VPN help with XP WAG54 v2

Discussion in 'Other Linksys Equipment' started by Rippo, Jun 28, 2005.

  1. Rippo

    Rippo Guest

    Is there any FAQ's regarding on how one sets up a VPN using the default windows XP VPN software?

    Does any one have any docs that I can read?

    I have a WAG54v2 with Firmware Version: 1.00.19

    Thanks for your help
  2. DocLarge

    DocLarge Super Moderator Staff Member Member


    I haven't seen too many people make a connection to a linksys router using the xp vpn client, however if you're interested in using a third party client like the "greenbow vpn client," I could show that to you...

  3. macjoost

    macjoost Network Guru Member


    Doc, can you post your settings: Linksys & client side?

    I've been trying to setup a road warrior vpn connection to my WAG54Gv2 with MacOS X. No luck with either firmware 1.00.19 or 1.01.01.

    I'm new to VPN and since I haven't been able to find any hints on this forum or the internet it's difficult to find what the problem is...
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    Greenbow VPN Setup Guide For WRV54G (As Requested)


    Use version 2.50 of the greenbow client by the way. Also, third party vpn clients "will not" connect to a WRV54G if you are connecting from behind another WRV54G; you will have to make a "direct connection" (computer to modem) to connect. Linksys devices that do not have this NAT-T problem when "hosting" VPN tunnels are the WAG54G ADSL Gateway (sold over here in England and Europe) which supports 5 IPSEC tunnels, the BEFVP41, which supports 50 IPSEC tunnels, and the BEFSX41, which supports 2 IPSEC tunnels. If you want to make a secure vpn connection from one WRV54G, you'll need to use the Linksys Quickvpn client.

    Below is a baseline example to get started.

    Phase I (Greenbow VPN Client):
    1) Tunnel: The name you use should be the same on the router you're connecting to
    2) Interface: leave it as an asterik.
    3) Remote gateway: The WAN address (ISP provided ip address) of the router you're trying to connect to obviously.
    4) Pre-shared key: Use a hexadecimal string beginning with 0x (i.e. 0x123456789 with most other routers); if you are connecting to a WRV54G, upper or lowercase words seem to work better (meagainstwhomever).
    5) Certificate: N/A
    6) Encryption: Use 3DES
    7) Authentication: SHA (the equivalent on the WRV54G is SHA1)
    8) Key Group: Set this to DH1024
    9) Save and apply settings.

    Phase II (Greenbow VPN Client):
    1) Tunnel Name: Same as Phase I
    2) Vpn client address:"Your" WAN ip address (provided to you by your ISP) if you are connecting directly to a modem; use the local LAN IP if you are behind a router that supports NAT-T (again, the WRV54G, right now, does not support this feature; use quickvpn instead).
    3) Address Type: Use Subnet address. Input the Remote LAN's local IP settings
    (i.e.) Local IP:
    4) Encryption: 3DES
    5) Authentication: SHA
    6) Mode: Tunnel
    7) PFS: Ensure this box is checked
    8) Group: The group should be dh1024
    9) Save and apply settings

    Additionally, make sure you set the "maximal lifetime settings" for encryption and authentication to "3600." You can do this by clicking on the "parameters" link.


    IPSEC: Enabled
    PPTP: Enabled
    L2TP: Disabled

    Tunnel Name: Same as Greenbow
    VPN Tunnel: Enabled
    VPN Gateway: Disabled

    Local Secure Group: Your local router settings. Either host or subnet work (I prefer subnet)

    Remote Secure Group: The router/client at the distant end. Either input the local LAN settings of the “remote†router/client by choosing the “Subnet†option or use “Any†to make your initial connection; I’d recommend using “Any†first (handles all incoming connections). Try using “Subnet†to specify connections (Local LAN IP and Subnet) after you get the hang of it. “Any†isn’t too secure but allows you to see the connection for the first time without breaking a sweat. Once you understand the configuration better, vary your configuration.

    Remote Secure Gateway: This is the WAN IP “or†the FQDN of the router/client that is going to be connecting to your WRV54G. My personal success comes from using “Any†and “FQDN.†Use FQDN if you have registered a dynamic dns name (you can do this at www.dyndns.org).

    Encryption and Authentication is 3DES and SHA1.

    Key Management: Auto(IKE) [Enabled]
    PFS: Enabled
    Pre Shared Key: Same as Greenbow
    Key Lifetime: Same as Greenbow

    Click “Advanced VPN Tunnel Setup:

    Phase I:

    Mode: Main
    Encryption: 3DES
    Authentication: SHA1
    Group: Same as Greenbow
    Key Lifetime: Same as Greenbow

    Phase II:

    Encryption: 3DES
    Authentication: SHA1
    PFS: Enabled
    Group: Same as Greenbow
    Key Lifetime: Same as Greenbow

    Under “Other Options,†check the “Netbios†option and leave all others blank, unless required.

    VERY IMPORTANT: Make sure all of your greenbow settings match your router settings and that the remote ip settings are different from your own!

    Just in case anyone new to this forum doesn't understand the difference between PPTP server settings and Linksys Quickvpn, the settings listed above for greenbow connectivity are "specifically" intended for use with the built-in pptp server that comes with the WRV54G (50 available tunnels). The Quickvpn client sets all of this up when it loads on the client computer. The only difference is quickvpn uses MD5 for authentication.

    Here are some brief examples to connect greenbow to the wrv54g:

    Config #1

    Local Secure Group: Subnet
    Remote Secure Group: Any
    Remote Secure Gateway: Any
    Config #2

    Local Secure Group: Host
    Remote Secure Group: Host
    Remote Secure Gateway: FQDN

    These greenbow settings work with the RV0XX series routers also, although some settings may vary on the client side. Hell, some settings may vary altogether, but you'll get some satisfaction out of this.

  5. macjoost

    macjoost Network Guru Member

    Got the vpn working now using your greenbow settings using MacOS X and IPSecurtias !
    Thanks !
  6. DocLarge

    DocLarge Super Moderator Staff Member Member

    Glad to help...

    I'm jus doing the damn thing!!!

  7. patch1

    patch1 Guest

    get PAYLOAD_MALFORMED error when open tunnel with greenbow

    Have followed your set up in this thread -set up greenbow client - for wag54g - when try to open tunnel - get PAYLOAD MALFORMED error. have checked setup at both ends - looks OK. Any ideas? log is below, and I have tried to attach screen shots of setup but keep getting upload error - let me know if you need it. thanks John
    100525 Default (SA PatchTunnel-P1) SEND phase 1 Main Mode [SA] [VID] [VID] [VID]
    100526 Default (SA PatchTunnel-P1) RECV phase 1 Main Mode [SA]
    100526 Default (SA PatchTunnel-P1) SEND phase 1 Main Mode [KEY_EXCH] [NONCE]
    100526 Default (SA PatchTunnel-P1) RECV phase 1 Main Mode [KEY_EXCH] [NONCE]
    100526 Default (SA PatchTunnel-P1) SEND phase 1 Main Mode [HASH] [ID]
    100526 Default (SA PatchTunnel-P1) RECV phase 1 Main Mode [NOTIFY]
    100526 Default exchange_run: exchange_validate failed
    100526 Default dropped message from due to notification type PAYLOAD_MALFORMED
    100526 Default SEND Informational [NOTIFY] with PAYLOAD_MALFORMED error
  8. DocLarge

    DocLarge Super Moderator Staff Member Member

    Try setting the password on the client and the router to this:


    If that doesn't work, try this one:


    I think you're getting this error because the preshared key isn't translating between the two.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice