1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN WRV54G and QuickVPN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by chuckboyer, Oct 2, 2004.

  1. chuckboyer

    chuckboyer Network Guru Member

    I posted this over on broadband reports as well. Hoping to get some answers soon.

    My business is running on Cox Communications and I'm having difficulty connecting the QuickVPN client to my WRV54G. Like many others I have been dissapointed in Linksys' tech support. I've followed all of their sugestions like turning off virus protection and all firewalls on the client and disabling the firewall and block anon requests on the WRV54G with no success. The only error I can find on the client is in the wget_error.txt file and is as follows:

    »https://[username]:*password*@[ipaddress]/Star..
    1?IP=[clientipaddress]?USER=[username]
    => `C://Program Files//Linksys//Linksys VPN
    Client//vpnserver.conf'
    Connecting to [ipaddress]:443... connected.
    HTTP request sent, awaiting response...
    10:19:11 ERROR -1: Malformed status line.

    Any help is appreciated.
     
  2. TazUk

    TazUk Network Guru Member

    You've added the user under Access Restrictions, VPN Client Access?

    Is the PC you testing with behind a router or gateway running NAT?
     
  3. chuckboyer

    chuckboyer Network Guru Member

    I did set up the users per Linksys article 1709. My client is behind a Linksys BEF11S4 which i assume is running NAT. I have seen references to NAT-T not working but wasn't positive that this was my problem.
     
  4. TazUk

    TazUk Network Guru Member

    It's the most likely reason.

    If the PC has a 192.168.x.x IP address then the router is using NAT ;)
     
  5. gaogi

    gaogi Network Guru Member

    I don't think NAT-T is a problem here, since the QVPN is designed specifically for connecting behind a NAT. Why else would they change your subnet to something other than 192.168.x.x to "avoid conflicts"?

    With that said, I would look into whether or not Cox is blocking incoming port 443. Since the WRV54G is using https for user authentication, and incoming port 443 traffic MAY be blocked by Cox, since they block incoming port 80 traffic.
     
  6. chuckboyer

    chuckboyer Network Guru Member

    I spoke to a Cox tier 2 tech last week. They don't block any specific ports or protocols. We are on their business service.

    The linksys tech support has since refered my issue up to their tier 2 support after I sent my log files and such into them.

    Hopefully they will figure out what the problem is. I have since changed my strategy and I'm trying to implement ISA server with a WRT54GS, but that is also proving difficult. Started with the WRV54G but sinced switched to the WRT54GS. Seems as if both the WRV54G and the WRT54GS do not handle GRE properly. I'm contemplating changing the firmware to one produced by WiFi-box to get it to work but am hesitant on switching to a non supported (my perception, with limited research) firmware.

    If anyone has experience with running the WiFi-box firmwares in a production (business envrionment, not your house where connectivity is essential) I would like to hear opinions.

    Thanks everyone!
     
  7. baclimon

    baclimon Network Guru Member

    Same Problem

    I have the same problem and have tried from different ISP's. I have spent hours. A plea for help!

    »https://[username]:*password*@[ipaddress]/Star..
    1?IP=[clientipaddress]?USER=[username]
    => `C://Program Files//Linksys//Linksys VPN
    Client//vpnserver.conf'
    Connecting to [ipaddress]:443... connected.
    HTTP request sent, awaiting response...
    10:19:11 ERROR -1: Malformed status line.
     
  8. chuckboyer

    chuckboyer Network Guru Member

    Call linksys support. Ask for tier 2 support right away and explain that you know of other users waiting for a tier 2 support response on the same issue. Not sure if that will get you anywhere but it is worth a shot.
     
  9. TazUk

    TazUk Network Guru Member

    Have you actually tried it?

    It works fine for me with a PC directly connected to the cable modem but not behind a NAT enabled router, a Linksys BEFSR41 in this case. SSH Sentinel exhibits the same problem although it works fine connecting to a BEFVP41 behind the BEFSR41. When you run a diagnostic in SSH Sentinel it says NAT-T is not enabled.
     
  10. baclimon

    baclimon Network Guru Member

    Linksys Support

    Im on the phone with Linksys support. Hope they help :(
     
  11. gaogi

    gaogi Network Guru Member

    Yes, I have tried connecting behind a WRT54G and have no problems.
     
