1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WAG54G V2 with VPN from WinXP

Discussion in 'Other Linksys Equipment' started by Caz_M, Mar 21, 2006.

  1. Caz_M

    Caz_M Network Guru Member

    Hi Guys,

    Can you help me out with this problem I am having?

    At home I have a WAG54Gv2 with Firmware 1.01.27 installed (for the record I have tried this with 1.01.19 & 1.01.22 as well). I am trying to set up a VPN from my Laptop on a public IP address in the office to my home network.

    I have trawled the forums here and found a couple of solutions and given them a go, but nothing seems to be working.

    I have used the WinXP IPSec policy thing from the Linksys manual AND I have tried using The Greenbow VPN Client. I have tested with all firewalls switched off and every combination of on/off that you can imagine.

    I installed Ethereal to see if I could trace the problem, and now I know what the problem is, I am left scratching my head.

    The router is not responding in anyway to the request for a VPN handshake.

    The settings at both end of the tunnel are Identical - triple checked that - and the IP addresses are all correct.

    Has anyone else run into this? I am pretty sure that it's going to be a simple setting I have missed somewhere.

    Thanks Loads in anticipation
    Caroline

    PS: Yes - I am a girlie geek - sad huh?? :grin:


    Router Set up:

    IPSec Passthrough - Enabled
    PPPoE Passthrough - Disabled
    PPTP Passthrough - Enabled
    L2TP Passthrough - Disabled

    Select Tunnel Entry = 1 - <Name>
    IPSec VPN Tunnel = Enabled
    Tunnel Name = <Name>

    Local Secure Group = Subnet 192.168.1.0 / 255.255.255.0

    Local Security Gateway = PVC 1(ppp0)

    Local Identity Type = IP Addr

    Remote Security Group = ANY

    Remote Security Gateway = ANY

    Remote Identity Type = IP Addr

    Encryption = 3DES
    Authentication = MD5

    KeyManagement = Auto.(IKE)

    PFS = Enabled
    Pre-shared Key = <text string>
    Keylife time = 3600

    ADVANCED:
    Phase 1
    Operation Mode = Main

    Proposal 1
    Encryption = 3DES
    Authentication = MD5
    Group = 1024 bit
    Key Lifetime = 3600

    Phase 2
    Proposal 2
    Enc = 3DES
    Auth = MD5
    PFS = ON
    Group = 1024 bit
    Key Lifetime = 3600

    Nat Traversal = off
    NetBios Broadcast = off
    Anti-replay = off
    Keep Alive = off

    ********************

    Greenbow Settings (v3.10.005)

    Phase 1
    Name = Same as Router
    Interface = Any
    Remote Gateway = Public IP on Router at home
    Preshared key = same as router
    Enc = 3DES
    Auth = MD5
    Key Group = DH1024


    Phase 2
    Name = same as router
    VPN CLient Address = (Public) IP Address of Laptop
    Address Type = Subnet
    Remote LAN address = 192.168.1.0
    Subnet Mask = 255.255.255.0
    ESP:
    Enc = 3DES
    Auth = MD5
    Mode = Tunnel
    PFS is checked
    Group = DH1024

    Console shows:
    VPN Logs on the router show nothing and Ethereal shows no response from the Router



     
  2. ReDFlaG

    ReDFlaG Network Guru Member

    VPN can only be set up between two routers, if i'm not wrong. You can't set up a VPN to be accessed directly by a client (pc).

    Check HERE to have an example "how to set up" (it's not wag but it's kind of)
     
  3. hsmeets

    hsmeets Guest

    with vpn client software on a pc (or by following the Winxp/2000 instructions for setting up IPsec) it should be possible to connect using a VPN, thousands of people use it when working away from their offices to connect to resources on their office LAN.

    We just dont seem able to get it to work with our router

    PS: yes ..."we" Caz is my wife to be ;)
     
  4. ReDFlaG

    ReDFlaG Network Guru Member

    yeah plenty of people use vpn, as i do. Now the point is "does the vpn, as it is built into the wag, allow that" i don't think so.

    it seems that you can only established a vpn between two wag.
     
