amartinas
join:2007-11-19
USA
| [VPN] QuickVPN confusion
I have an RVS4000 wired router with a VPN account on it. I installed quickvpn on a laptop of mine. I then piggybacked off a neighbor's wireless connection.
I was able to establish a VPN connection to my router from the neighbor's network. I could ping devices on the network as well.
My confusion is that i thought anything i did, once the vpn connection was established, would be routed through my home router. And, for instance, if i went to "whatismyip.com", it would show my router's address rather than my neighbor's router's address. This is not what happened.
What am i missing here? Isn't vpn supposed to put your computer "on another network" (in this case, my home network), and then the everything about that computer 0should run as if it were on that network? |
|
amartinas
join:2007-11-19
USA | .... |
|
jza80
join:2005-10-29
Sacramento, CA
| reply to amartinas
I've never used QuickVPN, but see if theres a option for transparent tunneling or split tunneling.
Transparent tunnel = everything goes over the VPN tunnel.
Split tunnel = any traffic (web browsing, etc..) that does not need to go over the VPN tunnel, will go out thru the local network. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
 ·AT&T Southeast
 ·Cingular Wireless
·AT&T CallVantage
3 edits | reply to amartinas
The symptom you see is is because the Linksys QuickVPN client by design is a split tunnel as described by jza80  in the above post. In fact, QuickVPN is a proprietary interface, and doesn't even show up in a netstat -r or ipconfig /all query (see below).
;This is the route table and ipconfig with no VPN connection:
C:\>netstat -r
Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0xb0002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.99.18.28 10.99.18.28 1
10.99.18.28 255.255.255.255 127.0.0.1 127.0.0.1 50
10.255.255.255 255.255.255.255 10.99.18.28 10.99.18.28 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.99.18.28 10.99.18.28 1
255.255.255.255 255.255.255.255 10.99.18.28 10.99.18.28 1
Default Gateway: 10.99.18.28
===========================================================================
Persistent Routes:
None
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : rws-wks
Primary Dns Suffix . . . . . . . : dcs-net.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dcs-net
PPP adapter AT&T Wireless:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.99.18.28
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.99.18.28
DNS Servers . . . . . . . . . . . : 172.18.145.103
172.18.145.103
Primary WINS Server . . . . . . . : 10.11.12.13
Secondary WINS Server . . . . . . : 10.11.12.14
NetBIOS over Tcpip. . . . . . . . : Disabled
;This is the route table and ipconfig with a Linksys QuickVPN connection:
C:\>netstat -r
Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0xb0002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.99.18.28 10.99.18.28 1
10.99.18.28 255.255.255.255 127.0.0.1 127.0.0.1 50
10.255.255.255 255.255.255.255 10.99.18.28 10.99.18.28 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.99.18.28 10.99.18.28 1
255.255.255.255 255.255.255.255 10.99.18.28 10.99.18.28 1
Default Gateway: 10.99.18.28
===========================================================================
Persistent Routes:
None
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : rws-wks
Primary Dns Suffix . . . . . . . : dcs-net.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dcs-net
dcs-net
PPP adapter AT&T Wireless:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.99.18.28
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.99.18.28
DNS Servers . . . . . . . . . . . : 192.168.10.1
172.18.145.103
172.18.145.103
Primary WINS Server . . . . . . . : 10.11.12.13
Secondary WINS Server . . . . . . : 10.11.12.14
NetBIOS over Tcpip. . . . . . . . : Disabled
As you can see in the above route table and ipconfig printouts, the only difference between a direct connection to the wireless network and the activation of the QuickVPN client is the addition of the VPN tunnel router as the primary DNS server when the QuickVPN client is active.
What you want to do can be quickly and easily done with a PPTP VPN tunnel if the RVS4000 supports it. I am too lazy to lookup the specs on the RVS4000, but my RV082 supports both IPSEC and PPTP tunnels. Some "security experts" do not like the PPTP tunnel because it is not certificate based, but with a sufficiently complex passphrase, it is quite secure.
