1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

QuickVPNplus

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by mca007, May 10, 2007.

  1. mca007

    mca007 LI Guru Member

    QuickVPNplus is a command line based QuickVPN replacement that works with Windows Vista/XP/2000 and addresses several known problems with Linksys QuickVPN tool.

    Among other features it allows you to select the local lan interface to use and gives you meaningful error messages when they occur.


    Read the readme.txt file for more information.

    Note: version 1.0.6 was compressed with rar then zipped in order to keep the file size within upload limits.

    Change history:
    1.0.6 - added support to handle bug on WRV54G
    added Windows IPsec policy query option
    added change password option
    added SSL certificate check option
    added password/userid encoding
    1.0.4 - added configuration file support (optional)
    1.0.3 - added check for ipsecpol/ipseccmd existence.
    fixed a netmask conversion error from CIDR network address notation to old style
    1.0.2 - first release to the public.

    QuickVPNplus_1.0.4.zip
    QuickVPNplus_1.0.6.zip

    There is however known issues with Vista and XP, you may wish to also try these fixes:

    Vista: http://support.microsoft.com/kb/926179

    XP/2000: http://support.microsoft.com/kb/885407
     
  2. darrenwu

    darrenwu LI Guru Member

    I test it on windows 2003, alway shows my password is wrong. I use Linksys QuickVPN with same pasword, no problem at all.
     
  3. mca007

    mca007 LI Guru Member

    Could you run QuickVPNplus with verbosity turnned on (-v switch) and compare the URL QuickVPNplus is using to access your router and the one Linksys QuickVPN is creating and let me know if there are any differences.
    You can see the Linksys URL in "wget_error.txt" that gets created on the install directory of QuickVPN.

    Note that Linksys QuickVPN will print "https://youruserid:*password*@..." and I will print the real password you have entered.

    I've not tested QuickVPNplus with Windows 2003 but it should work.

    Also, are you using punctuation characters or "spaces" in the password?
     
  4. aviegas

    aviegas Network Guru Member

    Besides being Windows Vista capable, it fixes a problem with QuickVPN that was inherited from Marcus Müller's IPSEC.EXE tool: correctly handling the local interface.

    The issue is NOT selecting the interface, but rather determining the local IP address that will be used in connecting to the VPN server. QuickVPN leaves this problem to IPSEC.EXE that is not very good with that.

    QuickVPNPlus on the other hand uses a method based on the routing table to define the actual local IP address, if the client machine has multiples adapters or multiples IP addresses on any adapter. It will determine the correct IP for the connection on all cases. Besides that, one can always select the IP manually.

    This will handle several cases where QuickVPN use to fail miserably. Also, it's nice to receive real error messages.....
     
  5. jeffspicolie

    jeffspicolie LI Guru Member

    Beauty!
    But we can't get it to work... :(
    On a windows vista and xp machines, connecting to RV082, In the Web Management console for the RV082, we will see the connection be established and the user with a status of "online" but when the program completes and pings the router, "Request timed out" for all 4 attempts.

    Any idea on where we can start to trouble shot this?

    How about the source code?
     
  6. Toxic

    Toxic Administrator Staff Member

    you can download QVPN source code from the Linksys GPL link
     
  7. aviegas

    aviegas Network Guru Member

    I think he is reffering to the QuickVPNPlus source code, not the Linksys one.

    QuickVPN+ works fine for me on a RV042 and for mca007 on a RV082. We have tested under Vista/XP/2000.

    As for the reported problem, try the "-v" option and check for any errors.

    Do you get any "Negotiating IP Security" messages?

    If not, I think I know the problem. What is your Windows version? If it is 2000/2003/XP you need the appropriate program from Microsoft to enable access to the IPSec policies:

    1 - Windows 2000
    You must have installed Microsoft "ipsecpol.exe" tool.
    The tool is included in the Windows 2000 Resource Kit.
    It can be downloaded from:
    http://download.microsoft.com/downl...psecpol/1.00.0.0/nt5/en-us/ipsecpol_setup.exe

    2 - Windows XP/2003
    You must have installed Microsoft "ipseccmd.exe" tool.
    The tool is included in the Windows XP install CD.
    It resides in "\support\tools"
    Run "\support\tools\setup" and select complete install.
    Note that there are many flavors of Windows XP and some of them may not have ipsec support. You need to be running a Windows XP version that has ipsec support.


    The original QuickVPN from Linksys also requires these programs, but Linksys did included them in the QuickVPN package. Since they are not *redistributables* we do not want to get into trouble with MS, so QuickVPNPlus does not include them (it's a single executable, while the original QuickPVN uses several programs from several sources).


    I know that this version of QuickVPNPlus is *not* checking for the existence of these tools. It will in the next version.


    If you are running Windows Vista, please let us know the "flavor". We suspect it does not run correctly on the "Home" versions.....
     
  8. jeffspicolie

    jeffspicolie LI Guru Member

    Quick response, more to come.

    Vista Ultimate.
    ERR IPSEC [06051]
    "Specified MainMoe Policy does not exist"

    Also had problems on XP which has QuickVPN installed. Will dig more into that
     
  9. aviegas

    aviegas Network Guru Member

    Please post the results with "-v". Do not forget to replace the passwords with *****
     
  10. jeffspicolie

    jeffspicolie LI Guru Member

    Here is a rundown of what happens on the XP Pro machine, this machine can actually use QuickVPN anyway with a silly a$$ batch file work around that I run before connecting with QuickVPN... Maybe related to why QuickVPNPlus isn't jiving;
    #############################################
    REM START OF VPNTMP.BAT
    @echo offattrib -r vpnserver.conf
    attrib -r vpnserver.conf
    wget.exe -O vpnserver.conf https://username:password@71.xxx.xxx.xxx/StartConnection.htm?version=1?IP=192.168.1.3?USER=username
    attrib +r vpnserver.conf
    echo.
    echo Now log on using the QuickVPN client
    REM END OF VPNTMP.BAT
    #############################################

    Not sure if my issue is related to the issue that causes me to use the above patch file.
    But with the QuickVPNPlus this is what I get... The basic goal here for me is to validate that I can get QuickVPNPus to work on the XP machine then move onto the

    C:\Program Files\Support Tools>quickvpnplus -u username -p password -r 71.xxx.xxx.xxx -v -c
    OSver: 5.1
    [T] Figuring out local interface.
    [T] ipADD 192.168.1.3
    [T] defGW 192.168.1.1
    [T] BINGO
    [T] If type: 6
    Local ip address: 192.168.1.3
    Requesting configuration data from 71.xxx.xxx.xxx ...
    [T] Uri: https://username:password@71.xxx.xxx.xxx:443/StartConnection.htm?version=1
    ?IP=192.168.1.3?PASSWD=password?USER=username

    [E] Authorization 12045 - The certificate authority is invalid or incorrect

    [E] Authorization 12038 - The host name in the certificate is invalid or does no
    t match

    [T] HttpQueryInfo 200

    version=1
    msgtype=configuration
    conn ryana_rw
    presharedkey=69f1bf5bc1c86ecc
    rightsubnet=192.168.5.0/25
    dnsserver=192.168.5.3
    domain=kilink.com

    LocalAddr: 192.168.1.3
    LocalMask: 255.255.255.255
    LocalSubnet: 192.168.1.3/255.255.255.255
    Presharedkey: 69f1bf5bc1c86ecc
    DNSserver: 192.168.5.3
    RemoteNet: 192.168.5.0
    RemoteMask: 255.255.255.1
    RemoteSubnet: 192.168.5.0/255.255.255.1
    Deactivating QuickVPNplus ipsec policy...
    ipseccmd -w REG -p QuickVPNplus -y

    The command completed successfully.
    Removing QuickVPNplus ipsec policy...
    ipseccmd -w REG -p QuickVPNplus -o

    The command completed successfully.
    Creating QuickVPNplus ipsec policy...

    ipseccmd -w REG -p QuickVPNplus -r Host-RemoteNet -t 71.xxx.xxx.xxx -f 192.168.1
    .3/255.255.255.255=192.168.5.0/255.255.255.1 -n ESP[MD5,3DES]3600S/50000KPFS -a
    PRESHARE:"69f1bf5bc1c86ecc" -lan -1p

    The command completed successfully.
    Creating QuickVPNplus ipsec policy...

    ipseccmd -w REG -p QuickVPNplus -r RemoteNet-Host -t 192.168.1.3 -f 192.168.5.0
    /255.255.255.1=192.168.1.3/255.255.255.255 -n ESP[MD5,3DES]3600S/50000KPFS -a PR
    ESHARE:"69f1bf5bc1c86ecc" -lan -1p

    The command completed successfully.
    Activating QuickVPNplus ipsec policy...

    ipseccmd -w REG -p QuickVPNplus -x

    The command completed successfully.
    Configuration done.
    Activating tunnel...

    Pinging 192.168.5.3 with 32 bytes of data:

    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 192.168.5.3:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\Program Files\Support Tools>

    So the Vista Ultimate Machine does this.

