1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Greenbow Setup Guide For WRV54G/RV0XX/BEFVP41/BEFSX41/WAG54G

Greenbow Setup Guide For WRV54G/RV0XX/BEFVP41/BEFSX41/WAG54G

  1. Toxic
    Ok we shall Jump straight into the setting up of Greenbow and your Linksys VPN Endpoint.

    Use version 2.50 (or latest version) of the greenbow client by the way. Also, third party vpn clients "will not" connect to a WRV54G if you are connecting from behind another WRV54G; you will have to make a "direct connection" (computer to modem) to connect. Linksys devices that do not have this NAT-T problem when "hosting" VPN tunnels are the WAG54G ADSL Gateway (sold over here in England and Europe) which supports 5 IPSEC tunnels, the BEFVP41, which supports 50 IPSEC tunnels, and the BEFSX41, which supports 2 IPSEC tunnels. If you want to make a secure vpn connection to a WRV54G, you'll need to use the Linksys Quickvpn client, or configure a WRV54G to WRV54G dedicated tunnel.

    Below is a "step-by-step" baseline example to get started.

    Phase I (Greenbow VPN Client):
    1) Tunnel: The name you use should be the same on the router you're connecting to
    2) Interface: leave it as an asterik.
    3) Remote gateway: This is the WAN address (ISP provided ip address) of the router you're trying to connect to obviously.
    4) Pre-shared key: Use a hexadecimal string beginning with 0x (i.e. 0x123456789 with most other routers); if you are connecting to a WRV54G, upper or lowercase words seem to work better (meagainstwhomever).
    5) Certificate: N/A
    6) Encryption: Use 3DES
    7) Authentication: SHA (the equivalent on the WRV54G is SHA1)
    8) Key Group: Set this to DH1024
    9) Save and apply settings.

    Phase II (Greenbow VPN Client):
    1) Tunnel Name: Same as Phase I
    2) Vpn client address:This is "your" WAN ip address (provided to you by your ISP) if you are connecting directly to a modem; use the local LAN IP if you are behind a router that supports NAT-T (again, the WRV54G, right now, does not support this feature; use quickvpn instead).
    3) Address Type: Use "Subnet" address. Input the Remote LAN's local IP settings
    (i.e.) Local IP:
    4) Encryption: 3DES
    5) Authentication: SHA
    6) Mode: Tunnel
    7) PFS: Ensure this box is checked
    8) Group: The group should be dh1024
    9) Save and apply settings

    Additionally, make sure you set the "maximal lifetime settings" for encryption and authentication to "3600." You can do this by clicking on the "parameters" link. Additionally, make sure you"always" remember to make sure the encryption and authentication times are the same.


    IPSEC: Enabled
    PPTP: Enabled
    L2TP: Disabled

    Tunnel Name: Same as Greenbow
    VPN Tunnel: Enabled
    VPN Gateway: Disabled

    Local Secure Group: Your local router settings. Either host or subnet work (I prefer subnet)

    Remote Secure Group: This is the router/client at the distant end. Either input the local LAN settings of the “remote†router/client by choosing the “Subnet†option or use “Any†to make your initial connection; I’d recommend using “Any†first (handles all incoming connections). Try using “Subnet†to specify connections (Local LAN IP and Subnet) after you get the hang of it. “Any†isn’t too secure but allows you to see the connection for the first time without breaking a sweat. Once you understand the configuration better, vary your configuration.

    Remote Secure Gateway: This is the WAN IP “or†the FQDN of the router/client that is going to be connecting to your router. My personal success comes from using “Any†and “FQDN.†Use FQDN if you have registered a dynamic dns name (you can do this at wwwdyndns.org).

    Encryption and Authentication is 3DES and SHA1.

    Key Management: Auto(IKE) [Enabled]
    PFS: Enabled
    Pre Shared Key: Same as Greenbow
    Key Lifetime: Same as Greenbow

    Click “Advanced VPN Tunnel Setup:

    Phase I:

    Mode: Main
    Encryption: 3DES
    Authentication: SHA1
    Group: Same as Greenbow
    Key Lifetime: Same as Greenbow

    Phase II:

    Encryption: 3DES
    Authentication: SHA1
    PFS: Enabled
    Group: Same as Greenbow
    Key Lifetime: Same as Greenbow

    Under “Other Options,†check the “Netbios†option and leave all others blank, unless required.


    Once you’ve made the connection and you want to connect to a shared resource that you have rights to from a remote location, open up windows explorer on the "client" computer that's initiating the vpn connection and click on "tools," then “map a network drive.†After clicking on that, choose a driver letter and type the ip address of a computer you have rights to on that network. You would enter the following information as so: \\\sharename

    Where you see sharename is where you will substitute the name of a folder you have share permissions to access (i.e., \\\vpn).

    Before you click finish, click on “connect as different user†because in order to connect, that local machine needs to have a "username and password" created on it so it recognizes who you are. If you are part of a domain, make sure that your "domain user account" has been added to one of the built-in accounts (i.e., power users, administrators, authenticated users, etc...) on each computer you want to access remotely; if you are in a workgroup, make sure you have an recognized user account on "each" computer you want to access.

    After you click "connect as different user," you’ll be asked to type in a username and password that has access rights on that domain or particular workstation (if you are using workgroups). After you enter the information, click ok, then click finish, and try connecting. When the box pops up asking for your credentials, enter the same information that you entered under "connect as different user. If the information you enter matches, the shared resource should pop up, provided the account you entered has the permissions set properly. If so, you’re all good now!

    VERY IMPORTANT: Make sure all of your greenbow settings match your router settings and that the remote ip settings are different from your own!

    Just in case anyone new to this forum doesn't understand the difference between IPSEC server settings and Linksys Quickvpn, the settings listed above for greenbow connectivity are "specifically" intended for use with the built-in IPSEC server that comes with theWRV54G/RV0XX/BEFVP41 (50 available tunnels) and BEFSX41 (2 tunnels) routers. The difference is that with the WRV54G/RV0XX routers, the quickvpn client sets all of this up when it loads on the client computer. Additionally, quickvpn uses MD5 for authentication whereas greenbow gives you the option for SHA and MD5.

    Here are some brief examples to connect greenbow to your router:

    Config #1

    Local Secure Group: Subnet
    Remote Secure Group: Any
    Remote Secure Gateway: Any

    Config #2

    Local Secure Group: Host
    Remote Secure Group: Host
    Remote Secure Gateway: FQDN

    I'm not sure how successful you might be with dialup; these settings have been verified successfully over broadband, but try anyway and see what happens...


    Edit (29 May 2006):

    Here's a third config that I'm using right now to connect:

    Config #3

    Local Secure Group: Subnet

    Remote Secure Group: IP Address (Your Computer's Local IP)

    Remote Secure Gateway: IP Address (Your WAN Address)