JamesLevinworth
@embarqhsd.net
| reply to jmpage2
Re: Trouble getting Greenbow VPN Client working with RV042
said by jmpage2  :Doc, I haven't had any success using your tutorial and being able to access certain network applications when making VPN connection via greenbow to the RV042. At this point I am tempted to get ZyXel USG100 so I can use SSL VPN. Can you describe exactly what happens (error message, and/or what you tried) that is not connecting? If anyone can get you going, it's Doc. 
I hope you don't mind me saying so, and understanding your frustration here, but unless you have a bad router and/or firmware, it seems from everything you've posted that your issues still seem they very well could be client/system configuration related on either end (or even the other router between you).
Despite Cisco treating the RV0 series as the red-headed step child since taking them over, the RV0 series is a pretty solid VPN end-point device. Realizing your desire is to not use it as such, but just as a passthrough device and with a 3rd party client as well. Plenty of lower end routers can handle that, as long as you configure them correctly. That can be a delicate and sometimes frustrating task no matter who you use. I hate to see you invest more money at this point having not ruled that out. Your decision, but there are knowledgeable people in this thread who have attempted to/can help you rule it out if it really is your router is bad before you make that decision. Your call. |
|
jmpage2
join:2005-02-24
Littleton, CO | reply to jmpage2
Doc,
I haven't had any success using your tutorial and being able to access certain network applications when making VPN connection via greenbow to the RV042.
At this point I am tempted to get ZyXel USG100 so I can use SSL VPN. |
|
DocLarge
Premium
join:2004-09-08
1 edit | reply to jmpage2
"If" there were differences in IPSEC implementation amongst the greenbow versions, it would be listed at the (greenbow) site.
Here's a tutorial for using greenbow with Linksys (now CISCO) routers I put together a few years ago:
»www.linksysinfo.org/forums/showt···?t=48394
The folks who've used this have been more successful than not (from what they told us at Linksysinfo) in getting connected with greenbow to the WRV54G and RV0XX series routers.
Additionally, here's a link to the Quickvpn "guidelines" I, a friend, and various WRV54G/RV0XX users put together to help the linksyinfo community:
»www.linksysinfo.org/forums/showt···?t=47114
When I posted this, I originally started with just "6" rules, but over time, others started helping.
As previously pointed out, NETBIOS and quickvpn do not play with each other at all. I've noticed that when using quickvpn, information that would otherwise be available via PPTP is not available when using quickvpn.
Here's a link Toxic (linksysinfo site admin) posted with regards to netbios issues with quickvpn:
»www.linksysinfo.org/forums/showt···?t=47646
In the event the links are "deleted" because the are connecting to other sites, I've attached the instructional information in word documents.
Jay |
|
heberje
join:2009-06-11
Kensington, MD
 ·Cavalier Telephone
| reply to jimbopalmer
I gotta ask if both of you are using the same "Greenbow" client? I do not think that is the Linksys recomended client. I have had issues with linksys and Netgear small business ipsec devices when you dont use thier client software. IPsec vpn is a bit fussy. |
|
jmmilner
join:2001-11-20
Yorkville, IL
| reply to jmpage2
said by jmpage2 :Ever since Cisco acquired Linksys the support has gotten steadily worse. Sad but very true. Linksys was once a good brand at a fair price. Cisco appears to have purchased it on the assumption they could migrate Linksys customers to the heavy iron that Cisco makes and that customers would pay the premium price. Rebranding the Linksys Small Business while cutting support and firmware upgrades may have worked for the bean counters but they've lost my confidence.
Good luck. |
|
jmpage2
join:2005-02-24
Littleton, CO
| reply to jmmilner
I tried Quick VPN again and still no success, even with a rule in the Firewall that was to explicitly allow all traffic from my home lan segment to the remote office lan.
I do agree that at this point logging and sniffing are the next things that will need to be attempted to sort this out.
Unfortunately I don't know if I am going to invest the many hours this will take and I don't have a feeling that this will necessarily even result in a system that is working the way I want.
I bought this router a year ago in spite of some of the negative reviews. I have a fair amount of experience working on networks and simply assumed that the naysayers were missing obvious steps and so on.
It turns out that in fact I should have considered a better router from the start. Ever since Cisco acquired Linksys the support has gotten steadily worse.