    C:\Users\steve\Desktop\QuickVPNplus>quickvpnplus -u username -p password -r 71.xxx.xxx.xxx -v
    OSver: 6.0
    [T] Figuring out local interface.
    [T] ipADD 192.168.1.5
    [T] defGW 192.168.1.1
    [T] BINGO
    [T] If type: 71
    Local ip address: 192.168.1.5
    Requesting configuration data from 71.xxx.xxx.xxx ...
    [T] Uri: https://username:password@71.xxx.xxx.xxx:443/StartConnection.htm?version=1
    ?IP=192.168.1.5?PASSWD=password?USER=username

    [E] Authorization 12045 - The certificate authority is invalid or incorrect

    [T] HttpQueryInfo 200

    version=1
    msgtype=configuration
    conn steves_rw
    presharedkey=b7d2a2db7e9a2680
    rightsubnet=192.168.5.0/25
    dnsserver=192.168.5.3
    domain=site.com

    LocalAddr: 192.168.1.5
    LocalMask: 255.255.255.255
    LocalSubnet: 192.168.1.5/255.255.255.255
    Presharedkey: b7d2a2db7e9a2680
    DNSserver: 192.168.5.3
    RemoteNet: 192.168.5.0
    RemoteMask: 255.255.255.1
    RemoteSubnet: 192.168.5.0/255.255.255.1
    Removing all ipsec policies...
    netsh ipsec dynamic delete all

    Creating QuickVPNplus ipsec policy...
    netsh ipsec dynamic add qmpolicy name=QuickVPNplus pfsgroup=grp1 qmsecmethods="
    ESP[3DES,MD5]:50000K/3600S"
    ERR Win32[01702] : The binding handle is invalid.

    Creating QuickVPNplus ipsec policy...
    netsh ipsec dynamic add mmpolicy name=QuickVPNplus mmsecmethods="3DES-SHA1-2 3D
    ES-MD5-2 3DES-SHA1-3"
    ERR Win32[01702] : The binding handle is invalid.

    Creating ipsec rule...
    netsh ipsec dynamic add rule mmpolicy=QuickVPNplus qmpolicy=QuickVPNplus srcadd
    r=192.168.1.5 dstaddr=192.168.5.0 dstmask=255.255.255.1 mirror=no conntype=all p
    sk=b7d2a2db7e9a2680 tunneldstaddr=71.110.145.69
    ERR IPsec[06051] : Specified MainMode Policy does not exist.

    Creating ipsec rule...
    netsh ipsec dynamic add rule mmpolicy=QuickVPNplus qmpolicy=QuickVPNplus dstadd
    r=192.168.1.5 srcaddr=192.168.5.0 srcmask=255.255.255.1 mirror=no conntype=all p
    sk=b7d2a2db7e9a2680 tunneldstaddr=192.168.1.5
    ERR IPsec[06051] : Specified MainMode Policy does not exist.

    Configuration done.
    Activating tunnel...

    Pinging 192.168.5.3 with 32 bytes of data:

    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 192.168.5.3:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\Users\steve\Desktop\QuickVPNplus>

    Any help is seriously appreciated. I am thankful that folks out there are doing what you do for the rest of us knuckleheads!
     
  11. mca007

    mca007 LI Guru Member

    Sorry, my bad.
    I make a mistake converting from CIDR notation to old style.
    In your case:
    192.168.5.0/25 sould be 192.168.5.0 subnet 255.255.255.128 and not 255.255.255.1

    Please get QuickVPNplus v 1.0.3 that has the problem fixed.
     
  12. hsoverma

    hsoverma LI Guru Member

    QuickVPNPlus Issue

    Thanks for the posting of the quickVPN Plus Tool.

    I am running a windows XP Box and I Installed the Support Tools as noted in the readme file, and then tried to connect to the HOST using the VPN Tool. Currently, my XP Box is part of a domain and is sitting behing a Microsoft ISA 2004 Server. (I am the system administrator, so I can configure the ISA server.)

    If I bypass the ISA server, I can make the connection using the normal Graphics based QuickVPN tool.

    If I sit behind this ISA Server, I cannot connect using the QuickVPN graphical tool. If I run the QuickVPNPlus tool, I get the output bleow.

    I have the following ports open for OUTGOING ONLY connections in ISA server:

    TCP 10000
    TCP 110-156
    TCP 1723
    TCP 443
    TCP 50
    TCP 5000-6080
    TCP 60443
    UDP 500

    I have the following ports for INCOMING in ISA

    TCP 443
    UDP 500

    My local IP Address on the XP Box is 192.168.100.11
    The IP address on the Linksys Box on its internal network is 10.10.10.1
    I have X'd out everything else

    Notice where it says "Error converting policy: 0x2"


    C:\>QuickVPNplus.exe -u USER -r x.x.x.x -p PASSWORD -v
    OSver: 5.1
    [T] Figuring out local interface.
    [T] ipADD 192.168.100.11
    [T] defGW 192.168.100.1
    [T] BINGO
    [T] If type: 6
    Local ip address: 192.168.100.11
    Requesting configuration data from x.x.x.x ...
    [T] Uri: https://USER:PASSWORD@x.x.x.x:443/StartConnection.htm?version=
    1?IP=192.168.100.11?PASSWD=PASSWORD?USER=USER

    [E] Authorization 12038 - The host name in the certificate is invalid or does no
    t match

    [T] HttpQueryInfo 200

    version=1
    msgtype=configuration
    conn USER_rw
    presharedkey=42a6ae6b0386a01f
    rightsubnet=10.10.10.0/24
    dnsserver=10.10.10.1
    domain=

    LocalAddr: 192.168.100.11
    LocalMask: 255.255.255.255
    LocalSubnet: 192.168.100.11/255.255.255.255
    Presharedkey: 42a6ae6b0386a01f
    DNSserver: 10.10.10.1
    RemoteNet: 10.10.10.0
    RemoteMask: 255.255.255.0
    RemoteSubnet: 10.10.10.0/255.255.255.0
    Deactivating QuickVPNplus ipsec policy...
    ipseccmd -w REG -p QuickVPNplus -y

    The command completed successfully.
    Removing QuickVPNplus ipsec policy...
    ipseccmd -w REG -p QuickVPNplus -o
    Error converting policy: 0x2

    The command completed successfully.
    Creating QuickVPNplus ipsec policy...

    ipseccmd -w REG -p QuickVPNplus -r Host-RemoteNet -t x.x.x.x -f 192.168.10
    0.11/255.255.255.255=10.10.10.0/255.255.255.0 -n ESP[MD5,3DES]3600S/50000KPFS -a
    PRESHARE:"42a6ae6b0386a01f" -lan -1p

    The command completed successfully.
    Creating QuickVPNplus ipsec policy...

    ipseccmd -w REG -p QuickVPNplus -r RemoteNet-Host -t 192.168.100.11 -f 10.10.10
    .0/255.255.255.0=192.168.100.11/255.255.255.255 -n ESP[MD5,3DES]3600S/50000KPFS
    -a PRESHARE:"42a6ae6b0386a01f" -lan -1p

    The command completed successfully.
    Activating QuickVPNplus ipsec policy...

    ipseccmd -w REG -p QuickVPNplus -x

    The command completed successfully.
    Configuration done.
    Activating tunnel...

    Pinging 10.10.10.1 with 32 bytes of data:

    Negotiating IP Security.
    Negotiating IP Security.
    Negotiating IP Security.
    Negotiating IP Security.

    Ping statistics for x.x.x.x:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\>


    Any help would be appreciated.
     
  13. mca007

    mca007 LI Guru Member

    I am not familiarized with ISA server but it must allow ESP (protocol 50) passthru.

    QuickVPNplus is running OK in your system.

    Don't worry about "Error converting policy: 0x2". I am deleting it even if it is not there.

    Please note that if you've download QuickVPNplus 1.0.2 you should get version 1.0.3

    In your case 1.0.2 runs OK because your remote netmask is 255.255.255.0 but it is broken for netmasks that don't end in 0.
     
  14. hsoverma

    hsoverma LI Guru Member

    RE: QuickVPNPlus Issue

    Well,

    ISA server allows me to monitor in real-time what is going on when I try to make the connection, and I am getting a random port block from my HOST when I run the QuickVPNPLUS that looks like anywhere between TCP 35500 and 36000. There is no data going across port 50.

    Also, only port 443 (TCP) and port 500 (UDP) are being used, so I think I can get rid of all those other ports.

    Thanks for the input...
     
  15. dino750

    dino750 LI Guru Member

  16. aviegas

    aviegas Network Guru Member

    It's PROTOCOL 50, not PORT 50. There is a huge difference here. ESP (protocol 50) is on the same "level" as TCP (protocol 6) and UDP (protocol 17). ESP like ICMP (protocol 1) does not have ports: it's a machine to machine protocol.

    So if you setup does not handle protocol 50, then it will never work. ESP is used to the actual data. TCP port 443 is used for QuickVPN authentication and UDP port 500 is used for key exchange (IKE).

    For quickvpn (regular or plus) to work you need all 3 above.
     
  17. aviegas

    aviegas Network Guru Member

    The 2 URLs above are equivalent. There is not difference.
    Try version 1.0.3 and post your trace (using -v option and do not forget to hide you password).
     