  12. baclimon

    baclimon Network Guru Member

    PROBLEM FIXED

    After days of troubleshooting I have found the resolution

    Call Linksys and request the beta firmware version

    WRV54G_2_32_2.rmt


    It fixed it !!!!!!!!!!!!!!!1
     
  13. TazUk

    TazUk Network Guru Member

    We're discussing connecting to a WRG54G from behind another NAT enabled router :wink:

    Which router where you connecting to, from behind the WRG54G?
     
  14. TazUk

    TazUk Network Guru Member

    Re: PROBLEM FIXED

    Uhm the most recent version on their site is 2.36, the one you've been given appears to be older than that :?
     
  15. baclimon

    baclimon Network Guru Member

    Version

    It does appear to be older but it is a beta one (it is newer) I notice some newer features within the web interface.

    Also I have tried it behind a microsoft,netgear, and cisco router. All work.
     
  16. gaogi

    gaogi Network Guru Member

    I'm assuming you mean WRV54G, and not WRG54G. I am connecting using the following:

    QVPN--> WRT54G-->Internet-->WRV54G

    Is this what we're talking about?
     
  17. baclimon

    baclimon Network Guru Member

    typo

    Yes that was a typo WRV54G

    QPN--><Random Router>Internet--->WRV54G



    I have tried it with most consumer/small business routers
     
  18. TazUk

    TazUk Network Guru Member

    Yep that's what I meant :oops:

    So what firmware version are you using Gaogi?
     
  19. JustDa25

    JustDa25 Network Guru Member

    Can somebody put the
    WRV54G_2_32_2.rmt
    firmware downloadable?

    I've e-mailed Linksys but get no reaction....
     
  20. baclimon

    baclimon Network Guru Member

    Download

    Ill post it tonight
     
  21. baclimon

    baclimon Network Guru Member

  22. JustDa25

    JustDa25 Network Guru Member

    :wink: thanks man!

    I hope it will work... I'am behind a Unex IS050s router (IP-sec passtrough enabled). I'll try it tomorrow.

    Linksys also give reaction with a 2 page story to make a tunnel the old fashion way. They don't get it, I want QuickVPN. Simple as that... 8)
     
  23. Rex8u1

    Rex8u1 Guest

    Help - I loaded the "beta" "WRC54G_2_32_.zip" version of firmware onto my WRV54G - When I have the remote QuickjVPN software establish the tunnell - I still get the same problem - "veryfying network" - hangs - then times out - I can see in the WRC54G status screen the VPN client is "active" -
    I have a remote client running XP SP2, behind a Linksys BEFVP41 -
    on a dynamic IP verizon DSL - any help would be appreciated
     
  24. vze3g4vm

    vze3g4vm Guest

    I've been reading this post, and I just downloaded the v2.32 .zip file. I can't believe I'll have to go back 4 releases to get QuickVPN software to connect. I'm glad to see that Rex8u1 has already tried v2.32 with out any success, so that will save me some work tonight.

    The problem that I'm having with connecting is as follows from the contents of the wget_error.txt file, when running with firmware v2.36:

    --13:46:12-- https://<vpnuser>:*password*@<ipaddr>/StartConnection.htm?version=1?IP=<ipaddr>?USER=<username>
    => `C://Program Files//Linksys//Linksys VPN Client//vpnserver.conf'
    Connecting to <ipaddr>:443... failed: No such file or directory.
    Giving up.

    It seems to be failing because the contents of the vpnserver.conf file is empty. I can't find any documentation on what should be in this file.

    Does anybody have a clue??

    I've been waiting for a response from Linksys, and no reply yet.

    I would appreciate if someone could post what their vpnserver.conf looks llike.

    Thanks
     
  25. TazUk

    TazUk Network Guru Member

    If they've got a BEFVP41 why are you using the QuickVPN client? Why not setup a VPN link from the BEFVP41 to the WRV54G :)
     
  26. TazUk

    TazUk Network Guru Member

    Tried the 2.32 firmware but still can't connect from behind a router, either with the QuickVPN client or SSH Sentinel :(
     
  27. TazUk

    TazUk Network Guru Member

    Re: Version

    Which ones, as I can't see anything that isn't in the 2.36 firmware :?
     
  28. cyberpsych1

    cyberpsych1 Network Guru Member

    I've got a WRV54G router and believe it or not it will run with 2.36 (maybe even 2.21). BTW, I had Linksys email me firmware 2.36.5. recently.

