1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is RVO42 to WRV54g site to site possible?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Jeffc575, Aug 23, 2006.

  1. Jeffc575

    Jeffc575 LI Guru Member

    I have an RVO42 at my permanent location and have been trying to establish a tunnel with QuickVPN from my remote location, but the connection drops after 5-6 minutes and it is useless. I am considering buying a WRV54g for my remote location and create a gateway to gateway VPN tunnel. Any thoughts? Are these two routers compatible and will they config to make the connection with each other? Thanks.
     
  2. TazUk

    TazUk Network Guru Member

    There shouldn't be a problem connecting both together just make sure your using the latest firmware.
     
  3. digit2006

    digit2006 LI Guru Member

    I am trying to also set up a gateway to gateway vpn connection from a WRV54G to a RV042. The problem I am having is that I need to forward port 443 on the RV042 side to another machine on my network. The current stable release for the RV042 will not allow a VPN connection from OpenVpn using 60443 unless you flash to the bata version. I tried to flash to .9 beta version and it brought down my entire work network (broke DHCP, WINS config) I had to flash back to the stable .4 version until the beta is improved. Does anyone have a tutorial or any ideas on what can be done with ports to allow a VPN connection on any port but 443?

    Thanks,

    Digit
     
  4. TazUk

    TazUk Network Guru Member

    I'm a bit confused as to what your trying to achieve :confused: You start off talking about a site to site VPN using the RV and a WRV54G but then go on to explain issues with a client to site VPN.
     
  5. Toxic

    Toxic Administrator Staff Member

    bit confused as to the total crash from the beta firmware. thats the first one i have heard about.
     
  6. digit2006

    digit2006 LI Guru Member

    Maybe I am confused about QuickVpn... If I do a site to site vpn connection with my WRV54G and RV042 then I don't have to use the Quickvpn client to connect my laptop to the RV042 so I can access the network at work?

    If I don't have to use Quickvpn to connect the laptop to my other network using the site to site tunnel I still need to upgrade the RV042 to the latest beta .9 or .10 to enable port 60443?

    What firmware version do I need for the WRV54G for the site to site vpn connection to use port 60443?

    I currently have .4 firmware on the RV042 and 2.39.2 firmware on the WRV54G. Thanks for the help on this I am very new to VPN's

    Digit
     
  7. Toxic

    Toxic Administrator Staff Member

    Why are you mentioning OpenVPN? OpenVPN is a full-featured SSL client.

    the RV0xx and WRVxxx series dont support SSL.

    Linksys's own VPN Client is supported (QuickVPN)
     
  8. TazUk

    TazUk Network Guru Member

    Correct you don't have to use QuickVPN because the routers are making the VPN connection.

    The port 60443 issue is only if your using QuickVPN which you wont be.

    Not relevant, see answer to previous question :wink1:

    Version 2.39.2 on the WRV54G is fine :)
     
  9. digit2006

    digit2006 LI Guru Member

    Thank you TazUK for the information... :biggrin:

    With that said, has anyone successfully created a site to site VPN connection with a WRV54G and a RV042? I have tried many times with no avail...

    Digit
     
  10. Toxic

    Toxic Administrator Staff Member

    digit2006 what does your VPN.LOG (in RV042) say when you have tried connecting to the WRV54G?

    it must be reporting something.
     
  11. DocLarge

    DocLarge Super Moderator Staff Member Member

    Actually, yes.

    I've got a WRV54G that I've used to create a "site-to-site" tunnel between it and Toxic's RV042. By the way, if your tunnel is dropping consitently at 5-6 minutes when using quickvpn, the culprit is usually your mtu setting. I would suggest setting the mtu on your router(s) to 1450. This setting is high enough to keep your network from dragging but low enough to keep your packets from fragmenting.

    Here's a tutorial I put together demonstrating how to configure a vpn tunnel between a WRV54G and an SMC SMCBR18VPN router:

    http://www.dslreports.com/forum/remark,15615747

    Configuring an RV042 is similar to the WRV54G (a few more settings but basically the same).

    Jay
     
  12. Toxic

    Toxic Administrator Staff Member

    I have now added this video to the website downloads. hope it helps.
     
  13. digit2006

    digit2006 LI Guru Member

    This is what I get from the VPN.log of the RV042 when I try to connect to the WRV54G:

    Sep 2 12:18:27 2006 VPN Log Initiating Main Mode
    Sep 2 12:18:27 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
    Sep 2 12:18:27 2006 VPN Log Informational Exchange is for an unknown (expired?) SA
    Sep 2 12:18:27 2006 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
    Sep 2 12:18:27 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
    Sep 2 12:18:27 2006 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
    Sep 2 12:18:27 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
    Sep 2 12:18:27 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
    Sep 2 12:18:27 2006 VPN Log Main mode peer ID is ID_IPV4_ADDR: '0.0.0.0'
    Sep 2 12:18:27 2006 VPN Log [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
    Sep 2 12:18:27 2006 VPN Log [Tunnel Negotiation Info] Initiator Cookies = 51c4 566d 7dbe 18bf
    Sep 2 12:18:27 2006 VPN Log [Tunnel Negotiation Info] Responder Cookies = a59b e85 5b32 5539
    Sep 2 12:18:27 2006 VPN Log initiating Quick Mode PSK+TUNNEL+PFS
    Sep 2 12:18:27 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
    Sep 2 12:18:35 2006 VPN Log Quick Mode message is for a non-existent (expired?) ISAKMP SA

    Thanks for your help on this...

