Solved

GRE passthrough for VPN using Linksys WRT54G V5?

Posted on 2006-07-16
23
9,916 Views
Last Modified: 2013-11-09
Is there any way to make this work, or am I looking a new router?
0
Comment
Question by:jb1013
  • 9
  • 8
  • 6
23 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17119001
Yes.  GRE passthrough = Allow IPSEC.   Under advanced select Allow IPSEC
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17119007
I am sorry.  It is under Security.
0
 
LVL 1

Author Comment

by:jb1013
ID: 17119036
Unfortunately that does not do the trick.  Error 628 at the point of authenication.  From what I've been reading for some reason V5 of this router does not support GRE despite having the IPSec Passthrough and PPTP passthrough settings enabled.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 22

Assisted Solution

by:Rick Hobbs
Rick Hobbs earned 500 total points
ID: 17119179
Then you are probably looking at a new router.  I would call their tech support and raise hell first.
0
 
LVL 1

Author Comment

by:jb1013
ID: 17119181
Doing it right now.
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17119211
Check this URL, it is about the same problem.  It says D-link also won't work.  You need to get a Netgear.
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17119215
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17119238
Hey!  Check out this site. http://vowe.net/archives/004600.html
0
 
LVL 1

Author Comment

by:jb1013
ID: 17119275
Thanks Rick,

I've been looking at some of the alternative firmware, but apparently the V5 does not support the linux firmwares that previous models did/do.  I've always recommended Linksys routers, but I guess that may be changing.  I'll just switch to a Dlink that I know will work.

Thanks again for you help.  I'm going to leave open this evening just to see if someone comes up with something I've not found, but chances are you'll be getting the points by tommorow.
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17119296
I have been searching all over.  Everybody comes to the conclusion we have.  One guy said "Turn off the firewall", but what would be the point of the unit without it?
0
 
LVL 1

Author Comment

by:jb1013
ID: 17119302
Exactly, thanks for your help.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17119311
Actually the WRT54G does support VPN pass-through.
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1149562300349&pagename=Linksys%2FCommon%2FVisitorWrapper
To enable GRE check "PPTP pass-through" rather than IPSec.

There can be other reasons GRE is blocked though.
Where is the WRT54G located at the VPN client site or VPN server site ?
Is this a router you are connecting to or a Windows VPN server?
Is the modem at either site a combined router and modem ?
A 628 error usually is not a GRE or PPTP pass-through error but more likely port forwarding or incorrectly configured VPN server. Have you forwarded port 1723 at the VPN server site ?
0
 
LVL 1

Author Comment

by:jb1013
ID: 17119421
Everything I've read says that all versions of the WRT54G work except v5 due to the GRE limitation?

WRT54G is at the server site.  I'm attempting to connect to a Windows VPN Server.  PPTP and IPSec passthrough are enabled.  All the recommeded ports are fowarded in the router to the server.

I believe the modem does have routing capabilities, but I'm almost certain it is bridge mode.  Sorry, I don't have the model of the modem or access to until Tues to confirm that.

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17119467
You may be right with that particular V#. I have used 2 of them with older versions. I have to admit that the WRT54G does have a couple of peculiarities, unlike all the other Linksys units.

However, if GRE were the problem you most often get a 721 or 678 error. Without GRE/PPTP actually you can often make a connection but cannot communicate. Though this may be part of the problem I would tend to look at other options first.
First thing to check is that basic traffic is reaching the VPN server. Log on to that PC and go to http://www.canyouseeme.org and test for port 1723. It will advise if the basic VPN routing is reaching the VPN server. If test is negative you may have a routing or port forward issue.
This does not test for GRE. If the test is positive/successful then check the server configuration or you can use the pptpclnt.exe and pptpsrv.exe GRE test utilities which are available as part of the Windows Resource Kit or from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/

Software firewalls such as the Windows firewall, zone alarm, McAfee, Symantec can block VPN traffic. These can be configured to allow VPN traffic but you should disable for testing. Also Symantec's antivirus has a feature "Internet worm protection" that tends to block VPN's.
Do not turn off the firewall on the router.

0
 
LVL 1

Author Comment

by:jb1013
ID: 17119675
I can telnet into 1723, and canyousee.org shows it can reach the service on 1723.  No Firewalls other than in the router itself.

Running the GRE testing programs did not work.  Packets sent to the IP address of the router, but not received at the server.

Very frustrating.  Linksys support just continually danced all around the question concerning GRE.  But I never got answer one way or the other.  They blamed it on the OS.  But, I got the feeling I was getting the brush off.

I'm going to try a router that I know works on Tuesday.

Thanks for the tips on the PPTP testing programs from the Resource Kit.  Very useful!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17122334
>>"Linksys support just continually danced all around the question concerning GRE"
Surprised they knew what you were talking about. <G> I am afraid they are not much help.

Definitely sounds like GRE being blocked. Perhaps it is the WRV54G. The only other thing to check is that neither end of the tunnel has 2 NAT (Network address Translation) devices such as a router. This will usually cause problems.
The router at either site should have a true public IP assigned to it's WAN/Internet interface, not a private such as:
192.168.x.x
10.x.x.x
172.16-31.x.x
If the router has a private WAN IP there is another router or combined modem/router performing NAT and this can block GRE.

One last thought, on occasion, though not very common, the ISP or modem may not support the protocol.
0
 
LVL 1

Author Comment

by:jb1013
ID: 17122558
The WAN side of the router definately has true public IP addressed assigned to it.  Like I said I think the modem, may have routing capabilities, but I'm pretty sure its in bridge mode.  I'll find out tommorow, when I go to the site.  Thanks for all your help!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17122631
If in bridge, that's fine. Good luck !
--Rob
0
 
LVL 22

Accepted Solution

by:
Rick Hobbs earned 500 total points
ID: 17126325
A lot of the messages I read on the WWW indicate that once Cisco took over Linksys they eliminated GRE passthru.  Probably to make you buy a more expensive router.  But unless everyone else stops supporting it, I think they are just shooting themselves through the foot (like IBM did with Micro-channel).
0
 
LVL 1

Author Comment

by:jb1013
ID: 17136110
D-Link router did the trick for the VPN although I seem to be having other problems with Remote Desktop, and things like pinging computers by name when connected to the VPN.  I'll likely be starting a new thread.  Thanks for the help.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17137343
I hope from the accepted answer, everyone who follows doesn't think that Cisco has "eliminated GRE passthru" on all Linksys routers. Perhaps a problem with that model, but certainly is not the case. Glad to hear the D-Link worked.

If you have a connection but cannot ping. Make sure the subnets at either end of the tunnel are different, and the firewalls are disabled (for testing) on the computers to which you are trying to connect.
--Rob
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17137526
I am glad that we now know that V5 of the Linksys WRT54g doesn't work, at least.  Will save someone time in the future.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17137746
I tried a WRT54G V3.0 yesterday with a Windows PPTP client, and and the WatchGuard IPSec client, and it was fine, but there are definitely issues with the WRT54G's and maybe more with the V5. Lots of people have had problems with different VPN's, although primarily Linksys own IPSec QuickVPN client, behind that particular model. I don't know why some people do, and some don't. Other models, except some of the very old ones with old firmware, are fine.
Thanks for the update.As you say excellent information to know.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question