1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help setting up BEFSX41 VPN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by esandusky, Aug 31, 2006.

  1. esandusky

    esandusky LI Guru Member

    I'm not new to using Linksys products, but I am new to setting up a VPN. I need step by step help on how to setup a reliable VPN connection between home and office. Here are the details..

    Home
    DSL
    Dynamic IP, dyndns assigned FQDN
    Linksys WRTP54G (Vonage phone adapter+wireless)

    Office
    DSL
    Dynamic IP, dyndns assigned FQDN
    Linksys BEFSX41

    Can I use a Windows VPN setup from Home to connect to the Office VPN? If so, I cannot find solid step-by-step instructions on how to configure Windows XP. Or other software, if recommended. I have Cisco VPN 4.0.2, will this work?

    Is it easier to install another BEFSX41 at Home to make the VPN connection?

    Would the RV042 be a better option for the Office? Will that allow me to use client software from Home?

    Thanks in advance, I really need to get this setup and working soon. Any suggestions are appreciated.
     
  2. d__l

    d__l Network Guru Member

    Skip the Windows VPN client. It is a lot of work to set up.

    Try SSH Sentinel instead. Complete instructions are provided by Flogator of DSLReports.com here: http://pages.infinit.net/flogator/VPN_Instruction2.pdf His instructions will work well with Sentinel as I've set up several VPNs using them. Pick up Sentinel 1.3.2.2 here: http://ftp.up.ac.za/pub/linux/ssh/pub/sentinel/

    You should also be using a stable firmware for the SX41. 1.45.7 is considered the best for DSL even though it is an old unreleased beta version. It is here: http://pages.infinit.net/flogator/

    Remember to long reset (30 secs on the reset button) to factory defaults before AND after flashing. Use IE with the built in flash page in the router GUI. If you use a mozilla-based browser, use the TFTP program for the SX41 to flash with instead.

    If you find the Sentinel Client too cumbersome, then you might consider purchasing another SX41 for home use to maintain the VPN tunnel continuously. An SX41-SX41 VPN tunnel should be more than adequate for your home to office VPN needs. Only consider an RV042 if you need/can use other features that it offers such as dual WANs and more advanced router funtionality.
     
  3. esandusky

    esandusky LI Guru Member

    Thanks for the reply. I will try SSH Sentinel, and looks like the links you provided will be very helpful. The Sentinel setup looks much better than the Windows setup (I had tried Tom's Networking 11 page setup and it caused me problems while on my office network. Windows wouldn't send my name/pw as authentication to a database server).
     
  4. esandusky

    esandusky LI Guru Member

    If you don't mind... please explain this..

    Remember to long reset (30 secs on the reset button) to factory defaults before AND after flashing

    I had updated the SX41's firmware, because previous to that, I couldn't surf to certain web pages with the firewall turned on. (Google worked, yahoo didn't).

    So are you saying restore factory defaults. Then apply 1.45.7. And how/when do I hold the reset button for 30 seconds?
     
  5. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    Agree..the 1.45.7 firmware...I have a couple of hundred sx41 units in service..love them with that firmware.

    When backing up versions of firwmware...it will never migrate settings. It is best to "clear the baffles" by doing a hard reset first..then backflash it.

    Upgrading firmware to newer versions is fine...it will migrate settings.

    The reset button push..it's something like 15 seconds or so...watch the lights...you won't miss it when it takes.
     
  6. d__l

    d__l Network Guru Member

    Yes, restoring to factory defaults before a flash seems to lessen the chance of a bad flash and a bricked router by clearing your unique settings. So you hold the rest button in for 30 secs with the power on. 30 secs is actually excessive for a reset, but some of these units seem to need longer than the normal 15 secs. As Stonecat mentioned, watch the front panel lights to see that the reset has started.

    Then flash the router and reset it again. There seem to be certain register settings that will survive the flash and if you are going to an older firmware version, they will interfere with the proper operation of the new firmware. This has been well proven that a firmware version that has quirky problems after a flash with work just fine as soon as the post-flash reset has been applied.
     
