dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1890
share rss forum feed


Soliman

@comcast.net

[VPN] RV042 VPN Router Problems

I am trying to figure out the proper way to setup my network. I have a Verizon JetPack MiFi (which essentially is serving as the modem), a wrt54gs running tomato firmware, and a linksys rv042 vpn router. In order to connect the vpn to the verizon jetpack, since the jetpack does not have any ethernet ports, i set the wrt54gs as a wireless client and connected it to the verizon jetpack. I then connected the rv042 into the wrt54g. However, it seems no matter what i do, i cannot establish a vpn connection. Are there any special settings i must have for the jetpack, the wrt54g, or the rv042?

Heres a simple diagram to summarize:

Jetpack (4g) ----> Wrt54G (Running tomato and in Client Mode) ----> RV042

Any help would be greatly appreciated, and thank you in advance!


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

2 edits
The problem is likely because you are passing through two NAT routers before you even get to the RV042. You will need to setup the two external NAT routers to do port forwarding for the ports needed by the VPN (and/or enable the appropriate VPN passthrough modes in those routers if they have such a mode).

If you are using the RV042's PPTP VPN, you will need to make sure that TCP port 1723 is serially forwarded*. If you are using the RV042's QuickVPN, then (as I recall...it has been a while since I used the RV0xx VPN) you will need to forward UDP ports 500 and 4500, and TCP ports 443 and/or 60443.

* By "serially forwarded", I mean that your MiFi adapter will need to forward to the wrt54gs, and the wrt54gs will need to forward to your RV042. Putting each downstram router into its upstream router's DMZ might work instead of doing port forwarding.

I have made both the QuickVPN and the PPTP work from behind a single external NAT router before, but I have never attempted to try to get through two external NAT routers, so it may not be possible (although the PPTP is usually more resilient to passing through NAT than the QuickVPN or traditional IPSEC tunnels)
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. -- US Constitution

When governments fear people, there is liberty. When the people fear the government, there is tyranny. -- Thomas Jefferson


Soliman

@comcast.net
I attempted the DMZ approach, it seems like it still is not working. Its a weird setup, but i cannot think of any alternatives with the equipment I have available.

Thank you for your reply


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
said by Soliman :

I attempted the DMZ approach, it seems like it still is not working. Its a weird setup, but i cannot think of any alternatives with the equipment I have available.

Thank you for your reply

I wish I could offer you a specific fix, but VPNs and cascaded NAT have always been a classic quarrelsome odd couple.

One last piece of advice is that the remote VPN client's private LAN subnet, and the private LAN subnets of each of the NAT routers (including the final LAN on the RV042) must always be different. That may or may not be your problem, but it is a fairly common one that can throw a monkey wrench into any VPN connection.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. -- US Constitution

When governments fear people, there is liberty. When the people fear the government, there is tyranny. -- Thomas Jefferson


Soliman

@comcast.net
Here is what i did currently. I have the wrt54gs running tomato now set as an wireless ethernet bridge as opposed to an ethernet client. Now it is essentially transparent and in theory its nat should not interfere. The wifi jetpack has the vpn router in dmz (which is assigned the ip of 192.168.1.3)

So same setup as before, but now the vpn router is "closer" to the wifi jetpack.

Now, the jetpack has an ip of 192.168.1.1. The wrt54gs has one of 192.168.1.2, only so it can be accessed via the web, its ip really is irrelavent, and the vpn has a wan ip of 192.168.1.3 and lan ip of 192.168.20.1

It is supposed to assign clients and ip within the 192.168.20.x range

I have tried both pptp and the quickconnect client from a computer with an ip of 192.168.1.1 on a different network (even different external ip) to reach it, yet it seems it still fails.

Thank you for your help thus far, it is quite a confusing setup I know, haha.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
said by Soliman :

Here is what i did currently. I have the wrt54gs running tomato now set as an wireless ethernet bridge as opposed to an ethernet client. Now it is essentially transparent and in theory its nat should not interfere. The wifi jetpack has the vpn router in dmz (which is assigned the ip of 192.168.1.3)

So same setup as before, but now the vpn router is "closer" to the wifi jetpack.

Now, the jetpack has an ip of 192.168.1.1. The wrt54gs has one of 192.168.1.2, only so it can be accessed via the web, its ip really is irrelavent, and the vpn has a wan ip of 192.168.1.3 and lan ip of 192.168.20.1

It is supposed to assign clients and ip within the 192.168.20.x range

I have tried both pptp and the quickconnect client from a computer with an ip of 192.168.1.1 on a different network (even different external ip) to reach it, yet it seems it still fails.

Thank you for your help thus far, it is quite a confusing setup I know, haha.

If you can do it, try changing the 192.168.1.1/24 subnet on either the remote PC or the jetpack/wrt54gs/rv042 network segment to something else. As I previously explained, having two network segments using the same IP subnet can kill a VPN connection.

FWIW, using a local 192.168.0.1/24, 192.168.1.1/24, or 192.168.2.1/24 subnet is not a good idea for any network that hosts a VPN. Those IP subnets are used as the default values by most residential/soho modems/routers (and Microsoft's ICS), and using one of those subnets greatly increases the probability that a remote PC will share the same subnet.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. -- US Constitution

When governments fear people, there is liberty. When the people fear the government, there is tyranny. -- Thomas Jefferson