  5. Caz_M

    Caz_M Network Guru Member

    :( I am more than a little bit confused now.... you say I can only set up a VPN between two WAG54G's?

    What about this thread ( WAG54g + winxp - VPN) - The instructions referenced in the Linksys Manual and a number of other references make it sound like this is definitely possible....it just doesn't seem to work on our router
     
  6. ccbadd

    ccbadd Network Guru Member

    I would ditch the WAG for vpn all together. My recent experiences with Linksys VPN routers (BEFVP41's) resulted in my decision to dump Linksys all together. I love my WRT54G(S)'s but I'm not bying any VPN stuff from Linksys. I use some Netsceen and Draytek routers and they seem to be great for VPN. I have also just ordered a D-Link DI808HV to test that looks to have some great prommise.
     
  7. ReDFlaG

    ReDFlaG Network Guru Member

    One of your link point to another router not a WAG V2.

    The second (the pdf) shows a set up of an internal IPSEC Tunnel. (intranet to intranet connection, not internet to intranet)

    For now i only successfully establish a VPN between two WAG.
    I will try with the latest firmware to establish a VPN the way you say. (but i remember of a bug when setting "any" in remote secure group)

    Anyway...
     
  8. tallicalord

    tallicalord Network Guru Member

    Yes it's possible to establish a vpn between the wag and another machine...

    You can do that with the green bow vpn client. I've tried once with XP IPSEC implementation but didn't succeed to establish a vpn.
    I think that i failed to establish the vpn with XP and the wag due to how VPN technologies are implemented...(not sure about this...didn't dig too much on this subject.)

    here's my configs:

    WAG

    IPSec Passthrough - Disabled (It should be enabled only if you want to establish an IPSec vpn with another machine behind the router)PPPoE Passthrough - Enebled (This is to maintain the internet connection available for everyone that resides on local network) PPTP Passthrough - Disabled
    L2TP Passthrough - Disabled

    Select Tunnel Entry = 1 - <Name>
    IPSec VPN Tunnel = Enabled
    Tunnel Name = <Name>

    Local Secure Group = Subnet 192.168.1.0 / 255.255.255.0

    Local Security Gateway = PVC 1(ppp0)

    Local Identity Type = IP Addr

    Remote Security Group = ANY

    Remote Security Gateway = ANY

    Remote Identity Type = IP Addr

    Encryption = 3DES
    Authentication = SHA

    KeyManagement = Auto.(IKE)

    PFS = Enabled
    Pre-shared Key = <text string> = router
    Keylife time = 3600

    ADVANCED:
    Phase 1
    Operation Mode = Main

    Proposal 1
    Encryption = 3DES
    Authentication = SHA
    Group = 1024 bit
    Key Lifetime = 3600

    Phase 2
    Proposal 2
    Enc = 3DES
    Auth = SHA
    PFS = ON
    Group = 1024 bit
    Key Lifetime = 3600

    Nat Traversal = off
    NetBios Broadcast = on(Mine's on but I think it's irrelevant for the connection hanshaking rules)
    Anti-replay = off
    Keep Alive = off

    ********************

    Greenbow Settings (v2.51)

    Phase 1
    Name = Same as Router
    Interface = Any
    Remote Gateway = Public IP on Router at home
    Preshared key = same as router
    Enc = 3DES
    Auth = SHA
    Key Group = DH1024


    Phase 2
    Name = same as router
    VPN CLient Address = (I'm behind a gateway/NAT, so I configured the internal ip of my machine)
    This option doesn't exist on my grenbow version->Address Type = Subnet
    Remote LAN address = 192.168.1.0
    Subnet Mask = 255.255.255.0
    ESP:
    Enc = 3DES
    Auth = SHA
    Mode = Tunnel
    PFS is checked
    Group = DH1024

    So... Good luck! :) ;)
     
  9. ReDFlaG

    ReDFlaG Network Guru Member

    the only issue is (if we don't mind about security) that when you set "ANY" into remote secure gateway (if i remember well) the wag drop the connection.

    It does with mine and with a friend of mine too. (i tested that with 3 different firmware, i opened a ticket to have support and the answer was ... RMA ... as usual)
     

Share This Page