1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Same Ol' No VPN Connection RV082

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by digriz60, Sep 26, 2005.

  1. digriz60

    digriz60 Network Guru Member

    Yeah, I've read it all. Countless tragedies detailing sorrow, misery, gnashing of teeth and furrowing of brows. I am about to fustigate my router. But not without asking first.

    I have an isolated network in my company for testing purposes. It is connected to DSL with a WRT54GS. Behind a DMZ sits the nasty RV082 internally, behind which sits the small network. For security purposes, we want users to VPN in. I cannot make a successful connection using Quick VPN (I suspect this is a cruel Al Qaeda joke to keep us busy while they plot something). I COULD make a PPTP connection if I was using the WIRELESS connection to the WRT router, then PPTP to the public address of the RV082. The users won't be on the wireless, so that complicates things. All my testing has to be done w/out wireless, using the WRT's public internet address (Dynamic DNS registered, naturally). So, my thinking was, maybe I should just connect the RV082 to the DSL and eliminate one possibility. No dice, now I cannot connect in either way. I have MTU set for Auto on the RV. I am passing through all three VPN protocols. I have confirmed my username and pass for both Quick VPN and PPTP Server.

    Now, using the QuickVPN client, I read on the RV's logs the following errors:

    Sep 26 12:43:34 2005 VPN Log Ignoring Vendor ID payload [MS NT5
    ISAKMPOAKLEY 00000004]
    Sep 26 12:43:35 2005 VPN Log Ignoring Vendor ID payload
    [FRAGMENTATION]
    Sep 26 12:43:35 2005 VPN Log Ignoring Vendor ID payload
    [draft-ietf-ipsec-nat-t-ike-02_n]
    Sep 26 12:43:35 2005 VPN Log Ignoring Vendor ID payload
    [26244d38eddb61b3...]
    Sep 26 12:43:35 2005 VPN Log Initial Main Mode message received on
    192.168.1.10:500 but no connection has been authorized. Please check your tunnel endpoint (gateway) setting
    Sep 26 12:43:35 2005 VPN Log Dynamic VPN client in Main Mode is only
    supported for Microsoft VPN client, please use Aggressive mode instead.

    My sniffer shows CHECKSUM INCORRECT for my https session on my end.

    Now, using a packet sniffer for the PPTP connection (the RV inexplicably does not log PPTP connections..at leat, not mine) , I see the connection being made, SYNs and ACKs bounced about until my client kindly issues several PPP LCP Configuration Requests, which go rudely unanswered. Finally, in a huff of impatience, my client flips off the RV with a curt FIN, ACK to which the RV counters "Fine, I don't care, FIN ACK to you too" and they part their discontented ways.

    I have read the discussions here and elsewhere exhaustively, and it seems like the QuickVPN Client is difficult, testy and temperamental, and I have ineed had LESS success with that client. Basically its the same ol' getting to Network verification and leaving me hanging. No happy ending here. Any thoughts? Why would PPTP have worked connected through the wireless rather than going out our network and coming back into a DSL. Firewall you say? Well, my home client can't reach either, and a) connects to our regular network using a cisco client IPSEC with no problem and b) isn't behind our corporate firewall, it's coming in a DSL connection. QuickVPN works on nothing, nowhere. Not home, testing computer or my computer, and I made sure to strip off every little thing that might irritate the VPN like other VPN remenants because QuickVPN obviously has some jealousy issues.

    Can I manually make changes to Quick VPN? I know this is all based on Freeswan, and there is an ipsec.conf in the linksys directory for QuickVPN...

    Any thoughts? I'm getting on a deadline and I'm about to just send it back and go with a different manufacturer.
     
  2. Jahntassa

    Jahntassa Network Guru Member

    As far as i've read, you can't do anything to QuickVPN..

    Things i've noticed:

    You can't have Windows Firewall or ICS running, it will cause it to not work.

    QuickVPN does connect..but rejects the connection for...whatever reason...

    I haven't played with it too much, but I think i'll try to figure out non-quickVPN connections for mobile users to my RV042.. The Gateway-2-Gateway I have running is doing fine, however.

    I've had pretty good success with the WatchGuard SOHO6 as far as mobile users go, their MUVPN client is much more robust than QuickVPN.
     

Share This Page