DocLarge
Premium
join:2004-09-08
| reply to andy c
Re: WRV54G VPN Connection problem
Mills,
what are your exact settings? Disabling #1, #2, and #3 apply "if" you are using your WRV54G as an endpoint. Now, if you are trying to make a tunnel connection, enable #1, #2 and #3 (just the reverse) and go from there.
Also, try opening ports 1723, 4450, 500. At this point since you're still having problems, a little more trial and error should hurt  |
|
sgkmills
join:2004-11-09
Brooklyn, NY
| DocLarge,
My settings are as follows:
IPSEC Passthrough: Disabled
L2TP Passthrough: Disabled
PPTP Passthrough: Disabled
Tunnel: Disabled
Gateway: Disabled
Tunnel Name: NYC1
Local Sec. Grp (IP Addr.): 0.0.0.0
255.255.255.0
Remote Sec. Grp (IP Addr.): 0.0.0.0
255.255.255.0
Remote Sec. Gtwy (IP Addr.) 0.0.0.0
Encryption: DES
Authentication: Md5
Key Management: Auto(IKE)
PFS: Disabled
Pre-Shared Key: (Nothing)
Key Lifetime: 3600
Port 1723 TCP (computer w/router IP address here) unchecked
Port 1701 UDP (computer w/router IP address here) unchecked
Port 500 UDP (computer w/router IP address here) unchecked
Port 4500 UDP (computer w/router IP address here) unchecked
On the security tab of the router under firewall, the following are enabled:
firewall protection
filter multicast |
|
DocLarge
Premium
join:2004-09-08
| Mills,
from what I can see, your settings are pretty much like mine, so let's look at a few other things. For example, on the "setup" tab under "basic settings," this is what I have:
Internet connection type: Automatic Configuration - DHCP
MTU: Manual
MTU Size: 1500 (1500 is the Max)
Setting my MTU to manual and to 1500 stabilized "ALOT" of the problems I was having. Doing this cut down on 98% of the rebooting. You don't have to have the router itself set to a static ip; just make sure your clients are connecting via static ip if they are behind a router on another land or with a WAN ip if connected directly to a cable modem (dhcp might also work). FYI, I got a dynamic ip address "FOR FREE" from www.webreactor.net. I was up and running my ftp server in under 30 mins. I tried setting my wrv54g up with a static setting, but it had a tendency to lose it's WAN connectivity every couple of days in that configuration. So, I leave it set for DHCP (in case the ip happens to change) and I have no problems in that respect anymore.
Make sure the DHCP server feature is enabled so your vpn clients can pull an IP address once they connect. Additionally, make sure all vpn clients connection to your router have a static ip address. Let's try it from this angle and see what happens...
As stated before, the quickvpn client will create its own tunnel with the wrv54g, so don't bother with the directions linksys put out; that appears to be for people using 2000 server.
For those of you who've just joined onto this thread, my WRV54G is running "while utilizing the linksys quickvpn client" with all the settings mentioned in my posts. Prior to getting Linksys to send me beta firmware 2.36.5, I was able to connect via vpn with firmware 2.36. |
|
sgkmills
join:2004-11-09
Brooklyn, NY
| DocLarge,
I have verified all of the things you said, and have the same settings. I am including a snippet of the log files I captured from LogViewer, (the linksys log utility). Maybe this will help, because it is cryptic to me.
Note: DABASH is the computer name and 10.248.134.1 is the ip address of the router.
