1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN PPTP setup ?

Discussion in 'Networking Issues' started by 2style, Jul 8, 2005.

  1. 2style

    2style Network Guru Member

    Hello to all,

    After having deeply searched to find a solution to my "simple" problem through newsgroup, FAQ, knowledgebase, I finally decided to post in this active forum.
    I have a WRT54G router, with the last official firmware (v4.00.7)
    My ISP provided me the cable modem device (Terayon 700x series), and I need to connect to Internet through a PPTP VPN connection : I have a login, password and the IP address of the VPN server.

    I thought to make the WRT54G router the VPN PPTP client but
    how I can configure it ? When I select PPTP in the basic setup, I can set the username, the password, but where I can set the IP address of my VPN server ?

    For information, when I connect my laptop directly to the ISP cable modem, I connect Internet perfectly through PTP VPN client of Windows XP using login, password and VPN IP adress. (the same if I use WRT54G as a gateway and Automatic Configuration DHCP, this is working fine)

    Thanks for any help.
    Patrick
     
  2. alesk

    alesk Network Guru Member

    The same problem. :-(

    Any ideas?
     
  3. 2style

    2style Network Guru Member

    PPTP VPN Client

    I've tried to set the Alchemy firmware. However it proposes a PPTP VPN server feature but not the client. So no progress for me.. :(
    Using ICS (Internet Connection Sharing) is working for my LAN, but it is slow and silly to have a router and not use it ! the way I'm using the WRT54G is a mess.

    I hope there is a solution..

    Patrick
     
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    Greenbow VPN Client

    GREENBOW VPN SETUP GUIDE FOR WAG54G

    Use version 2.50 of the greenbow client by the way. You should be able to download a trial version from www.thegreenbow.com. Below is a baseline example to get started:

    Phase I (Greenbow VPN Client Setup):
    1) Tunnel: The name you use should be the same on the router you're connecting to
    2) Interface: leave it as an asterik.
    3) Remote gateway: The WAN address (ISP provided ip address) of the router you're trying to connect to obviously.
    4) Pre-shared key: Use a hexadecimal string beginning with 0x (i.e. 0x123456789 with most other routers); alternatively, you can try upper or lowercase words (meagainstwhomever).
    5) Certificate: N/A
    6) Encryption: Use 3DES
    7) Authentication: SHA (the equivalent on the WRV54G is SHA1)
    8) Key Group: Set this to DH1024
    9) Save and apply settings.

    Phase II (Greenbow VPN Client Setup):
    1) Tunnel Name: Same as Phase I
    2) Vpn client address:"Your" WAN ip address (provided to you by your ISP) if you are connecting directly to a modem; use the local LAN IP if you are behind a router that supports NAT-T
    3) Address Type: Use Subnet address. Input the Remote LAN's local IP settings
    (i.e.) Local IP: 192.168.1.5
    Subnet: 255.255.255.0
    4) Encryption: 3DES
    5) Authentication: SHA
    6) Mode: Tunnel
    7) PFS: Ensure this box is checked
    8) Group: The group should be dh1024
    9) Save and apply settings

    Additionally, make sure you set the "maximal lifetime settings" for encryption and authentication to "3600." You can do this by clicking on the "parameters" link.


    ON THE ROUTER (WAG54G)

    IPSEC: Enabled
    PPTP: Enabled
    L2TP: Disabled

    Tunnel Name: Same as Greenbow
    VPN Tunnel: Enabled


    Local Secure Group: Your local router settings. Either host or subnet work (I prefer subnet)

    Remote Secure Group: The router/client at the distant end. Either input the local LAN settings of the “remote†router/client by choosing the “Subnet†option or use “Any†to make your initial connection; I’d recommend using “Any†first (handles all incoming connections). Try using “Subnet†to specify connections (Local LAN IP and Subnet) after you get the hang of it. “Any†isn’t too secure but allows you to see the connection for the first time without breaking a sweat. Once you understand the configuration better, vary your configuration.

    Remote Secure Gateway: This is the WAN IP “or†the FQDN of the router/client that is going to be connecting to your WAG54G. My personal success comes from using “Any†and “FQDN.†Use FQDN if you have registered a dynamic dns name (you can do this at www.dyndns.org). Again, use "Any" first just to make your first connection, then specify as needed.

