WRV54G - NAT-T Issue Solved

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by ipcdmatt, Apr 26, 2005.

  1. ipcdmatt

    ipcdmatt Network Guru Member

    Okay Guys, ... after much messing with convolouted successes and failures I have finally gone to VPN heaven.

    Here is the Fix: (Sequence is important)

    1) Unplug the black power cable from the WRV54G
    2) Unplug the Ethernet Cables from the Unit
    3) Gently remove the unit from its installed position
    4) Uninstall QuickVPN from your Computer and send the download to the recycle BIN.
    5) Retain GReenbow, if you have it as it will become useful later.
    6) Thrust the now dettached WRV54G through the closest window, watch out for Kids.
    7) Replace with a Netgear series VPN router like FVS318 for example.
    8) If using Client to Endpoint topology, try the Greenbow config. on thier website.
    9)Voila !! A TUNNEL, a real tunnel, pingable, browsable, executable,....

    Oh wait, .. I did have to slightly adjust MTU downwards for the last point (application stalling).

    Regards: Matt

    Note: No disrespect to all the diehards that want to see this Linksys thing through, especially the Linuxites, but Im sure not all of us have that time luxury.
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    *Heh* *Heh* *Heh*

    Hey, not all of us are technically inclined to stick out. No hard feelings...

  3. ipcdmatt

    ipcdmatt Network Guru Member

    Jay, I said no disrepect and I meant it.

    If theres anyone thats willing to stick things out and challenge oneself , that would be me, thats what I do, ... however this was not the right time to give a client a fuzzy soloution, .... , due dates have come and gone and luckily for me and my reputation I bought some leeway.

    I was able to recover from this fiasco by making an executive decision to abandon the Linksys WRV54G at least for now. I deployed another vendor and had client up and running in just over an hour.

    It would have been technically stupid for me to say, wait, wait, Ive got it !!, lets just try this one last thing. That would not have cut it.

    In terms of whats going on with the WRV54G and possible 3d party intervention, I find that interesting and will keep watching this group for further developments.

    Kudos to you for providing so much support. Im sure it is appreciated by all.

    Dont worry I did not take it personally, I believe I understand the dynamics of your attachment, hence your rebuttal.

    Hey who knows, time permitting you may hear another post from me citing an actual WRV54G fix that works consistently.

    Regards Matt.
  4. JohnBima

    JohnBima Network Guru Member

    HERE HERE! The WRV54G is a peice of SH!T, no pun intended! Worst crap I ever bought...
  5. shaidom

    shaidom Network Guru Member


    I too am abot to abandon linksys. What are some other product you folks have had some luck with with VPN? I am not impress by dlink. Netgear kept change WAN IPs on me. Watchguard seems to work well, but ti is pricy!
  6. DocLarge

    DocLarge Super Moderator Staff Member Member

    *tch* *tch* *tch*

    Man vs Machine: Machine - 1, Man - 0 (We can do better than this....)

    Previous post for those who haven't seen it...


    Dave Warner (a.k.a. TVOS) and I have finally got some solid info to share with folks in getting the quickvpn utility to work on a consistent basis. We’ve fully connected via the quickvpn utility to each others WRV54G's (he's been connected to my network today through vpn for 7 hours now) and subsequently to each others computers and transferred/copied files WITH NO PROBLEMS!" We've even invited remote users who've never been able to connect with quickvpn in the past to connect to our routers and they've all connected sucessfully! Excuse the length of this post, but I'm sure those of you wanting to make Quickvpn work won't mind...

    THE TUNNELS ARE STABLE! Sure, I've had Quickvpn working in the past, but now, I've got it in writing to share with others and the consistency of the information is excellent!

    I've got a few more things to put in the guide, but in the meantime, here's the nuts 'n bolts of it. Below is the "exact" configuration I have right now, and I and remote users are able to vpn into my network "with full functionality" using Quickvpn. Sure you might wonder "Why does he have PPTP enable?" or something like that, but I'm just sharing my current settings "as is."