    Here's the things I had to do to stabilize before I could even use the damn thing:

    1) Set MTU to manual and max it out at 1500
    2) Disable UPNP

    Next:

    1) Disable PPTP, L2TP, IPSEC Passthrough
    2 Disable VPN Tunnel, VPN Gateway, Keymanagement, and PFS
    3) Disable all forwarded ports that pertain to VPN (e.g. 1723, 1701, 500, 4500)
    4) Disable XP firewall if you have it
    5) Allow access through 3rd party software firewall if you use one on your computer

    Not that I'm an expert, but someone else enlightened me to these facts and I have no problem using quickvpn now. Quickvpn will make its own secure tunnel with the WRV54G. Just make sure whatever router the quickvpn connects through has "pass through" enabled. The downside to this connection is a problem with prot 443 being visible. Other than that, quickvpn works great.

    Just remember that the WRV54G is an endpoint router and needs to connect to another endpoint router (or endpoint vpn software) if you want to connect via tunnels.
     
  29. shaythai

    shaythai Network Guru Member

    Firmware

    Any chance we can get that firmware in the download section. I have tried 3 times to get them to send me the new firmware with no success.

     
  30. JustDa25

    JustDa25 Network Guru Member

    It still won't work. Even when i try to make connection from a client with a modem. So i think the router and modem is the problem.

    This is the setup:

    ISP
    adsl fast by xs4all/kpn mxstream

    MODEM
    Thomson Speedtouch 510i
    configured transparant with PPTP (to get the WAN-ip on the router)
    (standard it was configured in routed PPPoA mode)

    ROUTER
    Linksys WRV54G
    firmware 2.36
    internet setup PPTP
    quickvpn enabled
    settings are applied as told at this topic (disable VPN passtrough etc.)

    ---------

    QUICKVPN
    error message:

    »https://[username]:*password*@[ipaddress]/Star..
    1?IP=[clientipaddress]?USER=[username]
    => `C://Program Files//Linksys//Linksys VPN
    Client//vpnserver.conf'
    Connecting to [ipaddress]:443... connected.
    HTTP request sent, awaiting response...
    10:19:11 ERROR -1: Malformed status line.

    ----------

    I have never made a succesfull working QuickVPN connection. Does anybody have clue?? How can i make it work?
     
  31. TazUk

    TazUk Network Guru Member

    Does the WRV54G have a public IP or is the Thomson Speedtouch performing NAT?
     
  32. Vinnan

    Vinnan Network Guru Member

    Try it using a direct connection without a nat

    try to connectto the Vpn using a direct connection with the public Ip address
     
  33. JustDa25

    JustDa25 Network Guru Member

    The WRV54G have the public IP. It's makes a PPTP connection with the modem. The modem acts transparant. look here
    http://www.webblernet.nl/routers/linksys/

    I tried to make connection with client with a public ip (dial-in, cable). All no succes.
     
  34. TazUk

    TazUk Network Guru Member

    Well that link shows a screenshot from a different Linksys router, probably a BEFSR41, it also has a private IP address set on the WAN side :?

    The Thomson Speedtouch 510i is actually a router rather than a modem ;)

    Can you post back the IP addresses of both boxes, leaving off the last octect for security reasons.
     
  35. JustDa25

    JustDa25 Network Guru Member

    I know that it is an other router. But my config is the same.

    This is my status from my WRV54G router

    Software Version: 2.36
    System Up Time: 25:07:11

    WAN Connections
    Network Access : PPTP
    WAN IP Address: 82.92.xxx.xxx
    Subnet Mask: 255.0.0.0
    Default Gateway: 195.190.249.12
    DNS: 194.109.104.104
    194.109.6.66

    It is not possible to make the network access PPPoE because in the Netherlands we use PPPoA. So far is i know i only get the WAN IP with PPTP.

    So my modem does only have local ip's (no wan ip) but does do the dail-in. My router have the wan ip with the PPTP method.
     
  36. TazUk

    TazUk Network Guru Member

    That doesn't make much sense :? As I've mentioned before the Thomson Speedtouch 510i is an ADSL router not a modem. If it's making the internet connection for you surely it must have a public IP?

    How many IP addresses does your ISP assign to you, if it's more than one then the configuration should be that the Speedtouch has the first address as it's LAN address. The WRV54G then would have the second address, with it's default gateway pointing to the first. You would not need PPTP or anything else as it's the Speedtouch doing the actual ADSL connection. The Speedtough would be setup with PPPoA, or whatever settings your ISP requires.
     
