Solved

Linksys VPN without RAS???

Posted on 2006-11-04
25
678 Views
Last Modified: 2007-12-19
Okay I am working backwards - haha - I know how to create a vpn server with windows 2000 or 2003 server with RAS. But I dont understand how people are creating a VPN with just windows XP Pro and a linksys router. I have 5 public IP's, I have a linksys wrt54g router and I have a dedicated XP pro machine. I think I have forwarded all the correct ports on the linksys router (which by the way I am not use to that, I am use to using NAT tables).

I guess my question is do I still use one of my external ip's with xp's vpn client software?

How does the linksys router know that external ip needs to go to a spfic internal ip with out nat?
            I am guessing port forwarding.


I am confused on how this is set up? Give me a server, nat and some external ip's and I am good to go. But this has got me stumped. Can someone please explain what I am missing here.

Thanks
0
Comment
Question by:modest911
  • 10
  • 10
  • 4
  • +1
25 Comments
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Do you mean they are setting up a VPN using the Linksys router as the VPN endpoint rather than a RAS server? If so, easy to do, but you have the wrong Linksys. Some of the Linksys routers are VPN pass-through capable such as the WRT54G, others are VPN routers, usually indicated with a V in the name. Though most require using IPSec, which is difficult to set up with the Windows client, the RV042, RV082 series allow you to use their own QuickVPN client, or the standard Windows PPTP VPN client. For the latter, the router needs the latest firmware.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
Or, Linksys also makes the BEFVP41, which has this capability...  a little easier on the pocketbook also...  :)
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
I agree Fatal Exception, the BEFVP41, a great router, is almost 1/2 the price but it is not compatible with the default PPTP client (unless they have added that with recent firmware). Setting it up with a Windows client using IPSec is a pain in the neck, but it does work well if you have the patience. If interested:
http://www.homenethelp.com/vpn/router-linksys.asp
0
 
LVL 21

Expert Comment

by:mcsween
Comment Utility
I don't understand what type of VPN you are trying to create.

Where is the client?
Are you trying to make your XP machine accept incoming VPN connections, or are you trying to initiate a VPN to another server?  
Is the Linksys your gateway or the remote gateway you want to terminate at?
0
 
LVL 2

Author Comment

by:modest911
Comment Utility
mcsween -

Basically what we have is a linksys router that at one time worked at different location (another state). This small business owner met me and over time figured out that I know a little bit about this kind of stuff. He had a IT person in Miami set up this linksys VPN and it worked fine. The small business owner was able to "VPN" into a windows xp sp2 pro client from his house. He has now moved to atlanta where I am at and he said he can know longer VPN in. I asked him how he was doing this before and he kept pulling up IE and putting in one of his external ip address, he said that was how he was able to VPN in. I questioned that but kept my thoughts to myself. So basically I am not really sure how he has done this is the past. But this is what I got know. One linksys router (gateway) that has worked in this environment before, external static ips, and a windows xp pro client.  He told me the only thing that is different is the modem that Bellsouth gave him which is now a netopia (all in one type modem), where as he use to have a westel. From what I understand this can be done by forwarding ports on the linksys router to a internal xp client. So basically any requests that come in on that port will be forwarded (kind of like nat I guess).  So I am assuming I would just use windows xp vpn client, put in the external ip and when the vpn client hits the linksys on that port the linksys then forwards to the internal client. Correct? Ipsec is not a option because I dont want to go to this guys house and set up another router to create the tunnel.

Thanks
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Has the client site, or the host site moved? or both?
I am assuming the Host site has remained in place and it is the client site that has moved.