  18. Toxic

    Toxic Administrator Staff Member

    Hey mca007

    this looks like a nice feature. could you tell me, did you use the source code from QuickVPN to create QVPN+ ? if so do you have the source code available for download?
     
  19. jm23hh

    jm23hh Network Guru Member

    Quckvpnplus can't connect

    Hi,

    looks great but doesn't work for me - I got the following error message (WinXP SP2):

    QuickVPNplus_1.0.3>quickvpnplus -u abcd -r xyz.dyndns.org -i60443 -v
    OSver: 5.1
    Enter password: abcd
    [T] Figuring out local interface.
    [T] ipADD 192.168.254.107
    [T] defGW 192.168.254.254
    [T] BINGO
    [T] If type: 6
    Local ip address: 192.168.254.107
    Requesting configuration data from 85.b.c.d ...
    [T] Uri: https://abcd:abcd@85.b.c.d:60443/StartConnection.htm?version=1?IP=
    192.168.254.107?PASSWD=abcd?USER=abcd

    [E] Authorization 12045 - Die Zertifizierungsagentur ist ung³ltig oder fehlerhaft

    [T] HttpQueryInfo 200

    version=1
    msgtype=status
    status=-102
    message=The protection network conflict

    QuickVPN error -102 - The protection network conflict



    Same with port 443

    Any help appreciated

    Joerg
     
  20. aviegas

    aviegas Network Guru Member

    He wrote the code from scratch. The authentication part and Vista is based on the procedure I've outlined on another thread and the XP/2000 support was based on the original idea by Marcus Müeller (IPSEC.EXE) that we have used long ago (before Linksys released the BEFVP41).

    There are 2 special features in the code: Vista support and "correct" local IP determination (when multiple IPs/Interfaces are present). The latter was the result of some discussion we had and MCA007 found a very clever way to make it work - it's based on the routing tables, so it's deterministic and always correct).


    As for the source, that's up to him......
     
  21. aviegas

    aviegas Network Guru Member


    This is one of the nice features of QuickVPN+: ERROR MESSAGES

    The message quoted means that the local machine address (your IP) is on the same range as the remote LAN you are trying to access.

    This is one of the most common errors with QuickVPN type connections.
     
  22. mca007

    mca007 LI Guru Member

    This message means either:
    1 - your local IP address is in the same range as the remote LAN you are trying to access like AViegas mentioned OR
    2 - the remote router has a "Gateway to Gateway" VPN definition where "Remote Group" has a range that conflicts with your local IP address
     
  23. D0bb1n

    D0bb1n LI Guru Member

    mca007, thanks for you efforts with QuickVPN+.

    Unfortunately I haven't had much success in getting it working. The overall result is much the same as QuickVPN. It apparently creates the VPN connection, but no luck with actually using it.

    Any help would be appreciated. Here is the output....

    C:\QuickVPNplus_1.0.3>QuickVPNplus.exe -u <userid> -p <password> -r XXX.XXX.XXX.234 -v
    OSver: 5.1
    [T] Figuring out local interface.
    [T] ipADD XXX.XXX.XXX.233
    [T] defGW XXX.XXX.XXX.233
    [T] BINGO
    [T] If type: 6
    Local ip address: XXX.XXX.XXX.233
    Requesting configuration data from XXX.XXX.XXX.234 ...
    [T] Uri: https://<userid>:<password>@XXX.XXX.XXX.234:443/StartConnection.htm?versi
    on=1?IP=XXX.XXX.XXX.233?PASSWD=<password>?USER=<userid>

    [E] Authorization 12045 - The certificate authority is invalid or incorrect

    [T] HttpQueryInfo 200

    version=1
    msgtype=configuration
    conn <userid>_rw
    presharedkey=cb306bc555cf11d1
    rightsubnet=192.168.1.0/24
    dnsserver=192.168.1.1
    domain=mydomain.net

    LocalAddr: XXX.XXX.XXX.233
    LocalMask: 255.255.255.255
    LocalSubnet: XXX.XXX.XXX.233/255.255.255.255
    Presharedkey: cb306bc555cf11d1
    DNSserver: 192.168.1.1
    RemoteNet: 192.168.1.0
    RemoteMask: 255.255.255.0
    RemoteSubnet: 192.168.1.0/255.255.255.0
    Deactivating QuickVPNplus ipsec policy...
    ipseccmd -w REG -p QuickVPNplus -y

    The command completed successfully.
    Removing QuickVPNplus ipsec policy...
    ipseccmd -w REG -p QuickVPNplus -o

    The command completed successfully.
    Creating QuickVPNplus ipsec policy...

    ipseccmd -w REG -p QuickVPNplus -r Host-RemoteNet -t XXX.XXX.XXX.234 -f XXX.XXX.XXX.233/255.255.255.255=192.168.1.0/255.255.255.0 -n ESP[MD5,3DES]3600S/50000KPFS -a PRESHARE:"cb306bc555cf11d1" -lan -1p

    The command completed successfully.
    Creating QuickVPNplus ipsec policy...

    ipseccmd -w REG -p QuickVPNplus -r RemoteNet-Host -t XXX.XXX.XXX.233 -f 192.168.1.0/255.255.255.0=XXX.XXX.XXX.233/255.255.255.255 -n ESP[MD5,3DES]3600S/50000KPFS -a PRESHARE:"cb306bc555cf11d1" -lan -1p

    The command completed successfully.
    Activating QuickVPNplus ipsec policy...

    ipseccmd -w REG -p QuickVPNplus -x

    The command completed successfully.
    Configuration done.
    Activating tunnel...

    Pinging 192.168.1.1 with 32 bytes of data:

    Negotiating IP Security.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\QuickVPNplus_1.0.3>
     
  24. umox

    umox LI Guru Member

    no luck

    Running Vista Business, trying to connect to RVS4000 router.

    Code:
    C:\Users\monkey\Downloads>QuickVPNplus.exe -u username -p password -r xx.xxx.xx.x -v
    OSver: 6.0
    [T] Figuring out local interface.
    [T] ipADD 10.10.11.140
    [T] defGW 10.10.11.1
    [T] BINGO
    [T] If type: 6
    Local ip address: 10.10.11.140
    Requesting configuration data from xx.xxx.xx.x ...
    [T] Uri: https://username:password@xx.xxx.xx.x:443/StartConnection.htm?version=1?IP=10.10.11.140?PASS
    
    [E] Authorization 12045 - The certificate authority is invalid or incorrect
    
    [E] Authorization 12152 - The server returned an invalid or unrecognized response
    
    [E] HttpSendRequest 12152 - The server returned an invalid or unrecognized response
    
    QuickVPN error - could not obtain config data.
    
    C:\Users\monkey\Downloads>
    Nothing happens.

    I tried connecting to another RVS4000 router that I have, and received the following error:

    Code:
    C:\Users\monkey\Downloads>QuickVPNplus.exe -u username -p password -r xx.xx.xx.xxx -v
    OSver: 6.0
    [T] Figuring out local interface.
    [T] ipADD 10.10.11.140
    [T] defGW 10.10.11.1
    [T] BINGO
    [T] If type: 6
    Local ip address: 10.10.11.140
    Requesting configuration data from xx.xx.xx.xxx ...
    [T] Uri: https://username:password@xx.xx.xx.xxx:443/StartConnection.htm?version=1?IP=10.10.11.140?PAS
    
    [E] Authorization 12045 - The certificate authority is invalid or incorrect
    
    [E] Authorization 12037 - The date in the certificate is invalid or has expired
    
    [T] HttpQueryInfo 404
    QuickVPN error - could not obtain config data.
    
    C:\Users\monkey\Downloads>
    This time I received a security warning, I accepted, but when the HTTP window popped up, I revceived an error 404 page. I'm guessing these issues are on the router end?
     
  25. mca007

    mca007 LI Guru Member


    Everything looks good as far as authenticating and obtaining cofig data from the router and setting up Windows ipsec.

    Looks like you might have an ipsec passtrough problem with your local router.
    Have you enabled "IPSec Pass Through" in your local router?
    Does it have the option?
     
  26. mca007

    mca007 LI Guru Member

    Most definitely the problem is at the router end.

    What is the firmware version you have installed in the RVS4000?

    I do have a RVS4000 with firmware 1.1.0.9 and I can't get QuickVPN to work.

    The router does not respond to the HTTPS "query" to authenticate and get configuration parameters.

    Very similar to what is happening in your case.

    In this forum there are several posts reporting the same problem with RVS4000 and fw 1.1.0.9

    Unfortunately this is a common problem with Linksys products (and Netgear and D-Link ...). "They need to mature."
    End users are testers for them.
    Usually you have to wait for 3 or 4 rounds of new firmware until the unit becomes reasonably stable.
     