In any event thanks for your help I will have to decide if it is worth my time to continue investigating this problem or if I would actually be better off instead to replace this RV042 with something better supported for client based VPN, either IPSEC or SSL. |
|
jmmilner
join:2001-11-20
Yorkville, IL
| reply to jmpage2
I agree that QuickVPN's behavior isn't sometimes pretty but wanted to be sure you knew you could at least still press on with your testing before everything was working smoothly. I use it for remote support of client networks themselves rather than access to the normal business functions of the clients, so I put up with the silly bits so I can do much of my work remotely.
Does the RV042 allow you to log both "allow" and "deny" policies? On the RV016 this is controlled on the "Log"/"System Log" menu. This may help you see what packets are getting passed and blocked by the RV042. You may also, based on the RV016's behavior, be able to create explicit firewall rules that force logging of packets to specific port numbers (e.g. 3389 for Remote Desktop). Another possible issue is the firewall on the target PC inside your wife's LAN - it may be blocking ports, especially if the firewall settings have been adjusted after Remote Desktop was set up. You can set Windows up to log its firewall activities - see the Microsoft KB for OS version-specific details. If all else fails, check out Wireshark to watch the packet traffic in detail. |
|
jmpage2
join:2005-02-24
Littleton, CO
| reply to jmpage2
Well, I can try and see if Quick VPN is actually connected at the time I get the error dialogue that indicates that there is a network problem and it is still trying to connect.
However, this seems problematic to tell a user that they will get annoying pop up error dialogue boxes that they should simply ignore.
In troubleshooting my problems with certain services for The Greenbow I have completely turned off the firewall on the RV042, and it still has not resolved the problems that I have had with getting file sharing and remote desktop to work correctly.
I suppose that it's possible that turning off the Firewall completely somehow inhibits traffic flow but this seems counter intuitive to me. |
|
jmmilner
join:2001-11-20
Yorkville, IL
| reply to jmpage2
QuickVPN does indeed strongly dislike co-existing with any other VPN client. It is however based on OpenSSL which may be why it trips up with other VPN implementations using the same base.
One odd thing I have seen with QuickVPN is that it sometimes sticks at the "Verifying Connection" screen but it is actually connected. To check this out, you can use a DOS box to ping a known IP address on the remote LAN. If you get a response, you are connected. At that point I open Firefox and am able to access the web-based GUIs of the network elements.
Point well-taken on my need to update the other thread. If I don't get over to the site this weekend, I'll be there Wednesday for my scheduled visit.
Did you ever add firewall rules to allow traffic between your home subnet (e.g. 192.168.X.Y/24) and your wife's office subnet (e.g. 10.0.A.B/24). On the RV016 this is done under the "Firewall"/"Access Rules" tab:
HTTP [80] WAN1 192.168.X.0 ~ 192.168.X.255 10.0.A.0 ~ 10.0.A.255 Always
HTTP [80] LAN 10.0.A.0 ~ 10.0.A.255 192.168.X.0 ~ 192.168.X.255 Always
As for dumping the RV042, I'd consider it if business conditions allow. My RV016 customer is struggling just to stay in business these days so we either make it work or do without. When better times return I'll be considering other vendors as Linksys by Cisco doesn't really cut it for a single-vendor basic VPN small business solution. |
|
jmpage2
join:2005-02-24
Littleton, CO
| reply to jmpage2
Thanks for taking the time to respond. In the thread you linked you were going to "try some things" and update the thread but never did respond back and indicate what, if anything ultimately resolved the issue and what your exact final config was that got things to work.
At this point when I try to get Quick VPN going the client connects, gets through some initial authentication and then winds up at a screen asking if you want to wait longer as the remote network is not responding. It never gets past this stage and I have tried it on two different client boxes.
I'm not sure if Quick VPN will suit me either since one of the boxes I would want to use to access the network in question has a different VPN client loaded on it and from what I read Quick VPN will never work if any other client has EVER been loaded on the target client machine.
If you have some further input I would still like to hear it. At the moment using The Green Bow I can get connected but can't get remote desktop traffic and some other things to pass from the remote subnet to the client.