Here is an example of a PPTP VPN connection to my network:
;This is the route table and ipconfig with a PPTP VPN connection:
C:\>netstat -r
Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0xb0002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0xc0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.99.18.28 10.99.18.28 2
0.0.0.0 0.0.0.0 192.168.10.200 192.168.10.200 1
10.99.18.28 255.255.255.255 127.0.0.1 127.0.0.1 50
10.255.255.255 255.255.255.255 10.99.18.28 10.99.18.28 50
74.170.163.101 255.255.255.255 10.99.18.28 10.99.18.28 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.200 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.10.255 255.255.255.255 192.168.10.200 192.168.10.200 50
224.0.0.0 240.0.0.0 10.99.18.28 10.99.18.28 2
224.0.0.0 240.0.0.0 192.168.10.200 192.168.10.200 1
255.255.255.255 255.255.255.255 10.99.18.28 10.99.18.28 1
255.255.255.255 255.255.255.255 192.168.10.200 192.168.10.200 1
Default Gateway: 192.168.10.200
===========================================================================
Persistent Routes:
None
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : rws-wks
Primary Dns Suffix . . . . . . . : dcs-net.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dcs-net
PPP adapter AT&T Wireless:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.99.18.28
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.99.18.28
DNS Servers . . . . . . . . . . . : 172.18.145.103
172.18.145.103
Primary WINS Server . . . . . . . : 10.11.12.13
Secondary WINS Server . . . . . . : 10.11.12.14
NetBIOS over Tcpip. . . . . . . . : Disabled
PPP adapter DCS Enterprises:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.200
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.10.200
DNS Servers . . . . . . . . . . . : 192.168.10.1
;Here is proof that the PPTP VPN connection does route through the VPN tunnel:
C:\>tracert www.yahoo.com
Tracing route to www.yahoo-ht3.akadns.net [69.147.76.15]
over a maximum of 30 hops:
1 247 ms 1799 ms 219 ms dcs-gw1.dcs-net [192.168.10.1]
2 248 ms 233 ms 239 ms 68.216.204.212
3 188 ms 459 ms 480 ms 68.152.188.53
4 231 ms 399 ms 279 ms 65.83.237.110
5 209 ms 180 ms 179 ms 65.83.238.92
6 172 ms 177 ms 239 ms 65.83.238.150
7 211 ms 219 ms 219 ms cr2.nsvtn.ip.att.net [12.123.129.74]
8 280 ms 279 ms 279 ms cr1.cl2oh.ip.att.net [12.122.28.74]
9 411 ms 299 ms 520 ms cr2.cl2oh.ip.att.net [12.122.2.126]
10 370 ms 379 ms 379 ms cr2.phlpa.ip.att.net [12.122.2.210]
11 350 ms 379 ms 559 ms cr1.wswdc.ip.att.net [12.122.4.54]
12 349 ms 379 ms 379 ms tbr1.wswdc.ip.att.net [12.122.16.10]
13 291 ms 300 ms 319 ms gar8.wswdc.ip.att.net [12.122.113.21]
14 289 ms 299 ms 299 ms 12.86.111.22
15 289 ms 360 ms 320 ms ae1-p170.msr2.re1.yahoo.com [216.115.108.29]
16 302 ms 549 ms 309 ms te-8-1.bas-a2.re1.yahoo.com [66.196.112.201]
17 331 ms 348 ms 339 ms f1.www.vip.re1.yahoo.com [69.147.76.15]
Trace complete.
C:\>tracert dcs-srv
Tracing route to dcs-srv.dcs-net [192.168.10.2]
over a maximum of 30 hops:
1 154 ms 162 ms 146 ms dcs-gw1.dcs-net [192.168.10.1]
2 138 ms 159 ms 136 ms dcs-srv.dcs-net [192.168.10.2]
Trace complete.
Perhaps there is a way to configure the Linksys QuickVPN client to do a transparent tunnel, but I am not aware of a way to do this.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
»portscan.dcs-net.net
»nature-pics.com |
|
amartinas
join:2007-11-19
USA
| reply to amartinas
that is really good information from both posters. i appreciate it.
netfixer, can i bug you some more? i downloaded your user guide and things looks relatively the same across both our products. however, any reference to PPTP on my router only seems to talk about the "european" ISP connection. we know this to be fraudulent to some extent; the point is that the router's help information is SEVERELY LACKING.
that said, can you describe the process of setting up point to point on your router? perhaps i can reverse engineer the process on mine from that information.
this shit is so frustrating because the help information in the margins of the device don't help - they simply provide a definition of the headings and sections on the device. as does the manual. definitions instead of explanations. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·Vonage
·AT&T Southeast
·Cingular Wireless
·AT&T CallVantage
1 edit | I just went to the on-line simulator for the RVS4000 at »ui.linksys.com/files/RVS4000/1.0···main.htm and I don't see any setup procedure for PPTP VPN.
