Network Gurus, need help making VPN work

[red-beard]

I run my office out of the House and I have multiple network drives that I'd like to access while one the road.

I have a Linksys/Cisco small business Router (RV042) that includes VPN. It also includes a small program (Quick VPN)for making VPN connections to the Router. This program never seems to be able to work correctly.

I have been toying with the idea of getting a second router for travel, or getting help to make QVPN work.

Anyone with experience with these? Anyone have any suggestions for making this work, or some other solution?

[slodave]

Assuming XP, have you tried this:

Configure a VPN Connection Using Windows XP

[masraum]

I don't have any exp with the router that you're talking about.

If you had a Cisco ASA 5505 (small business style firewall) or a Cisco router that runs IOS, then I could help.

Do you have a static IP at home, or do you use dynamic DNS?

[stomachmonkey]

What does not work? Does it simply never connect? Timeout? Give authentication errors? "Hang up" after some period of connectivity?

Do you know if you are connecting PPTP or IPVSEC?

There are 3rd party VPN clients that should work with it.

[masraum]

Quote:

Originally Posted by stomachmonkey

What does not work? Does it simply never connect? Timeout? Give authentication errors? "Hang up" after some period of connectivity?

Do you know if you are connecting PPTP or IPVSEC?

There are 3rd party VPN clients that should work with it.

This seems a little different than your standard Cisco IPSec VPN.

Here's a good link on how to set it up. I guess they are designed so all you have to do is add a userID and the rest is auto.

Setting-up Linksys QuickVPN with the Linksys VPN router_RV042* [Cisco Small Business Routers] - Cisco Systems

Here's a link on troubleshooting it.

Unable to connect to the RV042 using Quick VPN software* [Cisco Small Business Routers] - Cisco Systems

It seems like the router will automatically change it's "inside" subnet to some random 10.x.x.x/24 subnet. The theory being that if you're out at a hotel or hotspot somewhere, you are probably going to be on the standard 192.168.1.x subnet that is often default.

With a normal IPSec VPN, you've got TCP, UDP and NAT traversal options that give you several options for vpn to get out of various networks with various security. I'm not sure if the quickVPN is an SSL type or an IPSec type vpn. Either way, I'm not sure if it's got multiple ports that it'll try.

You should make sure that your home network is NOT 192.168.1.x.

I'll help if I can.

[masraum]

Based on this quote out of the troubleshooting link that I posted above, it sounds like this is NOT a regular IPSec VPN, but is actually one of the newer SSL style vpns.

Quote:

Determine the network connection that is used by the computer. If the client computer is behind a router, make sure that ports 443 and 60443 are not blocked because it is the port used by the device.

I would think that should work from just about anywhere. The only problem that I could imagine you running into is if you have a dynamic IP and the name resolution doesn't get updated often enough. Most networks should allow SSL connections out, I would think.

[red-beard]

Quote:

Originally Posted by stomachmonkey

What does not work? Does it simply never connect? Timeout? Give authentication errors? "Hang up" after some period of connectivity?

Do you know if you are connecting PPTP or IPVSEC?

There are 3rd party VPN clients that should work with it.

From the Router side, all seems well. On the client side it times out at "verifying network".

[stomachmonkey]

Quote:

Originally Posted by red-beard

From the Router side, all seems well. On the client side it times out at "verifying network".

Is it the only router on the network?

Do you have a broadband modem between it and the net?

Do you know what port the client is trying to connect and verified that it's not blocked by firewall/modem/ISP?

[red-beard]

Dynamic Address. I'm using a service which redirects the address on a daily basis (DynDNS).

I'm using Comcast with a Motorola Cable modem. I also have a DSL line (AT&T), which is my backup connection, and the one I use to test the VPN. I can use the DynDNS address and type in the direct IP for the router and get the same issue. Again, using a PC on the Router side, I can see the connection is there, but it times out at "verifying network".

[stomachmonkey]

Your Motorola modem is going to provide some routing.

Doubt dynamic DNS is the issue. They are not going to continually change your external IP address. Typically you'll pick up a new address if the broadband, Motorola, modem/router is power cycled and then they sometimes need to be off for a minute or so. For sure the external address will stay current for at least 24 hours.

I would start at the Motorola. Log into it's management pages and set a tunnel to the CISCO. Some broadband routers can be accessed via WIFI some limit access to devices physically connected to it via ethernet.

Most config pages can be accessed from inside the netwrok via a browser at 192.168.0.1, 192.168.1.1. It's typically the lowest number in your network range.

Google your specific model. They usually have a user/pass set up that a lot of techs don't bother changing the default values.

[stomachmonkey]

BTW, if the Motorola is new enough it may have a place for you to enter DYNDNS account info and it will handle the IP update for you vs running a DYNDNS client on a PC.

[red-beard]

Quote:

Originally Posted by stomachmonkey

BTW, if the Motorola is new enough it may have a place for you to enter DYNDNS account info and it will handle the IP update for you vs running a DYNDNS client on a PC.

The RV042 does this for me and DynDNS is built in.

Let me check the Motorola. I've never logged in to it, ever. I was not aware it did any routing.

[red-beard]

Stupid program!!!

Now it is working...Well, it is working on my Windows XP netbook. I think they might have updated the client.

Posting this from Netbook under VPN.

Netbook connected to AT&T DSL router, and VPN through to Comcast Modem and RV042 router.

I have accessed the network drives. Quickbooks is slow and then bombed out. Probably timed out.

[red-beard]

Yep, they've updated the Quick VPN software and fixed the issue. Now on Windows 7 Pro laptop, also connected to VPN.

[red-beard]

(sigh)

Today it works
yesterday it did not work
windows is like that

[mikester]

Yep...Sorry I came on late James. VPN is a specialty of mine but I haven't done these consumer grade types much.

Like Steve mentioned though, if you had an ASA5505 I could hook you up with the mother of all VPN awesomeness.

[red-beard]

Quote:

Originally Posted by mikester

Yep...Sorry I came on late James. VPN is a specialty of mine but I haven't done these consumer grade types much.

Like Steve mentioned though, if you had an ASA5505 I could hook you up with the mother of all VPN awesomeness.

What does one of those bad boys cost?

The RV042 is supposed to be "small business" class. I picked it specifically because it can auto transfer from one internet connection to another, or it can bond and load share 2 internet connections to improve throughput. My Comcast connection is 20+ Mbps, while my DSL line is maybe 5 Mbps.

At the moment, VPN is useful when we're out of the office. I'm on business trips about 4-5 times a year now, but this is changing. It may become more important as I spend more time out of the office.

[id10t]

Being able to use a VPN to do surfing from a trusted connection while on an open wireless network is nice too...

[red-beard]

True. My main focus is access to the network drives and the Quickbooks server.

[masraum]

They are quite a bit more than the Linksys/Cisco that you bought, but still not terribly expensive. They've got them on Amazon for just under $400.