    Encryption and Authentication is 3DES and SHA1.

    Key Management: Auto(IKE) [Enabled]
    PFS: Enabled
    Pre Shared Key: Same as Greenbow
    Key Lifetime: Same as Greenbow


    Click “Advanced VPN Tunnel Setup:

    Phase I:

    Mode: Main
    Encryption: 3DES
    Authentication: SHA1
    Group: Same as Greenbow
    Key Lifetime: Same as Greenbow

    Phase II:

    Encryption: 3DES
    Authentication: SHA1
    PFS: Enabled
    Group: Same as Greenbow
    Key Lifetime: Same as Greenbow

    Under “Other Options,†check the “Netbios†option and leave all others blank, unless required.


    VERY IMPORTANT: Make sure all of your greenbow settings match your router settings and that the remote ip settings are different from your own!

    Once you’ve made the connection and you want to connect to a shared resource that you have rights to, open up windows explorer and click on “map a network drive.†After clicking on that, choose a driver letter and type the ip address of a computer you have rights to on that network. You would type the following: \\192.168.1.10\sharename
    Where you see sharename would be where you would substitute the name of a folder you have share permissions to access (i.e., \\192.168.1.10\vpn).

    Before you click finish, click on “connect as different user†because in order to connect, that local computer needs to have a username and password created on it so it recognizes who you are. When you click this link, you’ll be asked to type in a username and password that has rights to the machine. Click O.K., then click finish. The shared resource you’ve been given access to should pop up! If the account you‘re connecting to has the permissions set properly, you’re all good now!

    Here are some brief examples to connect greenbow to the WAG54G:

    Config #1

    Local Secure Group: Subnet
    Remote Secure Group: Any
    Remote Secure Gateway: Any
    Config #2

    Local Secure Group: Host
    Remote Secure Group: Host
    Remote Secure Gateway: FQDN


    This should be enough to get you guys started. If there are any problems, post them, and I'll try and help as much as possible...


    Doc
     
  5. alesk

    alesk Network Guru Member

    Re: Greenbow VPN Client

    Dear DocLarge,

    Greenbow VPN Client is NOT a solution.
    We discuss about configuring router itself as VPN-client, without additional software tricks at clients.

    So, I'l try to figure out problem in details.

    I have ethernet cable from my ISP, and static IP 10.10.x.x netmask 255.255.0.0 gateway 10.10.x.1. Using this settings I can access all my ISP's internal resources. To access internet I have to establish VPN (PPTP) connection to vpn.myips.com (over existing lan connection).

    Default WRT54GS firmware doesn't allow to configure this router as
    1) lan client with static IP
    2) vpn client over (1) with dynamic IP
    -- All at the same time.

    I think that only way to do it is to update firmware to one with telnet access and configure it manually.
     
  6. DocLarge

    DocLarge Super Moderator Staff Member Member

    Oops,

    so it seems. :) :)

    I've been answering so many vpn setup/client problems I got lost in my own train of thought...

    The newest Sveasoft "Talisman" firmware for the WRT54G(S) has a builtin IPSEC PPTP VPN Server. It picks up where the Alchemey line of firmware left off. I could never get the PPTP Server to work, mainly because I, like most folks, could not find any in-depth information on how to configure it from start to finish. So, I went and bought a WRV54G, and I've had reliable vpn ever since.

    Personal opinion: go ahead and get a real vpn router before you brick your WRT installing hacks. You can go to www.pagecomputers.com and get yourself a vpn router for a decent price.

    Just some food for thought : :

    Doc
     
  7. knight14th

    knight14th Network Guru Member

    Log in onto your wrt using ssh after you have set it to router-mode. than setup an username and passwort for pptp (you can use the pptpd config filed cause pptp client uses the same file /etc/ppp/chap-secret)

    Than simply call
    pptp <ipaddress> name <username> noauth defaultroute
    and
    route add default dev ppp0

    thants it
     
  8. 2style

    2style Network Guru Member

    I have tried your solution, but it does not work :

    1/ the directory /etc/ppp does not exist
    2/ the command "route add default dev ppp0" does not work , the route command ask following :
    BusyBox v1.00 (2005.04.21-17:30+0000) multi-call binary
    Usage: route [{add|del|delete}]
    Edit the kernel's routing tables.
    Options:
    -n Dont resolve names.
    -e Display other/more information.
    -A inet Select address family.