  27. umox

    umox LI Guru Member

    Yes, I'm currently using firmware version 1.1.0.9. Looks like I'm just going to have to wait. I was hoping that the quickvpn+ utility was going to work since the normal quickvpn utility doesnt under vista. :wall:
     
  28. orelious

    orelious LI Guru Member

    Just tried with Vista Business to WRV54G no joy, here is what I get

    C:\test>quickvpnplus -u XXXX -p XXXX -r 72.XX.XX.XX -i 60443 -c -v
    OSver: 6.0
    [T] Figuring out local interface.
    [T] ipADD 10.10.10.10
    [T] defGW 10.10.10.1
    [T] BINGO
    [T] If type: 6
    Local ip address: 10.10.10.10
    Requesting configuration data from XX.XX.XX.XX ...
    [T] Uri: https://XXX:XXX@XX.XX.XX.XX:60443/StartConnection.htm?version=1?IP=
    10.10.10.10?PASSWD=XXX?USER=XXX

    [E] Authorization 12029 - A connection with the server could not be established

    [E] HttpSendRequest 12029 - A connection with the server could not be establishe
    d

    QuickVPN error - could not obtain config data.

    I can connect on my XP box with QuickVPN, but not the plus. SO no joy connecting to a WRV54G.
     
  29. mca007

    mca007 LI Guru Member

    I've never tried QuickVPN with a WRV54G.
    But in your case the router is not responding to the https request.

    Note that you MUST get the router to respond to the HTTPS request.
    Without it, nothing is going to work.

    You can cut and paste the URI printed out when you set the verbose option and try it from your web browser.

    Until you get a response, don't waste your time with QuickVPN or QuickVPNplus.

    At least QuickVPNplus tells you what is the problem.
     
  30. aviegas

    aviegas Network Guru Member

    Can you get the RVS4000 to work with QuickVPN and Windows XP?
    mca007 cannot get it to work. Not even manually, so we are quite sure the problem is with the router, not the client side code.
     
  31. aviegas

    aviegas Network Guru Member

    Looks like you are attempting to connect on port 60443. This is an option that is available only on newer firmwares and even maybe for some routers.

    Try removing the "-i60443" from your command and give it a try. I will use port 443 by default, that was the ONLY option available on older firmware.
     
  32. orelious

    orelious LI Guru Member

    Yeah i tried it minus the ports but then it just barfed and said bad password.

    I also try to place the HTTPS line in my browser and I get cannot find blah blah.
     
  33. aviegas

    aviegas Network Guru Member

    Bad password is a bad password.....
     
  34. orelious

    orelious LI Guru Member

    Yeah but the password works fine with QuickVPN on my XP box.
     
  35. mca007

    mca007 LI Guru Member

    Are you using non alphanumeric characters in your password?
     
  36. D0bb1n

    D0bb1n LI Guru Member

    mca007, thanks for the speedy response

    Due to the problems I've been having, I've taken my laptop (XP SP2) and plugged it directly in to the WAN1 port of the RV082 (Firmware 1.3.5), and with the firewall on my laptop shutdown I repeated the test above, with the same results.

    Then tried the following ...

    Reset the RV082 to factory defaults, created a VPN client account and tried again, with the same result.
    Went through the QuickVPN howto to ensure my RV082 was OK and tried again, with the same result.

    Any more hints ? is it worth trying to get a packet sniffer going between my laptop and router ? If so, is there anything specific I should be looking for ?

    [Just thought, one shortcut I did take was to use the ipseccmd.exe from the quickvpn distribution as I didn't have my XP media to hand, would this cause an issue ?]

    Thanks

    Dobbs
     
  37. Toxic

    Toxic Administrator Staff Member

    Just a quick question does QVPN+ work with Certificates? The WRV200 can use certs created by its own WebGUI. this cert is then held in the same folder as QuickVPN
     
  38. aviegas

    aviegas Network Guru Member

    Yest it does.

    QuickVPN+ uses Windows' own HTTP code to talk to the VPN server. Therefore to use the certificate enforcement, specify the "-c" flag.

    In this case if the router certificate is not in the Windows Certificate Store, a dialog will pop up asking for instructions on how to proceed.

    Install the certificate the same way as one would install a certificate for use with Internet Explorer (because QuickVPN+ uses the HTTP/SSL library as IE).

    But the handling may change in a future version. Stay tuned.
     
  39. orelious

    orelious LI Guru Member

    The password i'm using is not a strong one, all lowercase alpha. Odd this is when i paste the https link I get the error popup from IE7 that says cannot find etc etc. If I remove the ID.PAss@ part in front of the remote IP It goes but never connects, obviously due to no ID and pass. My problem right now is simply the https line failing to be even recognised as a valid web browser command. Am I missing something besides my brain?
     
  40. mca007

    mca007 LI Guru Member

    I don't think ipseccmd.exe in contributing to the problem and I don't know what else you can do.

    In your case it seems that Windows "is happy" setting up the Tunnel.
    It then starts to actually ping the DNS but you get no response.

    Have you tried to ping another machine in the remote network?
    The DNS box might not be responding to pings.
     
  41. mca007

    mca007 LI Guru Member

    I do have a WRV54G (fw 2.39.2) that I was using as an AP.

    I've configured it's VPN Client access and gave it a shot.

    It looks like there is a bug in fw 2.39.2

    If your try to access the router's QuickVPN url with FireFox or IE you get an error.
    QuickVPNplus uses Wininet API that is same API used by IE and therefore "suffers" the sames problems that IE does.

    Accessing the router's QuickVPN url with "wget" works.

    I will try to find out more details of what is going on.
     
  42. orelious

    orelious LI Guru Member

    Thanks for the post, i'll be waiting to see what you uncover, I really wish linksys has some foresight with the VPN routers and Vista.
     
  43. aviegas

    aviegas Network Guru Member

    There are more problems with QuickVPN than just Windows Vista.
    The main issues are:

    - No meaningful error messages
    - Does not work when the client machine has more than one interface (real or alias).

    QuickVPNPlus address these 2 points as well as including support for Vista.

    Current status for QuickVPNPlus is: if it the router is working with QuickVPN and Windows 2000/XP, then it will work with QuickVPNPlus, under all 3 Windows versions. Except for the WRV54G....

    QuickVPNPlus may not be fancy at this time, but its more robust than QuickVPN.
     
  44. orelious

    orelious LI Guru Member

    cant wait to find something that will work with Vista.
     
  45. D0bb1n

    D0bb1n LI Guru Member

    Yep I've tried pinging various things, same response.
    Once the VPN connection is up and running, would I expect to see anything in the routing table "route print" specific to the router, or the private network behind the router ? Because at the moment, I don't see the router IP address or remote subnet mentioned in the table.

    Thanks again.

    Dobbs
     
  46. aviegas

    aviegas Network Guru Member

    And you will never will.....

    QuickVPNPlus and the original QuickVPN uses the IPSec code that is native to Windows (2000/XP/Vista). The Microsoft IPSec stack is based on "security policies" that are implemented as "filters". Something like:

    "If a packet is addresses to the remote VPN network, then replace it with the IPsec packet (that is addressed to the VPN router)."

    Unlike other IPSec implementations, these leave no traces on the system. No "local IP address", no routing table, no IPSec interface, etc.

    It is an ugly way to do things and it's very hard to debug.

    For example, it took me about 3 weeks to get it to work under Windows Vista, just to define the proper policy setup commands for QuickVPNPlus.

    Microsoft make it even worse by using different set of commands on each operating system to control the IPsec policies......

    If you want to dig it deeper, you may try using the latest "Microsoft Network Monitor 3.0" that allow one to sniff the traffic leaving and arriving at one's machine. Not an easy taks, but the download is free.
     
  47. Baro

    Baro LI Guru Member

    I wonder how this works, as the certificate generated by the WRV200 is a file with extionsion .pem which is not one of the ceritificate types recognized by the IE.

    Mark
     
  48. aviegas

    aviegas Network Guru Member

    Just rename it to CRT and import into the TRUSTED CERTIFICATE AUTHORITY DATABASE.

    The Linksys approach to this HTTPS certificate sucks, as the certificate is based on the MAC address of the server (WAN1 MAC). The HTTPS protocol uses the hostname.

    So the "correct" approach is to generate a certificate for the hostname of either WAN1 and WAN2 with a certificate program such as OpenSSL and then import the certificate both at the router and at the client.
     
  49. orelious

    orelious LI Guru Member

    I still cannot get this working at all. I get the following messages


    [W] Authorization 12029 - A connection with the server could not be established

    [E] HttpSendRequest 12029 - A connection with the server could not be established

    QuickVPNplus could not obtain configuration data - bailing out.

    If I copy and paste the https text into my web browser, I get a windows error saying windows cannot find etc.. if I remove the ID and pass @ ip address It works but fails for obvious reasons.

    Any help would be great. Thanks in advance.
     
  50. mca007

    mca007 LI Guru Member

    As I've mentioned on a previous post, WRV54G has a bug and due to the bug you get an error using Firefox or IE when you try to access the QuickVPN URL.
    Version 1.0.4 of QuickVPNplus also does not work due to this bug.

    I did manage to overcome the bug and I have a new version of QuickVPNplus that works with WRV54G.

    I also have added some new features:
    1 - you can now use userids/passwords with non alphanumeric characters (not possible with Linksys QuickVPN)
    2 - you can specify a certificate a subject string (or a subset of it) that will be matched against the certificate subject string presented by the router. If they don't match the program will abort.

