1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRTP54G and 2 VPN Connections HELP!!

Discussion in 'Networking Issues' started by mikey312, Oct 1, 2005.

  1. mikey312

    mikey312 Guest

    I have the WRTP54G and it just upgraded to Firmware 1.00.50.

    I am still having issues making VPN connections on 2 computers. The first one connects fine, but the second times out at "Verifing Password". If I disconnect the 1st VPN, the second works fine....

    How can I get 2 computers to establish VPN connections??

  2. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    The short answer is you probably can't get both computers to connect via VPN at the same time.

    The slightly longer answer is that home gateways are almost invariably PAT (Port Address Translation) devices. Since they need to create a large number of connections to the Internet from inside devices, and since all these inside devices will have their source IP address translated to the single WAN IP address of your PAT'ng router, the only way to differentiate the different connections from your router's standpoint is to keep track of port numbers (TCP and UDP). This works great if the Internet-bound traffic has port numbers but the problem with an IPSec VPN (or any network-layer VPN technology) is that the encrypted data payload is contained in non-TCP or UDP encapsulation. No port numbers = no translation = no connection to the Internet.

    Home routers get around this by allowing users to setup "VPN Passthrough". This enables typically one-only VPN connection through your router as the router's logic is equipped to keep track of only one instance of VPN connections. Basically the router says "Well, I saw a VPN being established from node A, so if I see any return VPN traffic to my WAN interface, I will forward it to node A" More sophisticated gateways (these are typically enterprise-class) will look a bit deeper into the VPN packet for information (similar to port numbers, called SPIs) which they can use to differentiate between VPN hosts on the inside of your network. In that case, more than one concurrent VPN can be established.

    Unfortunately, the documentation on these things are either very poor or completely non-existent. I know, for example, that a SMC 2804WBRP-G (an inexpensive wireless router with print server) that I recently sold supports more than one concurrent VPN but try to find *that* in the documentation!

    Anyway, forgive me the length of response. I teach/consult/breathe network security. I wish it weren't such a dark art for people. I think things are easily understood if you take the time to explain them simply. Given a good foundation anybody can understand this stuff.

Share This Page