VPN server. Log on to that PC and go to http://www.canyouseeme.org and test for port 1723. It will advise if the basic VPN routing is reaching the VPN server. If test is negative you may have a routing or port forward issue.
This does not test for GRE. If the test is positive/successful then check the server configuration or you can use the pptpclnt.exe and pptpsrv.exe GRE test utilities which are available as part of the Windows Resource Kit or from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/
Software firewalls such as the Windows firewall, zone alarm, McAfee, Symantec can block VPN traffic. These can be configured to allow VPN traffic but you should disable for testing. Also Symantec's antivirus has a feature "Internet worm protection" that tends to block VPN's.
Do not turn off the firewall on the router.
However, if GRE were the problem you most often get a 721 or 678 error. Without GRE/PPTP actually you can often make a connection but cannot communicate. Though this may be part of the problem I would tend to look at other options first.
First thing to check is that basic traffic is reaching the VPN server. Log on to that PC and go to http://www.canyouseeme.org and test for port 1723. It will advise if the basic VPN routing is reaching the VPN server. If test is negative you may have a routing or port forward issue.
This does not test for GRE. If the test is positive/successful then check the server configuration or you can use the pptpclnt.exe and pptpsrv.exe GRE test utilities which are available as part of the Windows Resource Kit or from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/
Software firewalls such as the Windows firewall, zone alarm, McAfee, Symantec can block VPN traffic. These can be configured to allow VPN traffic but you should disable for testing. Also Symantec's antivirus has a feature "Internet worm protection" that tends to block VPN's.
Do not turn off the firewall on the router.
ASKER
I can telnet into 1723, and canyousee.org shows it can reach the service on 1723. No Firewalls other than in the router itself.
Running the GRE testing programs did not work. Packets sent to the IP address of the router, but not received at the server.
Very frustrating. Linksys support just continually danced all around the question concerning GRE. But I never got answer one way or the other. They blamed it on the OS. But, I got the feeling I was getting the brush off.
I'm going to try a router that I know works on Tuesday.
Thanks for the tips on the PPTP testing programs from the Resource Kit. Very useful!
Running the GRE testing programs did not work. Packets sent to the IP address of the router, but not received at the server.
Very frustrating. Linksys support just continually danced all around the question concerning GRE. But I never got answer one way or the other. They blamed it on the OS. But, I got the feeling I was getting the brush off.
I'm going to try a router that I know works on Tuesday.
Thanks for the tips on the PPTP testing programs from the Resource Kit. Very useful!
>>"Linksys support just continually danced all around the question concerning GRE"
Surprised they knew what you were talking about. <G> I am afraid they are not much help.
Definitely sounds like GRE being blocked. Perhaps it is the WRV54G. The only other thing to check is that neither end of the tunnel has 2 NAT (Network address Translation) devices such as a router. This will usually cause problems.
The router at either site should have a true public IP assigned to it's WAN/Internet interface, not a private such as:
192.168.x.x
10.x.x.x
172.16-31.x.x
If the router has a private WAN IP there is another router or combined modem/router performing NAT and this can block GRE.
One last thought, on occasion, though not very common, the ISP or modem may not support the protocol.
Surprised they knew what you were talking about. <G> I am afraid they are not much help.
Definitely sounds like GRE being blocked. Perhaps it is the WRV54G. The only other thing to check is that neither end of the tunnel has 2 NAT (Network address Translation) devices such as a router. This will usually cause problems.
The router at either site should have a true public IP assigned to it's WAN/Internet interface, not a private such as:
192.168.x.x
10.x.x.x
172.16-31.x.x
If the router has a private WAN IP there is another router or combined modem/router performing NAT and this can block GRE.
One last thought, on occasion, though not very common, the ISP or modem may not support the protocol.
ASKER
The WAN side of the router definately has true public IP addressed assigned to it. Like I said I think the modem, may have routing capabilities, but I'm pretty sure its in bridge mode. I'll find out tommorow, when I go to the site. Thanks for all your help!
If in bridge, that's fine. Good luck !
--Rob
--Rob
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
D-Link router did the trick for the VPN although I seem to be having other problems with Remote Desktop, and things like pinging computers by name when connected to the VPN. I'll likely be starting a new thread. Thanks for the help.
I hope from the accepted answer, everyone who follows doesn't think that Cisco has "eliminated GRE passthru" on all Linksys routers. Perhaps a problem with that model, but certainly is not the case. Glad to hear the D-Link worked.
If you have a connection but cannot ping. Make sure the subnets at either end of the tunnel are different, and the firewalls are disabled (for testing) on the computers to which you are trying to connect.
--Rob
If you have a connection but cannot ping. Make sure the subnets at either end of the tunnel are different, and the firewalls are disabled (for testing) on the computers to which you are trying to connect.
--Rob
I am glad that we now know that V5 of the Linksys WRT54g doesn't work, at least. Will save someone time in the future.
I tried a WRT54G V3.0 yesterday with a Windows PPTP client, and and the WatchGuard IPSec client, and it was fine, but there are definitely issues with the WRT54G's and maybe more with the V5. Lots of people have had problems with different VPN's, although primarily Linksys own IPSec QuickVPN client, behind that particular model. I don't know why some people do, and some don't. Other models, except some of the very old ones with old firmware, are fine.
Thanks for the update.As you say excellent information to know.
Thanks for the update.As you say excellent information to know.