    Unfortunately the size of the zip file is now 100K bytes and I can not upload it due to size limit in this forum.
     
  51. Toxic

    Toxic Administrator Staff Member

    :) then send it to me. I'll put it on a link via the downloads section.

    firmware at linksysinfo . org
     
  52. secion8

    secion8 LI Guru Member

    Any update on getting the new QuickVpnPlus? I just bought a new WRVS4400N Router thinking I could setup a vpn tunnel for my laptop while I was traveling. Should have known that vista would not be so easy.

    I am trying the current version and this is what I get. Any feedback on what to do to fix would be really great. I am clicking yes for each prompt.

    [W] Authorization 12045 - The certificate authority is invalid or incorrect

    [W] Authorization 12037 - The date in the certificate is invalid or has expired

    [W] Authorization 12038 - The host name in the certificate is invalid or does not match

    [W] Authorization 12152 - The server returned an invalid or unrecognized response

    [E] HttpSendRequest 12152 - The server returned an invalid or unrecognized response

    QuickVPNplus could not obtain configuration data - bailing out.
     
  53. depdiggity

    depdiggity Guest

    WRVS4400N Screen Shots

    Attached are some screen shots of the VPN tunnel settings for the WRVS4400N. I've configured this every wich way and can't get quickvpn+ to connect i always get some combination of: Authorization 12038, 12152 and http sendrequest 12152. These are preceeded by a Security Alert: "A secure connection with this site cannot be verified. Would you still like to proceed? The certificate you are viewing does not match the of the site you are trying to view". I've tried to import the certificate to no avail. An earlier thread mentioned writing your own certificate with SSL and somehow uploading it to the router. Anyone know how to actually do this?
     

    Attached Files:

  54. mca007

    mca007 LI Guru Member

    I don't have a WRVS4400N to test. I did find a problem with WRV54G and adjusted the QuickVPNplus code to handle it.

    You can try version 1.0.6 with -F 2 option and see if it works.
     
  55. mca007

    mca007 LI Guru Member

    You can create a self signed certificate with openssl and install it but certificate warnings should not interfere with the whole process as long as you accept the popups or use "-c" switch on version 1.0.4 ("-c any" on 1.0.6)

    I've never used a WRVS4400N but the screens you've attached seem to be related to a GatewayToGateway or ClientToGateway configuration and not "VPN Client Access" .

    On RV0XX, WRV54G and RVS4000 you only have to configure userid/password for "VPN Client Access". IPsec related stuff is "hard wired" and can not be changed.
     
  56. jeffspicolie

    jeffspicolie LI Guru Member

    Code:
    C:\Program Files\Linksys\Linksys VPN Client>quickvpnplus -f config.xml
    QuickVPNplus ver: 1.0.6
    Flags: 1 (0x1)
    OSver: 5.1
    Local ip address: 192.168.1.4
    
    Requesting configuration data from 71.xxx.xxx.xxx ...
    [T] Uri: https://user:passwordi@71.xxx.xxx.xxx:443/StartConnection.htm?version=1
    ?IP=192.168.1.4?PASSWD=password?USER=user
    
    [I] using WinInet
    [W] Authorization 12045 - The certificate authority is invalid or incorrect
    
    SSLsrvCert:   00:13:10:5c:e4:c6 RV082 "Cisco-Linksys, LLC" US Irvine California
    [T] HttpQueryInfo 401
    [T] Setting HTTP username/password
    [T] HTTP response: 200 - OK
    
    [T] Server response
    ---------------------------------
    
    version=1
    msgtype=status
    status=-102
    message=The protection network conflict
    
    ---------------------------------
    Router response: -102 - The protection network conflict
    
    C:\Program Files\Linksys\Linksys VPN Client>
    Ok, I can't figure out what this means. I am on an XP Pro OS to an RV082 through an Actiontec MI424.

    Any help?
    Thanks!
     
  57. orelious

    orelious LI Guru Member

    ok so it looks like everything now connects for me (Vista Business, WRV54G) however I cannot traverse the tunnel to do anything, I try MSTSC as I use on my XP box, however, on the vista box I get dead ended and never connect

    I am pasing my verbose output with the id, pass, ip and PSK protected



    C:\qvpn> quickvpnplus -u myid -p mypass -r xx.xx.31.25 -F 2 -v
    QuickVPNplus ver: 1.0.6
    Flags: 2 (0x2)
    OSver: 6.0
    [T] Figuring out local interface.

    [T] ipADD 10.10.10.10
    [T] defGW 10.10.10.1
    [T] match found - I am done here.
    [T] interface type: 6

    Local ip address: 10.10.10.10

    Requesting configuration data from xx.xx.31.25 ...
    [T] Uri: https://myid:mypass@xx.xx.31.25:443/StartConnection.htm?version=1?IP=10
    .10.10.10?PASSWD=mypass?USER=myid

    using WinHTTP
    SSLsrvCert: US ORname_Jungo OpenRG Products Group
    [T] HTTP response: 200 - OK

    [T] Server response
    ---------------------------------
    version=1
    msgtype=configuration
    conn joe_rw_rw
    presharedkey=%^$#^%$%^^$
    rightsubnet=10.85.31.0/24
    dnsserver=10.85.31.1
    domain=linksys

    ---------------------------------
    LocalAddr: 10.10.10.10
    LocalMask: 255.255.255.255
    LocalSubnet: 10.10.10.10/255.255.255.255
    Presharedkey: %^$#^%$%^^$
    DNSserver: 10.85.31.1
    RemoteNet: 10.85.31.0
    RemoteMask: 255.255.255.0
    RemoteSubnet: 10.85.31.0/255.255.255.0

    Removing all dynamic ipsec policies ...
    netsh ipsec dynamic delete all

    Creating quick mode ipsec policy QuickVPNplus ...
    netsh ipsec dynamic add qmpolicy name=QuickVPNplus pfsgroup=grp1 qmsecmethods="
    ESP[3DES,MD5]:50000K/3600S"

    Creating main mode ipsec policy QuickVPNplus ...
    netsh ipsec dynamic add mmpolicy name=QuickVPNplus mmsecmethods="3DES-SHA1-2 3D
    ES-MD5-2 3DES-SHA1-3"

    Creating host to net ipsec rule ...
    netsh ipsec dynamic add rule mmpolicy=QuickVPNplus qmpolicy=QuickVPNplus srcadd
    r=10.10.10.10 dstaddr=10.85.31.0 dstmask=255.255.255.0 mirror=no conntype=all ps
    k=sjr@DhD4-4QnqO.RDyc tunneldstaddr=xx.xx.31.25

    Creating net to host ipsec rule ...
    netsh ipsec dynamic add rule mmpolicy=QuickVPNplus qmpolicy=QuickVPNplus dstadd
    r=10.10.10.10 srcaddr=10.85.31.0 srcmask=255.255.255.0 mirror=no conntype=all ps
    k=sj%^$#^%$%^^$.RDyc tunneldstaddr=10.10.10.10


    Configuration done.

    Activating tunnel...

    Pinging 10.85.31.1 with 32 bytes of data:

    Negotiating IP Security.
    Negotiating IP Security.
    Negotiating IP Security.
    Negotiating IP Security.

    Ping statistics for 10.85.31.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    Yes I also have IPSec Pass enabled on my outbound and remote equipment.
     
  58. Ashancn

    Ashancn LI Guru Member

    I just got a WRVS4400N and QuickVPN does not work - hangs at "Verifying Network"

    QuickVPNPlus 1.06 with -F2 option works great except for name resoultion. Client is Windows XP sp2 and router has latest Firmware (.13)

    Any way to get Name resolution to work?
     
  59. aviegas

    aviegas Network Guru Member

    Name resolution is not supported at this time, either by QuickVPN or QuickVPNPlus.
     
  60. mca007

    mca007 LI Guru Member

    Your network is a subset or has the same ip address range of the remote net.

    Looks like you local net is 192.168.1.0 255.255.255.0
    Change it to 192.168.2.0 255.255.255.0
     
  61. mca007

    mca007 LI Guru Member

    Did you notice if the router log show IPsec being negotiated ?
     
  62. Ashancn

    Ashancn LI Guru Member

    I had "Negotiating IP Security." error due to 2 different reasons.

    1) Firewall on my client PC (eTrust Presonal Firewall from CA) was somehow blocking the IPSEC connection. Disabled firewall and error went away

    2) I used QuickVPNPlus at work to connect to home network but did not explictly disconnect. I brought laptop home and connected to Home network and I was not able to access the internet. Pinging any IP gave this error. QuickVPNPlus -x to clear settings did not work because my external ip was not reachable. I had to issue ipseccmd -w REG -p QuickVPNplus -y to remove IPSEC info. Would be nice enhancement if QuickVPNPlus did this whether external IP was reachable or not.


    btw -- I use a batch file to connect to home network when I am away. This lets me know if I am still connected and allows me to press any key to disconnect once done. Any plans for a GUI for quickvpnplus?