From Logviewer
1 � Nov 27 1:53:44 2004 10.248.134.1 Nov 27 06:53:40 2004 DABASH add_bidir_rule:80: RGFW-CONF: Failed to add rule (File exists)
2 � Nov 27 1:53:44 2004 10.248.134.1 Nov 27 06:53:40 2004 DABASH add_bidir_rule:80: RGFW-CONF: Failed to add rule (File exists)
3 � Nov 27 1:53:44 2004 10.248.134.1 Nov 27 06:53:40 2004 DABASH add_bidir_rule:80: RGFW-CONF: Failed to add rule (File exists)
4 � Nov 27 1:53:44 2004 10.248.134.1 Nov 27 06:53:41 2004 DABASH ipnat_add_rule:693: RGFW-CONF: Failed nat control (SIOCADNAT - File exists)
These are from wallwatcher log utility
2004/11/27 02:07:02.16 M Nov 27 07:06:58 2004 DABASH add_bidir_rule:80: RGFW-CONF: Failed to add r ule (File exists)
2004/11/27 02:07:02.16 M Nov 27 07:06:58 2004 DABASH add_bidir_rule:80: RGFW-CONF: Failed to add r ule (File exists)
2004/11/27 02:07:02.16 M Nov 27 07:06:58 2004 DABASH add_bidir_rule:80: RGFW-CONF: Failed to add r ule (File exists)
2004/11/27 02:07:02.21 M Nov 27 07:06:58 2004 DABASH ipf_check_interface:306: RGFW-CONF: Failed io ctl (SIOCADDDV -
No such device) on dev 'ips1'
2004/11/27 02:07:02.21 M Nov 27 07:06:58 2004 DABASH ipf_check_interface:306: RGFW-CONF: Failed io ctl (SIOCADDDV - No such device) on dev 'ips0'
2004/11/27 02:07:02.21 M Nov 27 07:06:58 2004 DABASH ipf_check_interface:306: RGFW-CONF: Failed io ctl (SIOCADDDV - No such device) on dev 'ips54'
2004/11/27 02:07:02.21 M Nov 27 07:06:58 2004 DABASH ipf_check_interface:306: RGFW-CONF: Failed io ctl (SIOCADDDV -
No such device) on dev 'ips53'
2004/11/27 02:07:02.21 M Nov 27 07:06:58 2004 DABASH ipf_check_interface:306: RGFW-CONF: Failed io ctl (SIOCADDDV - No such device) on dev 'ips52'
2004/11/27 02:07:02.21 M Nov 27 07:06:58 2004 DABASH ipf_check_interface:306: RGFW-CONF: Failed io ctl (SIOCADDDV - No such device) on dev 'ips51'
2004/11/27 02:07:02.21 M Nov 27 07:06:58 2004 DABASH ipf_check_interface:306: RGFW-CONF: Failed io ctl (SIOCADDDV - No such device) on dev 'ips50'
2004/11/27 02:07:02.22 M Nov 27 07:06:58 2004 DABASH ipf_check_interface:306: RGFW-CONF: Failed io ctl (SIOCADDDV -
No such device) on dev 'ppp0'
2004/11/27 02:07:02.22 M Nov 27 07:06:58 2004 DABASH ipf_check_interface:306: RGFW-CONF: Failed io ctl (SIOCADDDV - No such device) on dev 'ixp0.3'
Hopefully, someone knows what this means. |
|
DocLarge
Premium
join:2004-09-08 | Mills,
I went back to your very first post and saw something that's got me curious:
"One computer has the WRV54G connected to it."
What exactly did you mean by this? |
|
sgkmills
join:2004-11-09
Brooklyn, NY
| DocLarge,
I have been trying to fix this issue with Linksys Tech Support and basically have the same problem. Let me explain what I mean by "One computer has the WRV54G connected to it." I have one computer, call it COMPa, running windows XP w/SP1 and that computer has my internet connection via a cable modem from time warner. The cable modem goes into the WRV54G, and then COMPa's network connection goes into the LAN 1 port of the WRV54G.
Then I have another computer call it REMOTEa and that is NOT connected to the WRV54G. It is running Windows XP w/SP1 and the firewall is disabled. It connects to the internet via dial-up modem. On REMOTEa, I have QuickVPN client software and this is how I am trying to connect to COMPa. I first get connected to the internet via my dial-up connection and then run QuickVPN.
As usual, the QuickVPN software hangs at verifying network. Some key points that might help someone solve this:
- the WRV54G's router LAN address is 10.x.x.1 and this router address get added to my DNS Server's list via QuickVPN
- The QuickVPN connection stays red, it doesn't turn green depicting it is connected.