    Digit
     
  14. Toxic

    Toxic Administrator Staff Member

    can you confirm that all Key management details are exactly the same and so are Advanced settings in rv/wrv?

    i have also PM'd you.
     
  15. digit2006

    digit2006 LI Guru Member

    I have successfully connected the WRV54G to the RV042 (site to site) but I can't ping any machines on the RV042 side. Both routers give a status of connected. Should I have the NetBIOS option selected in the advanced settings?

    Also, I can login using PPTP from home and ping all machines on the RV042 network. Would that eliminate the possibility that the firewall on each machine is blocking traffic?

    Thanks,

    Digit
     
  16. Toxic

    Toxic Administrator Staff Member

    can you ping the rv042 LAN IP from the WRV54G PCs?

    netbios would only enable "hostnames" or "computer names" and IP addresses are still needed. if you cannot ping them then netbios wouldn't work either.
     
  17. digit2006

    digit2006 LI Guru Member

    At this point I can't ping from either side. I keep getting the following in the vpn.log of the RV042:

    Code:
    Sep 2 15:00:06 2006	     VPN Log	    Initiating Main Mode
    Sep 2 15:00:06 2006	    VPN Log	   [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
    Sep 2 15:00:06 2006	    VPN Log	   [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
    Sep 2 15:00:06 2006	    VPN Log	   [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
    Sep 2 15:00:06 2006	    VPN Log	   [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
    Sep 2 15:00:06 2006	    VPN Log	   [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
    Sep 2 15:00:07 2006	    VPN Log	   [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
    Sep 2 15:00:07 2006	    VPN Log	   Main mode peer ID is ID_IPV4_ADDR: '0.0.0.0'
    Sep 2 15:00:07 2006	    VPN Log	   [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
    Sep 2 15:00:07 2006	    VPN Log	   [Tunnel Negotiation Info] Initiator Cookies = 8032 64d1 77ca 2d2a
    Sep 2 15:00:07 2006	    VPN Log	   [Tunnel Negotiation Info] Responder Cookies = 7197 9acf d0b8 989
    Sep 2 15:00:07 2006	    VPN Log	   initiating Quick Mode PSK+TUNNEL+PFS
    Sep 2 15:00:07 2006	    VPN Log	   [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
    Sep 2 15:00:07 2006	    VPN Log	   [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet
    Sep 2 15:00:07 2006	    VPN Log	   [Tunnel Negotiation Info] Inbound SPI value = fa2605b5
    Sep 2 15:00:08 2006	    VPN Log	   [Tunnel Negotiation Info] Outbound SPI value = 440e41a5
    Sep 2 15:00:08 2006	    VPN Log	   [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
    Sep 2 15:00:08 2006	    VPN Log	   [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
    Sep 2 15:00:08 2006	    VPN Log	   ignoring Delete SA payload: IPSEC SA not found (maybe expired)
    Everything appears to be ok with the exception of the last line...

    Code:
    Sep 2 15:00:08 2006	    VPN Log	   ignoring Delete SA payload: IPSEC SA not found (maybe expired)
    Digit
     
  18. digit2006

    digit2006 LI Guru Member

    I found a strange entry in the WRV54G log file that may be killing the IPsec tunnel:

    Code:
    Sat Sep  2 15:35:20 2006
    firewall_config_standard_openrg:1409: WRV54GFW-CONF: Failed
    Sat Sep  2 15:35:20 2006
    fw_icmp_policy:390: WRV54GFW-CONF: Failed
    Sat Sep  2 15:35:20 2006
    add_bidir_rule:80: WRV54GFW-CONF: Failed to add rule (File exists)
    Sat Sep  2 15:35:18 2006
    firewall_config_standard_openrg:1409: WRV54GFW-CONF: Failed
    Sat Sep  2 15:35:18 2006
    fw_icmp_policy:390: WRV54GFW-CONF: Failed
    Sat Sep  2 15:35:18 2006
    add_bidir_rule:80: WRV54GFW-CONF: Failed to add rule (File exists)
    Anyone have any ideas? :thumbup:

    Digit
     
  19. digit2006

    digit2006 LI Guru Member

    OK now I can view shares on the RV042 side but only for a few seconds.... :confused:

    I found out that you can't have a PPTP connection simultainously with an IPsec connection. Once I disconnected the PPTP connection and reconnected the site to site connection from the WRV54G I can now ping machines on the RV042 side :cool:

    Now I have a problem with the connection dieing almost immediately after I go into the widows share.

    ERROR: "The Specific Network Name is no longer available"

    I suspect it's now an MTU size issue. I have fiber internet running to my house and a fiber connection running to the office. My ISP tells me they need the MTU to be set at 1454. I tried to set it to 1450 and lost internet connectivity completely from home. I will try to go higher to see if that resolves the issue. Any ideas let me know.

    Digit
     
  20. DocLarge

    DocLarge Super Moderator Staff Member Member

    To determine proper mtu size, use this formula:

    PING -F -I <MTUsize> <gateway>

    As an example:

    ping -F -I 1450 87.34.45.66 (These are made up values, by the way)

    If you get a return station "fragmented packets," your mtu is too high.

    Max mtu for ethernet is 192, max for xdsl is 1458.

    Jay
     

Share This Page