I am tempted to dump the RV042 at this point and even though it's quite a bit more expensive, get the ZyXel USG100 as it offers full web based SSL VPN connectivity. I imagine that this would work it's just too bad that it's so pricey. |
|
jmmilner
join:2001-11-20
Yorkville, IL
| reply to jmpage2
I've been down the same road with a RV016, which Linksys/Cisco positions as the big brother of the RV042. I had the same difficulty with QuickVPN client (hardly a "Business Series" product in my book). After posting recently in this forum I was able to get the QuickVPN client to work. You might want to review this thread »Client that actually works with RV016? |
|
jmpage2
join:2005-02-24
Littleton, CO
| reply to mmcm888
Well, as I would need a 2 user license, the software solution that you linked would cost us about $50 per month. At that price I can buy an amazing hardware solution, including full blown VPN routers for both the home and office, or, alternatively I could buy an SSL VPN appliance with a 2 user license for what one year of software would cost.
I appreciate the link and information but it seems like a horribly expensive alternative, especially when you tally up how much it will cost over a 3 year period of time. |
|
mmcm888
join:2009-03-09
| reply to jmpage2
You can avoid all the grief with hardware by using a hosted VPN service such as »www.accessmylan.com. Full network access from the remote PC using the provided IpSec client. There is a free trial.
mo. |
|
jmpage2
join:2005-02-24
Littleton, CO | reply to jmpage2
That's great. If someone who is doing client side IPSEC could respond it would really be helpful.
I have no interest in setting up a site to site VPN between my home and her office. |
|
jimbopalmer
Tsar of all the Rushers
join:2008-06-02
Greenwood, MS
 ·Windjammer Cable
| reply to jimbopalmer
I blotted out user names |
|
jimbopalmer
Tsar of all the Rushers
join:2008-06-02
Greenwood, MS
·Windjammer Cable
|  reply to jimbopalmer
I blotted out my 'internet' IP addresses |
|
jimbopalmer
Tsar of all the Rushers
join:2008-06-02
Greenwood, MS
·Windjammer Cable
1 edit | reply to jmpage2
I am going to talk about how router to router IPSEC VPNs work as they are what I know best, and touch on Router to client PPTP as I see the router side of that. Neither are exactly what you want to do.
In a router to router VPN, the goal is to make no changes on the computers, either the servers or clients.
The computer has a subnet mask and an IP Address, often 255.255.255.0 and 192.168.X.Y X is different at the other end of the VPN. For other addresses in the same X, the router is not involved. If the destination is outside the subnet, the router gets involved.
A VPN adds a second chance to be local, so the destination is compared to the VPN's subnet first, before going to the 'real' routing table. I set my subnet mask there to be 255.255.0.0 and the subnet to be 192.168.0.0, so all 192.168.Z.Z addresses are VPNed, not routed. (this does not effect the local traffic as they never went to the router in the first place)
Finally if the address is outside my VPN range it is routed to the internet at large. (I print screened this in the next message)
With PPTP clients, it is handled differently, they are assigned 4 addresses inside my Subnet. (I print screened this as well, 2 messages down)
--
I tried to remain child-like, all I achieved was childish. |
|
jmpage2
join:2005-02-24
Littleton, CO
| reply to jmpage2
Well "put it in the trash" is probably a bit of an exaggeration. I'm just completely flabbergasted that it's so involved to set up one simple client based IPSEC VPN client to this stupid RV042.
I've actually gotten the tunnel to work finally on the RV042 to my wife's PC.
The following things don't work though;
1. Remote Desktop to PCs on the remote network.
2. UNC pathname shares (even using the IP address).
If I can get these two things to work I think I'll be okay with it. I don't mind putting a few LMHOSTS entries in for her couple of Windows boxes.
One of the challenges is I expect that the RV042 needs to be set up to allow traffic out the VPN interface, but I can see no policy to set this up.
Also, I probably need to give a blanket "allow" on the remote servers to access the subnet that the VPN user appears on, but the problem is I can't figure out what IP address the VPN tunnel shows up on as there is no log if it anywhere! |
|
jimbopalmer
Tsar of all the Rushers
join:2008-06-02
Greenwood, MS | reply to jmpage2
Put it in the mail to me! I am using 8 of them, router to router. flemington at cableone dot net
--
I tried to remain child-like, all I achieved was childish. |
|
jmpage2
join:2005-02-24
Littleton, CO | reply to jmpage2
Thanks for the comments. I am hopeful that someone who has set this up and has it working will be able to give me some guidance before the RV042 winds up in the trash. |
|