  37. chuckboyer

    chuckboyer Network Guru Member

    Updated to firmware 2.37

    Well, the saga continues. I just updated the firmware to 2.37 and did an isolated test. Here was my setup: Win2k -> BEFW11S2 ->WRV54G->Win2k3. This isolated test was successful and I was able to browse the filesystem on the win2k3 machine. I then installed the WRV54G and tried a production test WinXPHome -> WRT54G -><internet>->WRV54G and I get the same error of malformed status line. I turned off all virus protection and firewalls on the xp machine and got the same error. I looked at the vpnserver.conf file and it was blank.

    Anyone out there with some ideas?

    Thanks.
     
  38. gaogi

    gaogi Network Guru Member

    ERROR -1 Malformed Status Line

    If you're getting the malformed status line error:

    Check to see that the domain field on the WRV54G is not over 17 characters long, and not blank. If it's >17 characters, shorten it, if it's blank, fill in something <17 characters. That should solve your problems.
     
  39. chuckboyer

    chuckboyer Network Guru Member

    Connects now but can't connect to severs by machine name.

    Excellent gaogi! That fixed the connection problem. Now I have some follow up questions.

    I can browse the office network via ip address, but how do I browse it via machine name? I'm running active directory at the office, do I need to configure my home pc to hit that dns server to resolve the names on the office network?

    Thanks!
     
  40. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    Re: Connects now but can't connect to severs by machine name

    Which domain field is that? The one in the WAN setup page labelled "Domain Name" or another one?

    Thanks,

    Eric
     
  41. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    Re: ERROR -1 Malformed Status Line

    Which "domain" field were you talking about in your post where you said it must be no longer than 17 characters?

    I have had the QuickVPN working...at least temporarily. It hangs in the "Verifying Network" stage and I am even able to ping inside hosts at my home network without the status turning green. Go figure. Interestingly enough, I did a sniffer trace of the whole negotiation (IKE Phase I and IKE Phase II) on a dialup connection and it looks pretty complete. I'm even sending data bi-directionally through the VPN as I said but it never "shows" as complete.

    Hmmmmmmm...

    /eric
     
  42. MonkeyFish

    MonkeyFish Guest

    I Have exactly the same problem. Does anyone have a fix for this?
     
  43. netjustin

    netjustin Guest

    off topic question

    Anyone opened the MMC snap-in c:\program files\linksys\linksys vpn client\IPSec.msc manually, by double clicking it? It looks just like a Windows 2K SECPOL.MSC file, but all in German. It also matches the values in my SECPOL.MSC, which, after installing QuickVPN, appear to reflect the instructions in the WRV manual. All under the name "FreeSwan".
     
  44. gaogi

    gaogi Network Guru Member

    Re: ERROR -1 Malformed Status Line

    The Domain field in the WRV54G's web-based utility. Log in to the WRV54G's webpage, on the very first page (Basic Setup), there is a field for Host name and Domain name. The Domain name must not be blank.
     
  45. gaogi

    gaogi Network Guru Member

    Re: Connects now but can't connect to severs by machine name

    Your home PC will inherit the address of the remote router and add that as one of its DNS servers (Check this by doing a ipconfig /all after the connection is up. You should see the remote WRV54G's address added as one of your DNS servers). If you're not using the WRV54G on the remote side to serve out DHCP address, you probably won't be able to browse by machine name.

    If you are, log in to the remote router's web GUI, go to Status -> Local Network and click on DHCP Client Table. The computer name associated with the address will be the names that the DNS server will resolve.
     
  46. Dhoom

    Dhoom Network Guru Member

    Regarding WRV54G

    Dear Chuckboyer,

    Regarding to your problem connecting the QuickVPN client to my WRV54G, u get message wget_error.txt file and some other things.What i suggest is callup linksys tech support and get your devices re-configured from scratch cause this problem is related to that

    Cheers
     
  47. chuckboyer

    chuckboyer Network Guru Member

    I was able to get by the errors and I'm now able to connect to the remote network. My DHCP server is my linksys router *.*.*.1, but I'm running internal DNS services under active directory on *.*.*.20. I've even tried setting the primary DNS on the Basic Setup Tab to my internal *.*.*.20 address, but that doesn't seem to work either.

    After connecting I ran an ipconfig /all and i see my *.*.*.1 address listed as the first DNS Server, but I'm still unable to resolve any machines on the remote network by name.


    Any other suggestions?

    Thanks.
     

Share This Page