You are going to have to find out what is at the Host site (the site to which he is connecting). If he is entering a public IP in his web browser it sounds more like Small Business Server's "Remote Web Workplace", or a 3rd party VPN. Most VPN's use a VPN client, either the Windows, or similar. If you are suggesting he is connecting to a VPN Linksys router at the host site with a web browser, that could only be their newest VPN router the RVL200 which uses SSL and you connect using https://<IP>

Again, if it is only the client that has moved, sounds like nothing has changed, and the connection should work unless
1) the IT guy set a restriction as to what IP the client can connect from
2) some part of the equipment at the new client site is blocking a required protocol/service. You mention the user now has a Nettopia modem, is this a combined modem/router. If so it may be in NAT mode. Many VPN's do not like dual NAT devices such as a combined modem/router as well as a second router like the Linksys. Try connecting the user directly to the modem, by-passing the local router. If this works the modem may need to be put in Bridge mode. Also some routers and ISP's do not support some VPN protocols. There is no need to configure port forwarding at the client site, that is only done at the host site and presumably that has not changed.
0
 
LVL 2

Author Comment

by:modest911
Comment Utility
Everything has moved client and host to a new state -

Yes the netopia modem is one of those combined router modem, wirless units. But he is not using any of those ports on the modem expect going to the linksys. I am pretty sure the modem is in bridge mode. He has bellsouth and I set up a lot of users with bellsouth and routers. The modems always has to be in bridged mode to get the router working.

Errr.

 I am going to talk with this guy Monday after work and try and get more info from him. I will let you know what I find out
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
I agree, Rob..  sounds more like Remote Desktop than a VPN...  you can do this on any client XP system if you install IIS...

http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
FE I was thinking SBS Remote Web Workplace, forgot about Remote Desktop Web Connection, the latter is even more likely.

modest911, best to see what equipment and type of connection at host end and then I'm sure we can all help to resolve.
Regardless probably need the new modem in bridge mode and appropriate pot forwarding enabled on the Linksys at the host end. Client end, if in fact a VPN, would only require PPTP-Pass-through enabled.
0
 
LVL 2

Author Comment

by:modest911
Comment Utility
Okay I got some more info and manuals. Basically he is using pcAnywhere and a camera software called geovision.

He is use to opening up internet explorer and putting in a external ip for the geovision software so he could monitor his store.

And use pcAnywhere to connect to the 3 internal computers.


Here is the setup. Linksys router as the gateway.  He has the camera server at ip 192.168.2.85 and his main pcAnywhere server at 192.168.2.80. Now my question is - How do I "NAT", "forward" or whatever from external ip to either on of those internal ips on a linksys router.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
You will need to find out what ports that he has configured for the software...  

http://www.practicallynetworked.com/support/linksys_router_help_pg4.htm

In order to connect to pcAnywhere hosts that are behind routers using Network Address Translation (NAT), there are two things that you need:

    * A routable IP address for the Host. Refer to the document How to determine the IP address of a pcAnywhere host for additional information
    * Port forwarding to forward ports 5631 (TCP) and 5632 (UDP)

And here is what I found for geovision:

http://www.portforward.com/english/routers/port_triggering/Linksys/BEFW11S4v1.50.14/GeoVision_DMIP.htm
0
 
LVL 2

Author Comment

by:modest911
Comment Utility
haha - you found the samething I found


http://www.portforward.com/english/routers/port_forwarding/Linksys/WRT54G/GeoVision_Webcam.htm


http://www.portforward.com/english/routers/port_forwarding/Linksys/WRT54G/pcAnywhere.htm


I do understand what I need for nat - But what I was asking what is the equal with the linksys and it seems this port forwarding is basically the samething

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 2

Author Comment

by:modest911
Comment Utility
More to come
0
 
LVL 2

Author Comment

by:modest911
Comment Utility
just thought of something - I am assuming with port forwarding it wont matter what external ip I use correct? So if the router sees a request on a certain port then it will forward it. That is where I am confused between the differences of nat and port forwarding. Nat I can just take that external IP and say hey if you have a request on that external ip convert it to this internal ip. Port forwarding is working with ports and I am assuming it doesnt matter what external Ip I use correct?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>"I am assuming it doesn't matter what external Ip I use correct?"
Correct, so long as the remote user knows what IP to which they need to connect.
If a service uses a none standard port, for a given service, you can also specify the port with the connection information using a colon such as:
66.66.123.123:8080
0
 