    -------------------------------------------------------------
    @Echo off
    QuickVPNplus.exe -f config.xml
    Echo ****************************
    Echo Connected to NETWORK via VPN
    ECHO TO DISCONNECT
    pause
    Echo ****************************
    QuickVPNplus.exe -f config.xml -x
    pause
    ------------------------------------------------------------------

    regards,
    Ashan
     
  63. orelious

    orelious LI Guru Member

    I don't even have my firewall turned on, nor do I have AV blocking anything.
     
  64. mca007

    mca007 LI Guru Member

    Read the following article about troubleshooting ipsec on Windows
    http://www.securityfocus.com/infocus/1526
     
  65. orelious

    orelious LI Guru Member

    I have read, looks to me lilke IPSec is never negotiating correctly. I can pin -t and always see Negotiating IP Security. I have changed settings on the remote router but with no luck. I hate linksys lol.
     
  66. mca007

    mca007 LI Guru Member

    Check the router log for any signs of IPsec negotiation.
    If you don't see anything, IPsec is being blocked.
     
  67. jeffspicolie

    jeffspicolie LI Guru Member

    I wish it was true, but;

    remote = 192.168.5.0 255.255.255.128
    local = 192.168.1.0 255.255.255.0

    :(
     
  68. mca007

    mca007 LI Guru Member

    Are you sure the remote netmaks is correct?
    If it is 255.255.128.0 you would have a conflict


    If you can, set your local net to 172.17.2.0 255.255.255.0 and the remote netmask to 255.255.255.0

    All occurrences of error -102 I've seen are related to network conflict
     
  69. jeffspicolie

    jeffspicolie LI Guru Member

    very strange...

    So I did what you said,
    remote 192.168.5.0 255.255.255.0
    local 172.17.2.0 255.255.255.0

    and got a step closer....

    Code:
    c:\Program Files\Linksys>quickvpnplus -u user -p password -r 71.xxx.xxx.xxx -v
    QuickVPNplus ver: 1.0.6
    Flags: 0 (0x0)
    OSver: 6.0
    [T] Figuring out local interface.
    
    [T] ipADD 172.17.2.2
    [T] defGW 172.17.2.1
    [T] match found - I am done here.
    [T] interface type: 71
    
    Local ip address: 172.17.2.2
    
    Requesting configuration data from 71.xxx.xxx.xxx ...
    [T] Uri: https://user:password@71.xxx.xxx.xxx:443/StartConnection.htm?version=1?IP=1
    72.17.2.2?PASSWD=5513?USER=ryana
    
    [I] using WinInet
    [W] Authorization 12045 - The certificate authority is invalid or incorrect
    
    SSLsrvCert:   00:13:10:5c:e4:c6 RV082 "Cisco-Linksys, LLC" US Irvine California
    [T] HttpQueryInfo 401
    [T] Setting HTTP username/password
    [T] HTTP response: 200 - OK
    
    [T] Server response
    ---------------------------------
    
    version=1
    msgtype=configuration
    conn ryana_rw
    presharedkey=465198306507c412
    rightsubnet=192.168.5.0/24
    dnsserver=192.168.5.3
    domain=keynelink.com
    
    ---------------------------------
    LocalAddr:   172.17.2.2
    LocalMask:   255.255.255.255
    LocalSubnet: 172.17.2.2/255.255.255.255
    Presharedkey: 465198306507c412
    DNSserver:    192.168.5.3
    RemoteNet:    192.168.5.0
    RemoteMask:   255.255.255.0
    RemoteSubnet: 192.168.5.0/255.255.255.0
    
    Removing all dynamic ipsec policies ...
    netsh  ipsec dynamic delete all
    
    Creating quick mode ipsec policy QuickVPNplus ...
    netsh  ipsec dynamic add qmpolicy name=QuickVPNplus pfsgroup=grp1 qmsecmethods="
    ESP[3DES,MD5]:50000K/3600S"
    
    Creating main  mode ipsec policy QuickVPNplus ...
    netsh  ipsec dynamic add mmpolicy name=QuickVPNplus mmsecmethods="3DES-SHA1-2 3D
    ES-MD5-2 3DES-SHA1-3"
    
    Creating host to net ipsec rule ...
    netsh  ipsec dynamic add rule mmpolicy=QuickVPNplus qmpolicy=QuickVPNplus srcadd
    r=172.17.2.2 dstaddr=192.168.5.0 dstmask=255.255.255.0 mirror=no conntype=all ps
    k=465198306507c412 tunneldstaddr=71.xxx.xxx.xxx
    
    Creating net to host ipsec rule ...
    netsh  ipsec dynamic add rule mmpolicy=QuickVPNplus qmpolicy=QuickVPNplus dstadd
    r=172.17.2.2 srcaddr=192.168.5.0 srcmask=255.255.255.0 mirror=no conntype=all ps
    k=465198306507c412 tunneldstaddr=172.17.2.2
    
    
    Configuration done.
    
    Activating tunnel...
    
    Pinging 192.168.5.3 with 32 bytes of data:
    
    Negotiating IP Security.
    Negotiating IP Security.
    Negotiating IP Security.
    Negotiating IP Security.
    
    Ping statistics for 192.168.5.3:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
    
    c:\Program Files\Linksys>
    But I am not able to connect to the any shared folders on the office network. using the IP, example \\192.168.5.50\development
    Something that caught my eye

    Code:
    ---------------------------------
    LocalAddr:   172.17.2.2
    LocalMask:   255.255.255.255
    LocalSubnet: 172.17.2.2/255.255.255.255
    Presharedkey: 465198306507c412
    DNSserver:    192.168.5.3
    RemoteNet:    192.168.5.0
    RemoteMask:   255.255.255.0
    RemoteSubnet: 192.168.5.0/255.255.255.0
    The listed LocalMask is not correct... it mirrors at 255.255.255.0 like the remote site. Not sure what this is...

    Still, looks like it is connecting, even the web based admin on the office RV082 show that i connected, but I can't see anything on the remote network like I used to with QuickVPN. Can't map drives via IP or anything.

    Sooooo appreciate your efforts!
    Thanks!
    Ryan
     
  70. conite

    conite LI Guru Member

    problem with password with quickvpnplus

    Quickvpn will connect to my wrv54g, quickvpnplus will not. I noticed a small difference in the wget_error file.

    quickvpn: "https://user:password@ip1/StartConnection.htm?version=1?IP=ip2?USER=user"

    quickvpnplus: "https://user:password@ip1/StartConnection.htm?version=1?IP=ip2?PASSWD=password?USER=user"

    Notice, the only difference is the ?PASSWD added to the quickvpnplus line.

    The result is a "router response: -3 - Password Incorrect".

    Any help?
     
  71. orelious

    orelious LI Guru Member

    I am having the same issues with my WRV54G as JeffSpicole is, WRV54G even shown me as connected, however, I cannot ping (always get negotiating IP security) nor can I map a drive or RDP my remote server. Looks like it's not just me. I will also add, QuickVPN on my XP box works flawlessly and allows me to map/RDP so that tells me there is something going on with my Vista Business box. I can say that we all appreciate the product you've given us and work to resolve issues, don't think we don't appreciate it.
     
  72. jeffspicolie

    jeffspicolie LI Guru Member

    Latest and greatest...

    Code:
    [I] using WinInet
    [W] Authorization 12045 - The certificate authority is invalid or incorrect
    This is with the same subnet 255.255.255.0
    remote 192.168.5.0
    local 192.168.1.0

    Not sure if this helps, but it is different than last nights efforts. Not sure why.
    VPN can be such a pain! ;)

    Many thanks,
    JS
     
  73. danholme

    danholme LI Guru Member

    I am also having the "Password Incorrect" problem on my WRV54G.

    I would be MORE than happy to participate in helping you test this, if you would like (e.g. setting up a VPN account for a period of time for you).

    Also will be VERY happy to PayPal you once this works... it will be HUGE for me as I've been VPN-less since I went to vista a year ago, and I'll be at TechEd next week, VPN-less...

    dan dot holme at intelliem dot <top level commercial domain>

    THANKS!
     
  74. aviegas

    aviegas Network Guru Member

    You need to tell QuickVPNPlus to ignore the certificates, much like it's done by QuickVPN. Use the "-c any" flag.

    If you still have errors, then try asking your router to create another certificate.
    If you have loaded the certificate into the Windows Certificate Storage, remove it and try again.

    Certificates handling is quite tricky, the the ones created by these routers are, at best, broken.
     
  75. aviegas

    aviegas Network Guru Member

    WRV54G HTTPS authentication is broken, so it requires some protocol tweaking. Try with the "-F2" flag. That will tell QuickVPNPlus to use a different Windows API for the HTTPS session, and should work with the WRV54G.
     
  76. Toxic

    Toxic Administrator Staff Member

  77. danholme

    danholme LI Guru Member

    OOOH.... sooooo close!!! That was genius... F2 made a big difference.

    What's happening now is that I'm getting a message "Configuration done... Activating Tunnel" then when it "Ping"s the internal IP address of the router (10.0.0.1 in my case) I get four "Negtiating IP Security" messages then a 100% loss ping result. Needless to say, I can't ping, RDP, SMB or connect in any way to anything inside my network...

    I look at the (remote) administration status page of the router and it shows me as a VPN client "Online"... but it seems as though some configuration on the router just isn't letting anything through.