- While the QuickVPN is stuck at 'verifying network',
I can ping the WRV54G router from REMOTEa and get back responses. I can also ping COMPa from REMOTEa and get back responses
- I cannot see any of the resources on COMPa or connect to it.
From my understanding of what is going on with QuickVPN, I see that three files are updated in the QuickVPN program directory on REMOTEa. They are status.conf, vpnserver.conf, and wget_error.txt. I did some searches on the internet and see that wget is a free software package for retrieving files using HTTP, HTTPS and FTP. I think wget is used to download a IPSEC policy file to your computer and then Linksys is attaching that policy into your IP Security Profiles. The other two files give information on the status of your connection and if your authentication of your username/password from QuickVPN was successful or not.
Like I said, REMOTEa hangs on verifying network.
I really don't think I have to become an expert in IPSEC to use this product, but Linksys must!!!! Hopefully this helps someone solve this issue. |
|
DocLarge
Premium
join:2004-09-08
| Hi Mills,
longtime, no see from me (I know). I've just moved to London, England, and I'm still in a hotel trying to find housing...
If you're getting the hangup (Quickvpn verifying connection) that means it's examing your IPSEC policy. I read in your post (if I've got this right) that you're able to ping while it's going through verification? Correct me if I've go this wrong but the issue may just be the method you're using to connect. When I connect to my wrv54g, I do it via a broadband connection. At no time have I ever tried to connect via P.O.T.S. (plain old telephone system)or dial-up, as it's commonly known. If you haven't already done so, take RemoteA(hopefully it's a laptop) to an internet cafe (provided you have wireless) and try working it out that way, or to a friend's house and try connecting through an ISDN, DSL, or Cable Modem connection.
The problem "may" possibly be the method you've chosen to connect to your wrv4g (dial-up connection). Although this really shouldn't be a problem, it's something work considering... |
|
Lesterd
@optonline.net | reply to sgkmills
Did u get this working yet? |
|
sgkmills
join:2004-11-09
Brooklyn, NY
| reply to DocLarge
DocLarge,
I tried back in the early days of my diagnosis to try to connect via DSL and a cablemodem connection to no avail. I will try again and report my findings.
I had basically given up, and this is a shame! Since I cannot take it back to the store at this stage! I just figured if I wait, then maybe someone at Linksys will fix this because I am not the only one with this problem. Doing a google search on this topic, will proove that! |
|
DocLarge
Premium
join:2004-09-08
| Mills,
I'll finally be getting my network gear in about two days. Currently, my new connection to the internet is via the Linksys ADSL2MUE modem (otherwise known simply as "DSL Modem" back in the state).
The British aren't really up on speeds for cable modems over here, especially since they put download limits on everything. The best I found right now is Hi-Velocity with a 2272 download and 288 upload.
Anyway, keep an eye out for a post from me. I'm hoping I should have no problem getting my WRV54G working over here on their version of DSL... |
|
SteveHanley
join:2005-03-23
NW3 7PH
| How were you able to get the Linksys ADSL2MUE modem to work? I am a BT Broadband user and replaced my BT Voyager 100 modem with the Linksys (I needed an Ethernet connection, and BT Voyager is USB only). I have not been able to figure out how it works - apparently you can't "dial" the Linksys modem - your thoughts?
Thanks!
Steve |
|
DocLarge
Premium
join:2004-09-08 | Steve,
did I ever answer your question in another post? I apologize if it slipped through...
Doc |
|
spaniola
join:2002-12-18
Howell, MI | Doc, i am having the same problem, I know its the wget issue. any idea on how to fix verifying network? |
|
DocLarge
Premium
join:2004-09-08
| You guys have still got something off in your configuration. Simply put, if you (initially) have a disabled firewall, no other vpn client loaded, but still can't get in, the configuration is off somewhere in the chain. I'm running a vpn session right now with quickvpn, and to boot, I'm doing it via wireless (my entire home network is wireless).
Check out the attached file. If you follow "everything" on it, you'll be able to connect because this is "exactly" how my configuration is and (again) I'm using vpn right now.
Doc |
|