  7. esandusky

    esandusky LI Guru Member

    Thanks everyone. I will be trying these settings over the weekend. :)
     
  8. esandusky

    esandusky LI Guru Member

    Ok so I've hit another roadblock.

    I got the 1.45.7 firmware installed on the office router, and the VPN endpoint setup per the instructions.

    I installed the SSH Sentinel software, and rebooted my Home PC. Once I logged in to Windows (XP Home), I noticed my wireless network had limited access due to my router is no longer giving my laptop a local IP address (192.168.15.x). I verified before installing, that my Home router (WRTP54G) had IPSec passthru enabled. But this appears to be an operating system problem.

    In order to connect to the internet again, I had to uninstall Sentinel and reboot. Things are back to normal, but I can't setup the VPN client until I'm able to install Sentinel and connect to my Home router.

    What would SSH change in my registry/kernel that would not allow me to connect to my local network?
     
  9. d__l

    d__l Network Guru Member

    Nothing that I'm aware of would conflict with a wired connection. Sentinel has some components that will load and be running all the time unless you manipulate them to not autoload on reboot with a program like Autoruns. It also has a GUI control program that will always run in your system tray.

    You can get Autoruns here: http://www.sysinternals.com/Utilities/Autoruns.html from Sysinternals. There are four separate items that must be unchecked to disable Sentinel when you don't want it to run. Autoruns is a replacement for MSConfig.

    Maybe you should try your initial Sentinel configuration with a wired connection before you jump to wireless. There may be something about your wireless driver that conflicts.
     
  10. esandusky

    esandusky LI Guru Member

    Yeah I will try it again with a wired connection....
     
  11. esandusky

    esandusky LI Guru Member

    Worked great after setting up Sentinel and a wired connection. Thank you so much for your help.

    Next step is to figure out why the wireless connection doesn't jive with Sentinel.. its an Intel Pro/Wireless 2200BG. Or figure out how to disable Sentinel when I want to use my wireless (which is 99% of the time).
     
  12. esandusky

    esandusky LI Guru Member

    I tried removing the Startup of Accession and Agent on boot, and my wireless still cannot get an IP address from my router. So whatever Sentinel changes in the registry or kernel during installation is conflicting with my wireless adapter. I can't simply stop running Sentinel to use my wireless, I have to uninstall.

    Where can I find out what Sentinel changes in my OS?

    Looking for other options that don't screw up my wireless connection..

    BEFSX41 <-> BEFSX41?
    BEFSX41 <-> non-Sentinel product that doesn't change the kernel/registry
     
  13. d__l

    d__l Network Guru Member

    It is a lot easier to disable the Sentinel components with Autoruns and a reboot than it would be to uninstall/re-install it each time.

    You might try enabling the components of Sentinel one at a time, rebooting, and then seeing if your wireless is broken. Also Process Explorer: http://www.sysinternals.com/Utilities/ProcessExplorer.html from Sysinternals might help you debug the conflict. It is basically a freeware replacement for TaskMgr. The guys from Sysinternals and their freeware programs were so good that Microsoft bought them out.

    The SX41 <-> SX41 is a good option. The tunnels are stable and would always be up as long as the broadband was up. The other advantage to having two end point routers making the tunnels is that you can use other network devices, i.e. NAS, printers, etc. on either end from either end.
     
  14. esandusky

    esandusky LI Guru Member

    Well I removed the SSHAgent.exe, sshtray.exe, and sshmonitor.exe one at a time and the wireless was never able to connect. Not sure what other processes it would be running, but I still think this problem points to changing something in the OS.

    The thing is, I'm trying to make this easy enough for my wife to be able to access her work-computer from home. If this involves searching for processes etc, that doesn't really make this easy.
     
  15. d__l

    d__l Network Guru Member

    I think you probably want an end point to end point tunnel. It simplifies things. Moving the VPN onto the router from the individual computer is about equivalent to moving the PPPoE client from the computer to the router. It reduces the load on the computer.
     
  16. esandusky

    esandusky LI Guru Member

    Yes I think that is my best option at this point.... thanks again for your help.
     

Share This Page