    I enabled IPSec Passthrough (Security --> VPN) as well as all three (IPSec, PPTP and L2TP) in hopes that one of those would make a difference. No dice.

    Any ideas? and THANK YOU... we are sooooo close....
     
  78. secion8

    secion8 LI Guru Member

    I am in the same position as danholme, I am using a wrvs4400n.. I get "Negotiating IP Security" 4 times, And 100% packet loss.
     
  79. jeffspicolie

    jeffspicolie LI Guru Member

    me too, with RV082, I get the same message as well with -F 2....
     
  80. conite

    conite LI Guru Member

    same for me: -F 2 works great with my wrv54g - just need to solve this "negotiating ip security" business!
     
  81. derekbeck

    derekbeck Guest

    I am having issues connecting -- I get "Negotiating IP Security" 4 times in response to the ping. I am running Vista Home Premium with the firewall disabled. There are no errors when the -v switch is used. This is connecting to a WRV54G that has been up and running for a couple of years.

    Any thoughts would be appreciated.
     
  82. jeffspicolie

    jeffspicolie LI Guru Member

    I think I am going to officially leave Linksys once and for all.

    I can't get a straight answer from anyone (Linksys techs, forums, email correspondence) on when to expect, or if even to expect ever, a Vista compatible version of QuickVPN.

    :(
     
  83. secion8

    secion8 LI Guru Member

    I feel your pain man... I would think that linksys would want there newest product to support the latest technology. I am upset also that they don't put support behind there VPN as much as they like to market it.
     
  84. danholme

    danholme LI Guru Member

    Hell, it's just a small company... Cisco... I guess our expectations are too high...
     
  85. avdvoet

    avdvoet LI Guru Member

    1) Use QuickVPN on XP machine to connect to remote router
    2) ipconfig /all and lookup the DNS server ip's. You will at least find two
    of them (1) local and (2) remote.
    3) Again use QuickVpnPlus to connect from Vista
    4) ipconfig /all and I found that the second (remote) DNS is missing.


    Alfred
     
  86. avdvoet

    avdvoet LI Guru Member

    Is this the problem with Vista using QuickVpnPlus?
    When you ping the remote network and get a the answer "Reply from xxx.xxx.xxx.xxx. Destination host unreachable." the VPN connection is up and running and working just fine. Its seems Vista is not able the see the tunnel and route traffic that way.
     
  87. moored99

    moored99 LI Guru Member

    I got mine to work by disabling Windows Defender.
     
  88. avdvoet

    avdvoet LI Guru Member

    Running Vista Enterprice with QuickVpnPlus I have a VPN connection and the subnet etc. seems ok. But I can not ping my remote network or reach any of my remote shares.
    1) Remote subnet 169.254.0.0/255.255.255.0 is found and remote DNS 169.254.0.254 is also correct.
    2) net-to-host and host-to-net ipsec rules are ok.
    3) On my RV042 I can see I am connected.

    Use Windos Xp pro. with QuickVpn or QuickVpnPlus on the same local/remote network is working fine. I can ping both ways and reach all of my shares. When I installed QuickVpn (2 years ago?) for the first time on WinXp it kept dropping the connection. I had to install a an update from Microsoft available for WinXP only, after that all worked fine for XP.

    I am able to connect from Vista over PPTP (MS native solution) and reach my shares by ip. I have altered the LMHOST files but wihout result, reaching shares by name did not succeeed. Mapping drives using ip is working.

    Here the QuickVpnPlus output:

    C:\Program Files\Linksys\Linksys VPN Client>QuickVpnPlus -u UserName -p Password -
    r xx.xx.xx.xx -i 443 -c any -v
    QuickVPNplus ver: 1.0.6
    Flags: 0 (0x0)
    OSver: 6.0
    [T] Figuring out local interface.

    [T] ipADD 192.168.1.92
    [T] defGW 192.168.1.110
    [T] match found - I am done here.
    [T] interface type: 6

    Local ip address: 192.168.1.92

    Requesting configuration data from xx.xx.xx.xx ...
    [T] Uri: https://UserName:Password@xx.xx.xx.xx:443/StartConnection.htm?version=
    1?IP=192.168.1.92?PASSWD=Password?USER=UserName

    using WinInet
    [W] Authorization 12045 - The certificate authority is invalid or incorrect

    SSLsrvCert: 00:16:b6:4c:f3:06 RV042 "Cisco-Linksys, LLC" US Irvine California
    [T] HttpQueryInfo 401
    [T] Setting HTTP username/password
    [T] HTTP response: 200 - OK

    [T] Server response
    ---------------------------------

    version=1
    msgtype=configuration
    conn UserName_rw
    presharedkey=xxx-xxxxxx-xxx
    rightsubnet=169.254.0.0/24
    dnsserver=169.254.0.254
    domain=SME

    ---------------------------------
    LocalAddr: 192.168.1.92
    LocalMask: 255.255.255.255
    LocalSubnet: 192.168.1.92/255.255.255.255
    Presharedkey: xxx-xxxxxx-xxx
    DNSserver: 169.254.0.254
    RemoteNet: 169.254.0.0
    RemoteMask: 255.255.255.0
    RemoteSubnet: 169.254.0.0/255.255.255.0

    Removing all dynamic ipsec policies ...
    netsh ipsec dynamic delete all

    Creating quick mode ipsec policy QuickVPNplus ...
    netsh ipsec dynamic add qmpolicy name=QuickVPNplus pfsgroup=grp1 qmsecmethods="
    ESP[3DES,MD5]:50000K/3600S"

    Creating main mode ipsec policy QuickVPNplus ...
    netsh ipsec dynamic add mmpolicy name=QuickVPNplus mmsecmethods="3DES-SHA1-2 3D
    ES-MD5-2 3DES-SHA1-3"

    Creating host to net ipsec rule ...
    netsh ipsec dynamic add rule mmpolicy=QuickVPNplus qmpolicy=QuickVPNplus srcadd
    r=192.168.1.92 dstaddr=169.254.0.0 dstmask=255.255.255.0 mirror=no conntype=all
    psk=xxx-xxxxxx-xxx tunneldstaddr=xx.xx.xx.xx

    Creating net to host ipsec rule ...
    netsh ipsec dynamic add rule mmpolicy=QuickVPNplus qmpolicy=QuickVPNplus dstadd
    r=192.168.1.92 srcaddr=169.254.0.0 srcmask=255.255.255.0 mirror=no conntype=all
    psk=xxx-xxxxxx-xxx tunneldstaddr=192.168.1.92


    Configuration done.

    Activating tunnel...

    Pinging 169.254.0.254 with 32 bytes of data:

    Negotiating IP Security.
    Reply from 192.168.1.92: Destination host unreachable.
    Reply from 192.168.1.92: Destination host unreachable.
    Reply from 192.168.1.92: Destination host unreachable.

    Ping statistics for 169.254.0.254:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),


    Alfred
     
  89. danholme

    danholme LI Guru Member

    Checking in

    It's been a couple of weeks since this thread saw any love. Has anyone found out how to successfully get Vista to connect using QuickVPNPlus? Still not able to ping, once connected (or do anything else, obviously).
     
  90. jeffspicolie

    jeffspicolie LI Guru Member

    Disco!!!

    This was posted on the forums at linksys.com

    here:
    http://forums.linksys.com/linksys/board/message?board.id=Wired_Routers&thread.id=8563

    JS :)
     
  91. manuelk

    manuelk LI Guru Member

    What am I getting wrong?

    C:\Users\Manu\Desktop\QuickVPNPlus>QuickVPNplus.exe -u xxx -p xxx -r x.x.x.x -i 60443 -c any -v
    QuickVPNplus ver: 1.0.6
    Flags: 0 (0x0)
    OSver: 6.0
    [T] Figuring out local interface.

    [T] ipADD 10.129.16.250
    [T] defGW 0.0.0.0
    [T] match found - I am done here.
    [T] interface type: 23

    Local ip address: 10.129.16.250

    Requesting configuration data from x.x.x.x ...
    [T] Uri: https://xxx:xxx@x.x.x.x:60443/StartConnection.htm?version=1?
    IP=10.129.16.250?PASSWD=xxx?USER=xxx

    using WinInet
    [W] Authorization 12029 - Die Serververbindung konnte nicht hergestellt werden.

    [T] HttpQueryInfo 0
    [E] HttpSendRequest 12029 - Die Serververbindung konnte nicht hergestellt werden
    .

    QuickVPNplus could not obtain configuration data - bailing out.

    Using UMTS direct connection
    can ping the wan of the router!

    thx
     
  92. dmcheng

    dmcheng LI Guru Member

    I'm trying QuickVPNplus 1.0.6 and I'm getting the three "request timed out" errors at the end of the process. From what I've read, that points to a problem with IPSec passthrough on my local router (Netgear WRT614v6).

    *However*, I am also using VPN Tracker and The Greenbow VPN clients successfully through my local router, and both of these clients use IPSec.

    So my question is: are the IPSec implementations different between QuickVPNPlus and the other two? Is the problem really in IPSec passthru on my local router?