LVL 2

Author Comment

by:modest911
Comment Utility
RobWill - You say "as the remote user knows what IP to which they need to connect". What I am saying is it wont matter what External IP I give him because the router will see activity on that port and forward it correct?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Right !
He will connect to the Public/External IP, and the router will be reconfigured with the information to forward all traffic on the specified ports to the machine/IP you have configured. He won't know or care how he gets connected <G>.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
And, if you do use a non-standard port, it would have to be configured on both sides of the connection.. otherwise, the app knows what port to use, and will follow that port through the router..
0
 
LVL 2

Author Comment

by:modest911
Comment Utility
Hmm so I put the ports in the linksys and everything seems to be working at the site with the external ips for the camera server and pcanywhere. but as soon as you leave the office and use the external ip we cant get to anything. Pc anywhere wont work or I cant get to the camera server. What I did for the camera server though is gave it a external static ip, gateway, and dns in the tcp ip properties.

I will be going back Monday to take a look.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>"I put the ports in the linksys and everything seems to be working at the site with the external ips for the camera server and pcanywhere"
That sounds odd. Most routers will not allow you to connect to the external IP's from the same site, they will not "loop-back" the packets to the same network. I question if it is configured correctly.
You should be able to test by logging onto a device to which port forwarding is pointing, for example a PC configured for PC Anywhere access, and going to  http://www.canyouseeme.org   and testing for the forwarded ports.

>>"What I did for the camera server though is gave it a external static ip, gateway, and dns in the tcp ip properties."
If so rather than using port forwarding you need to create a NAT 1-t-1 rule. Will your router support that?
0
 
LVL 2

Author Comment

by:modest911
Comment Utility
"If so rather than using port forwarding you need to create a NAT 1-t-1 rule. Will your router support that?"


There is NO natting in the linksys that has been my problem and my question.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>"There is NO natting in the linksys "
Right, so you have to use port forwarding.
Above when you mentioned "can I use any public IP', perhaps I misunderstood. You can use any public IP, but your router will only allow you to use one. You can only work with port forwarding.
Did you try the canyouseeme test a service to see if the port forwarding is properly configured?
0
 
LVL 2

Author Comment

by:modest911
Comment Utility
Oh man this gets even better - Check this out.

Netopia in DHCP mode for external Ip address
Linksys in DHCP mode for internal - But linksys is getting one external ip from Netopia
Cisco router (haha dont know config) But I do know that this box has a external antenna for cell booting on it. This gets it ip from netopia.

Just to see if it would work I gave the camera server an external ip and hook it up to the netopia - With external dns, and gateway. I wanted to see if I could get this thing online. I used what I thought was Nat in the netopia (Netopia calls it IPmaps) I put the external IP of the netpoia (the netopia external gateway address) to the internal of the cam server (but that has an external address from the netopia). Was able to get to the cam server internal but not external.

Yes I also ran can you see me. The only ports that could be seen was 80. I went through a lot tonight and have to process some info. But long story short. I am thinking this config with wanting to use PC Anywhere and still have the Antenna for cell boost will not work. The only way I can see this working is if I put each PC Anywhere client with a external IP. Bad. I got a lot to think about. Basically two DHCP server (built into routers) with different network ranges, a cell antenna that has to have a external ip...........



This is how its hooked up

External antenna (external ip)

to the

Cisco (do not know config)

to the

Netopia (Serves external ips)

to the

Linksys (Serves internal ips)


I want to be able to connect to cam server and be able to connect to 3 remote PC Anywhere clients. I dont care at this point how I have to do this. But I am "freaking out man". haha.  
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
Sorry I cannot help without a more detailed explanation of the configuration. There should be no problem to use these services with port forwarding, rather than NAT, though you may have to forward to multiple addresses such as port forward from router1 to router2 and then to the PC, but I really don't understand the physical configuration or the IP addressing based on above. Sorry.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Thanks modest911, Good luck with it.
Cheers  !
--Rob
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

Suggested Solutions

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now