1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV082 VPN Issue (HELP PLEASE)!!!!!!

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by nanohertz, Mar 30, 2007.

  1. nanohertz

    nanohertz LI Guru Member

    I have the Linksys RV082 router with the most recent firmware upgrade. My problem is as follows. I've created a vpn user, and I can connect remotely with the QuickVPN client from my laptop, I can access all my systems, network shares, etc. only when I connect remotely utilizing a comcast connection, DSL connection, or the occasional unsecured wap I can connect successfully via QuickVPN to my home network. Now the problem....when I attempt to connect to my home network from work it fails, that's fine because I know for a fact that VPN from my work doesn't work because of firewall rules, but when I attempt to connect via T-Mobiles network it fails also, the error received is "The remote gateway has stop responding,etc, etc", and then I get completely disconnected. The connection completes the following steps:

    ID+password
    Activating Policy
    Provisioning

    Then it hangs on "verifying network", then eventually disconnects with the above mentioned error.The strange thing is that it actually connects when I look at the vpn connection for the user that I'm signing on as, but the connection never completes and dies on the "verifying network" phase. I've spoke with Tmobile tier 3 support regarding this issue, and the short end of it is that they couldn't help me, and they said that they are not blocking anything on their network that would account for the error that I'm getting. This has been an issue for me for months, is there a config on the router, or on my laptop that I'm missing or can set that would remedy this issue or am I just stuck....
     
  2. ifican

    ifican Network Guru Member

    I believe that is an error generated because you are behind a nat device that does not use Nat-T or does not use it correctly. I had that same issue in the early days of playing with quickvpn when i was sitting behind a cisco pix. The best thing you can do for yourself at the moment is look at the logs on your router and see what it says. Post them if you need too, I have a feeling its ike phase 2 related but i dont remember for sure. So check your logs and let me know. As a note you know everything is configured correctly as it works, so its definitely something in t-mobiles network. An after thought is, i believe t-mobile uses consumer routers to offer service, and if vpn passthrough is not enable or someone has recently connected to a vpn, your connection also will not work. Let us know and we can go from there.
     
  3. aviegas

    aviegas Network Guru Member

    I'm not a T-mobile user but I know that many cell providers use RFC1819 addresses (private ranges), so it means that you are behind a NAT router, that may not support ESP (IPSec) traffic.

    NAT and IPSec do not always combine. Home/SOHO routers that support VPN passthru usually handle it with limitations such as a single user at a time. Why? Because ESP/AH (IPSec) traffic does not use


    This protocol limitation is what makes large networks (such as the one of a cell provider) with private address not to allow VPN passthru to the Internet.

    When I'm using my cell provider I resort to SSH to connect to either home or work. Not as simple and straight forward to use, but does the job most of the time.
     
  4. nanohertz

    nanohertz LI Guru Member

    Still confused???????

    Thanks guys for your input, the thing that really bothers me about this whole situation is that Tmobile in fact supports utilizing the T-mobile Dash cell phone as a modem to connect to your vpn network, it even has a vpn option built into the phone and it has the capability to utilize either ipsec/l2tp or pptp as your connection method, but when I attempt to connect via the Quick vpn app it actually connects but I can't ping anything, connect, or verify anything on my home network, but the router says that I'm online in the vpn status menu for that user.......The following are excerpts from my vpn log...Where ?? are, that would be my router IP obviously.....

    Mar 30 18:45:57 2007 VPN Log Initial Main Mode message received on ??.??.??.?? :500 but no connection has been authorized. Please check your tunnel endpoint (gateway) setting

    Mar 30 18:45:57 2007 VPN Log Dynamic VPN client in Main Mode is only supported for Microsoft VPN client, please use Aggressive mode instead.

    Mar 30 18:46:49 2007 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02_n]

    These messages are scrolled several times until I end the quickvpn client software via taskmgr on the laptop. The second excerpt appears to be suggested that I can only connect via ipsec/l2tp or pptp through a local vpn authentication server only.....
     
  5. ifican

    ifican Network Guru Member

    It appears that your router is not authenticating the connection prior to receiving phase 1 negotiation. I have no doubt that t-mobile works the way they say they do as per your description, but what i dont think is being taken into account here is QuickVPN works more like an SSL vpn in combination with ipsec. I believe if it was a strictly ipsec vpn it would probably work. To test this, set up a pptp vpn to your rv082 and then set it up on your laptop, i bet if you go that route everything will work just fine.
     
  6. Toxic

    Toxic Administrator Staff Member

    can you confirm you have https enabled on the firewall page? this is needed for QVPN to work on the RV0xx series.
     
  7. aviegas

    aviegas Network Guru Member

    It really sounds like for some reason QuickVPN is not authenticating.

    Try testing the authentication manually. When connected thru T-Mobile, enter the following URL from any Browser:

    Code:
    https://*user*:*password*@*router_addr*:*port*/StartConnection.htm?version=1?IP=*client_ip*?PASSWD=*password*?USER=*user*
    
    Where: *user*, *password* are the QuickVPM user and password
    *router_addr* either the IP address of DNS name of the router
    *port* can be either 443 or 60443 - try both
    *client_ip* is the LAN IP address of the client
     
  8. nanohertz

    nanohertz LI Guru Member

    ifican: Thanks for the input, but I don't completely trust pptp.
    Toxic: Https is enabled.
    Aviegas: I will try your suggestion this evening.

    All: I'm an rs6k guy, but I do have a good understanding of networking, and IP, maybe not as much as the guys on this forum, but could any of you recommend any definitive sources on setting up and configuring an ipsec/lt2p vpn connection utilizing the rv082 router and client(laptop). Thanks in advance.
     
  9. aviegas

    aviegas Network Guru Member

    RV0xx routers do not support L2TP, so the combination you are looking for will not work. You can use a 3rd party IPSec/IKE client or Linksys QuickVPN (if you are not running Vista).
     
  10. nanohertz

    nanohertz LI Guru Member

    rv082 does appear to support L2TP, am I missing something here.

    IPSec Pass Through : Enable Disable
    PPTP Pass Through : Enable Disable
    L2TP Pass Through : Enable Disable
     
  11. aviegas

    aviegas Network Guru Member

    L2TP pass through, meaning that a L2TP can be behind its NAT firewall. It does not allow a L2TP client to connect.
    RV0xx routers allow pure IPSec and PPTP clients only.
     

Share This Page