    Thanks
    David
     
  93. aneij

    aneij LI Guru Member

    Quickvpn (QuickVPNPlus) not connected

    Sorry for you all, I don't have a solution so far for you but a problem in getting connected Quickvpn/+ to my internal network from outside (Internet).
    I tried several things and today I found QuickVPNPlus. This gives some logging and maybe someone can help me.

    The situation: A linksys WRV200 router with cable internet connection.
    Internal networkaddress of router 192.168.10.1
    Outside: a dial-in connection which gave me ip address 212.189.13.239

    The client is an XP machine with the ipseccmd tool installed. No firewall etc.
    Also the QuickVPN solution from linksys is not working...

    firmware: 1.0.32.2ETSI
    client: 1.0.0.39

    Question 1: does someone can assist me with understanding/solving following output (see below)

    Question 2: Do you only have to define a user for QVPN or also define tunnels?

    Question3: Do you have to set special firewall settings on the router side?

    Output from Quickvpnplus:
    D:\linksys>quickvpnplus -u USER -p PASSWD -r 24.132.xx.yy -i60443 -v
    QuickVPNplus ver: 1.0.6
    Flags: 0 (0x0)
    OSver: 5.1
    [T] Figuring out local interface.

    [T] ipADD 212.189.13.239
    [T] defGW 212.189.13.239
    [T] match found - I am done here.
    [T] interface type: 23

    Local ip address: 212.189.13.239

    Requesting configuration data from 24.132.xx.yy ...
    [T] Uri: https://USER:PASSWD0@24.132.xx.yy:60443/StartConnection.htm?version=1
    ?IP=212.189.13.239?PASSWD=PASSWD?USER=USER

    using WinInet
    [W] Authorization 12029 - A connection with the server could not be established

    [T] HttpQueryInfo 0
    [E] HttpSendRequest 12029 - A connection with the server could not be establishe
    d

    QuickVPNplus could not obtain configuration data - bailing out.


    Please Advice,
    ANEIJ
     
  94. pjberr

    pjberr Guest

    Have a similar problem connecting with QVPlus to an RV082 (FW 1.3.5)

    Here is the output from quickvpnplus:

    C:\Program Files\Linksys>quickvpnplus.exe -f configresdim.xml -v
    QuickVPNplus ver: 1.0.6
    Flags: 0 (0x0)
    OSver: 6.0
    Local ip address: 192.168.0.52

    Requesting configuration data from xxx.xxx.xxx.xxx...
    [T] Uri: https://user:password@xxx.xxx.xxx.xxx:443/StartConnection.
    tm?version=1?IP=192.168.0.52?PASSWD=password?USER=user

    using WinInet
    [W] Authorization 12045 - The certificate authority is invalid or incorrect

    SSLsrvCert: xx:xx:xx:xx:xx:xx RV082 "Cisco-Linksys, LLC" US Irvine California
    [E] invalid SSL server certificate.
    QuickVPNplus could not obtain configuration data - bailing out.

    C:\Program Files\Linksys>

    The certificate is referenced in the config.xml file and is generated by the router RV082 and located in the same directory with quickvpn.exe Am I missing something? Clueless
     
  95. dannyray999

    dannyray999 Guest

    QuickVPN Plus HELP

    I am about to go crazy with QuickVPN Sometime it works and sometime it doesn't work. I downloaded your QuickVPN Plus in hopes of keeping my cool.

    When I execute the quickvpnplus.exe in get a dos window and at the end of the text it tells me to click any key to continue when I do it goes away and nothing happens. Please help what am I doing wrong>
     
  96. Toxic

    Toxic Administrator Staff Member

    qvpnplus is a command line application and not a windows point and click app, if you look at this thread you will see a number of examples.

    Also reading the readme.txt file within the archive may help :)
     
  97. gbroache

    gbroache Guest

    RVS4000 - Negotiating IP Security

    I've seen several references to this in the thread yet I have not seen a resolution to the (4) Negotiating IP Security messages that occur when I try to connect. The connection appears on-line yet I cannot connect. This is consistent with prior messages in this thread. Any suggestions? The message appears after the Activiating Tunnel . . . prompt.
     
  98. Hummercash

    Hummercash LI Guru Member

    C:\Documents and Settings\Admin>QuickVPNplus -u USER -p PASS -r ROUTERIP -F 2 -v
    QuickVPNplus ver: 1.0.6
    Flags: 2 (0x2)
    OSver: 5.1
    [T] Figuring out local interface.

    [T] ipADD 172.17.0.139
    [T] defGW 172.17.0.254
    [T] match found - I am done here.
    [T] interface type: 6

    Local ip address: 172.17.0.139

    Requesting configuration data from ROUTERIP ...
    [T] Uri: https://USER:PASS@ROUTERIP:443/StartConnection.htm?version=1
    ?IP=172.17.0.139?PASSWD=PASS?USER=USER

    using WinHTTP
    SSLsrvCert: US CA Irvine Cisco-Linksys LLC SBS WRVS4400N
    [T] HTTP response: 200 - OK

    [T] Server response
    ---------------------------------
    version=1
    msgtype=configuration
    conn USER_rw_rw
    presharedkey=TwdVewcx3OWtyHE1VgD6
    rightsubnet=192.168.16.0/24
    dnsserver=192.168.16.253
    domain=linksys


    ---------------------------------
    LocalAddr: 172.17.0.139
    LocalMask: 255.255.255.255
    LocalSubnet: 172.17.0.139/255.255.255.255
    Presharedkey: TwdVewcx3OWtyHE1VgD6
    DNSserver: 192.168.16.253
    RemoteNet: 192.168.16.0
    RemoteMask: 255.255.255.0
    RemoteSubnet: 192.168.16.0/255.255.255.0

    Deactivating ipsec policy QuickVPNplus ...
    ipseccmd -w REG -p QuickVPNplus -y

    The command completed successfully.
    Removing ipsec policy QuickVPNplus ...
    ipseccmd -w REG -p QuickVPNplus -o

    The command completed successfully.
    Creating ipsec policy QuickVPNplus rule Host-RemoteNet ...

    ipseccmd -w REG -p QuickVPNplus -r Host-RemoteNet -t ROUTERIP -f 172.17.0.
    139/255.255.255.255=192.168.16.0/255.255.255.0 -n ESP[MD5,3DES]3600S/50000KPFS -
    a PRESHARE:"TwdVewcx3OWtyHE1VgD6" -lan -1p

    The command completed successfully.
    Creating ipsec policy QuickVPNplus rule RemoteNet-Host ...

    ipseccmd -w REG -p QuickVPNplus -r RemoteNet-Host -t 172.17.0.139 -f 192.168.16
    .0/255.255.255.0=172.17.0.139/255.255.255.255 -n ESP[MD5,3DES]3600S/50000KPFS -a
    PRESHARE:"TwdVewcx3OWtyHE1VgD6" -lan -1p

    The command completed successfully.
    Activating ipsec policy QuickVPNplus ...

    ipseccmd -w REG -p QuickVPNplus -x

    The command completed successfully.

    Configuration done.

    Activating tunnel...

    Pinging 192.168.16.253 with 32 bytes of data:

    Negotiating IP Security.
    Negotiating IP Security.
    Request timed out.
    Request timed out.

    Ping statistics for 192.168.16.253:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\Documents and Settings\Admin>



    so looking at that, the dnsserver and domain are wrong... is there any way to manually set those parameters??
     
  99. bekirdur

    bekirdur Guest

    vpn over vista

    Yes, I've been struggling about this issue because our customers are moving to Vista and they want to be able make Client VPN connections as they are used to while using XP. The connection type which our product (a UTM device) uses for VPN is IPSec VPN without L2TP. I tried it within advaced firewall thing, from network connections section and through netsh command set from command line which none of them worked.

    Here is what I did with netsh :
    netsh ipsec dynamic delete all
    netsh ipsec dynamic add qmpolicy name=ibekciGSA qmsecmethods="ESP[3DES,SHA1]:50000K/3600S"
    netsh ipsec dynamic add mmpolicy name=ibekciGSA mmsecmethods="3DES-SHA1-2"
    netsh ipsec dynamic add rule mmpolicy=ibekciGSA qmpolicy=ibekciGSA srcadd=192.168.174.51 dstaddr=90.1.5.0 dstmask=255.255.255.0 mirror=no conntype=lan psk=bekir tunneldstaddr=144.144.144.100


    It sounds so odd that it will start the tunnel when you try pinging the target after completing the configuration. However they say netsh is the correspondant of ipseccmd.

    On the other hand, there is a private software called The GreenBow VPN Client which seems a very successful one. On this one you do the configuration and you click "Open Tunnel" button and it really does it. Here is my question comes. Do you think we can understand what this program does in the background?
    By the way, I've checked netsh configuration and Windows Firewall with Extended Security section after the connection established, nothing comes up.

    I'd appreciate any help, thank you.
     
  100. wipeout

    wipeout Guest

    sslsrvcert issue

    I am havig the same problem with the certificate issue. I have downloaded the certificate from the wrv200 and it is in the same directory as quickvpnplus but I have not figured out how to referance it any help would be great

    Thanks,
    -ryan
     

Share This Page