The Internet Connection Type [PPTP] is entirely different from a PPTP VPN connection.
The RV082 has a PPTP VPN server setup tab under the VPN setup tab.
It would appear that your only options for creating a transparent VPN tunnel would be to use PPTP passthrough on your RVS4000 and setup a PPTP server on your LAN, or manually create an IPSEC tunnel in your RVS4000 and your laptop. Microsoft has some instructions in their Knowledge Base and TechNet sites, but this is not for the faint of heart, and I would not even attempt to try to guide someone through doing this in an on-line forum such as this. You might try searching the LinksysInfo forum at »www.linksysinfo.org/forums/forum···der=desc to see if someone has posted a workaround for the QuickVPN client, or perhaps has posted step by step instructions for creating an IPSEC tunnel that will support transparency.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
»portscan.dcs-net.net
»nature-pics.com |
|
amartinas
join:2007-11-19
USA
1 edit | thanks again. it figures that they'd f*ck this up to prevent actual useful functionality from being incorporated into it. i was looking at the ipsec stuff, but the RVS always wants some damn static IP address. i need to be able to say "set up a ipsec tunnel. allow ayone to connect with the right passphrase. PERIOD." and of course, it dilutes the process as severely as possible. |
|
jza80
join:2005-10-29
Sacramento, CA
2 edits | Not all the fields need a static ip address.
Local security group: ip address or ip address + subnet mask of RVS4000.
Remote security group: Any
Remote security gateway: Any
.
.
Any setting for remote security group and remote security gateway allows connections from any ip.
Theres also key management, phase 1, and phase 2. Phase 1 and phase 2 are under advanced settings.
After you get the router setup, you need to setup a ipsec client. The settings in the client need to match with the router, otherwise it will not work.
Heres a guide for setting up thegreenbow with linksys routers: »www.linksysinfo.org/forums/showt···?t=48394
RVS4000 and thegreenbow: »www.thegreenbow.com/doc/tgbvpn_c···0_en.pdf
thegreenbow supports tunnel and transport modes. »www.thegreenbow.com/vpn_faq.html#Overview4
.
.
You don't have to use thegreenbow. Theres other ipsec vpn clients, but its up to you to figure out how to set it up. |
|
amartinas
join:2007-11-19
USA
2 edits | edit:
i see that the firmware on the UI shows "1.0.13". I am running 1.2.11 and it looks like this:
so unfortunately, this is not an option for me, and again, it appears that linksys aims to REMOVE as much useful functionality (or not implement it) as much as possible. |
|
jza80
join:2005-10-29
Sacramento, CA
| said by amartinas :so unfortunately, this is not an option for me, and again, it appears that linksys aims to REMOVE as much useful functionality (or not implement it) as much as possible. You keep saying this, but have you even tried to set it up and test it? Seems to me that your just giving up.
I only see minor changes between the on-line simulator and the firmware your using.
1. You have a local security gateway type.
2. Remote security gateway type and remote security group type are now grouped together (remote group setup).
3. Any setting is gone from remote security group type. Theres only ip addr. and subnet. See below for how to get around this.
4. Key exchange method, phase 1, and phase 2 are combined into ipsec setup.
.
.
.
ipsec vpn tunnel: enable
tunnel name: give it a name
remote security group type: choose ip addr. and enter 0.0.0.0 or choose subnet and enter 0.0.0.0 for ip address and 0.0.0.0 for subnet mask. 0.0.0.0 is the same as any IP. |
|
amartinas
join:2007-11-19
USA
1 edit | 0.0.0.0 being the same as any ip is fraudulent, unfortunately! thanks for your help, but linksys has made this a lost cause!! |
|
jza80
join:2005-10-29
Sacramento, CA
| said by amartinas :0.0.0.0 being the same as any ip is fraudulent, unfortunately! Why do you say its fraudulent?
If you understand IP addresses and subnet mask, you would know that 0.0.0.0 = any IP. |
|
amartinas
join:2007-11-19
USA
| i dont know why were arguing over this, but ill bite. while im familiar with 0.0.0.0 representing a "default route" in networking, i have never heard of what youre talking about. perhaps youre thinking of a proprietary setup on a specific product (or line of products, one of which is not linksys)
you'd need to throw in some pretty official looking, IEEE, direct link to a source to sell me on this. but like i said, its really not a big deal. this is linksys' fault! thanks for your persistence! |
|