    I suppose that I have a good firmware : I have tried with Linksys Official 4.0.07, and also with Alchemy, but it is the same...

    Thanks for your help any way, but if you can detail your procedure, I would be very grateful

    Patrick
     
  9. knight14th

    knight14th Network Guru Member

    It works for me on my wrt running alchemy final 1.0.

    So here is what you have to do...
    make sure your router has an ip-address on the wan-port so it will be able to ping your isp's pptpd server. After this is done create a file /tmp/ppp/chap-secrets and write into it

    your_isp_username * "your_password" *

    Now simply call

    pptp <your isp pptpd server ip> name <your_isp_username> noauth

    wait some time and check using ifconfig if there is a ppp0 tunnel and whether it has an internet-ip. if so, add the default-route using

    route add default dev ppp0

    I've made it this way on my router and the connection to an externel pptpd server was successful.

    I don't know how to make a persisten script to make your router call pptp automaticly after reboot. also the /tmp/ppp/chap-secrets will be deleted after rebooting your wrt.

    Good luck!
     
  10. fienos

    fienos Guest

    I'm going to throw my 2 cents in here but I must confess I am not a VPN expert.

    From what I understand you are not having a problem connecting through vpn but once you've established a connection cannot do anything (connect to an ip address on the other side). If this is the problem then what I found works is to change the ip address on the WRT54G from 192.168.1.1 to 192.168.2.1 save the settings and reconnect. Don't forget to change your client ip's if your not using dhcp.

    Of course this assumes that the subnet on the other side is 192.168.1.1.

    Well I hope that helps.
     
  11. 2style

    2style Network Guru Member

    As the problem is not solved, I have contacted the Linksys support.
    Here is the exchange :

    Hi, my name is Sherwin G(14617). How may I help you?
    Patrick: Hello Sherwi, we have been cut. Could you help me for my connection ?
    Sherwin G(14617): I apologize for that...Youre setting up the vpn tunnel right?
    Patrick: Yes : I have a WRT54G router, with the last official firmware (v4.00.7)
    My ISP provided me the cable modem device (Terayon 700x series), and I need to connect to Internet through a PPTP VPN connection : I have a login, password and the IP address of the VPN server.

    I thought to make the WRT54G router the VPN PPTP client but
    how I can configure it ? When I select PPTP in the basic setup, I can set the username, the password, but where I can set the IP address of my VPN server ?

    For information, when I connect my laptop directly to the ISP cable modem, I connect Internet perfectly through PTP VPN client of Windows XP using login, password and VPN IP adress. (the same if I use WRT54G as a gateway and Automatic Configuration DHCP, this is working fine, but only one connection at the same time !)


    Sherwin G(14617): Technically, the router is only a pass through device when used for a vpn tunnel, we have opened some ports for vpn function already, right?
    Patrick: Yes, exactly, but the VPN client should be set on the computer, and ou mean it is impossible to have it directly on the router ?
    Sherwin G(14617): Can you go to the security tab > then vpn tab > what are the current settings there?
    Patrick: All the passthrough are enabled
    Patrick: (this was the default configuration)
    Sherwin G(14617): Ok, that seems to be the correct setting for vpn connections, in this case the configuration will be set on your computer, because the router is not a vpn router.
    Patrick: OK, Sherwin, then do you know how I can allow multiple computer to connect at the same time using the VPN windows XP connection ? Because as soone as one computer is connected, the others could not !
    Sherwin G(14617): When using the vpn tunnel on xp, it can only connect one at a time, you need a vpn router for that
    Patrick: OK, Linksys proposes some VPN routers?
    Sherwin G(14617): We have these vpn routers that I may suggest, BEFVP41 / WRV54G
    Patrick: OK thanks a lot Sherwin for your help


    So, :( I think there is no solution to my problem, and I will still continue to dedicate a computer , which makes the VPN connection, and shares the internet connection. WRT54G is only use to make a gateway, or later I will buy a vpn router.

    Thanks for your help
    Patrick
     

Share This Page