    Obviously you're going to make modifications once you connect; as I've always said, I'm just establishing a baseline. These are the “Prime Rib†Settings involved

    1) Setup Page

    Internet Connection Type: Automatic Configuration (DHCP)

    MTU: Auto

    DHCP Server: Disable

    Time Setting: (GMT) England [Obviously set this to your own zone or leave at default]

    2) Security ---> VPN Page

    Ipsec: Enable
    PPTP: Enable
    L2TP: Disable

    NOTE: This goes away from previous advice I’ve given but we’re trying something new. People were able to connect before, so this slight change really shouldn’t alter that much. Furthermore, the 50 vpn tunnels that come with the WRV54G are designed to work with third party vpn clients (i.e., SSH Sentinel, Greenbow, Logmein, etc...) and "not" with quickvpn. Quickvpn handles all aspects of negotiation by itself (now that the mystery is solved, it's a clever little tool to me :))

    Also, in the WRV54G manual, where it shows you how to create an IPSEC policy, if you're using quickvpn, this, by default of installation is already done for you by Quickvpn (look in the Program Files\Linksys\Linksys VPN Client directory on your computer and you will see this.) If you are "not" going to use Quickvpn, you could try this (yes, some people have been able to do it). Also, as noted by Chris Watts (a..k.a. Chris547), quickvpn uses a randomly created pre shared key everytime it connects. I think I may love quickvpn now...

    Remaining settings on this page should be disabled.

    3) Access Restrictions:

    - Start off by using a simple name and password combination such as

    username: test
    password: tester

    4) Apps & Gaming

    "NO" vpn port forwarding settings of any kind (500, 1701, 1723, etc...) are required for quickvpn to work. It establishes its own tunnel.


    - Try using firmware 2.38 (I'm running it now). You can download it from linksysinfo.org

    - SNMP & UPNP are disabled.


    - Make sure the ipsec service under settings is started. If you’ve ever loaded SSH Sentinel, SSH knocks ipsec offline and you never even know it unless you happen to be checking services to see why your tunnel doesn’t come up (I found this information out surfing forums).

    - "DO NOT" have any other vpn application "LOADED" on your machine other than quickvpn; even if you have another vpn application loaded and its process is shut off in the back ground, quickvpn still "will--not--run" if it's loaded. If you happen to be able to do this, you're quite fortunate, otherwise, load quickvpn only to avoid conflict.

    - Disable any firewall that you currently have running for the moment (again, we're establishing a baseline). I use Norton Internet Security 2003 and can connect to Dave's vpn segment with my firewall up so you might want to consider a new firewall in the event you can't connect with your current firewall running. Incidentally, when I’m at a wireless internet café, I have to drop my firewall on my laptop to make the connection to vpn, but I’m sure this is just something to do with how the router policies of that local business’s router are enforced. Other than that, I connect to a remote vpn host (from my homeâ€) with my firewall up.

    - Copy and paste this link into your browser to get your WAN IP address if you don’t know it for sure (http://remote.12dt.com/rns/) to place in quickvpn's "Server Address" field.

    Here's one more thing. Copy and paste this link into your browser (http://www.dslreports.com/drtcp). This application will allow you to adjust the MTU setting of your NIC "on the fly" if you bump into a problem with the MTU causing tunnel drops. Make your MTU setting "On The Client" 1458 “if†there are problems with tunnel connectivity.

    The last item (MTU setting) is where the magic came in for me. I've been accustomed to setting my routers to "manual" so much it's become second nature because back in the 2.32 and 2.36.5 firmware days, doing this stabilized my wrv54g more than anything else (funny, I could use quickvpn back then with no dropouts). After setting The MTU back to "auto" (Dave showed me his configuration was like this and I was connecting to his via quickvpn with no issues) vpn on my WRV54G has been running ever since. It's like a switch has been flipped and everything "just works" now!

    Once you’ve made the connection and you want to connect to a shared resource that you have rights to, open up windows explorer and click on “map a network drive.†After clicking on that, choose a driver letter and type the ip address of a computer you have rights to on that network. You would type the following: \\\sharename
    Where you see sharename would be where you would substitute the name of a folder you have share permissions to access (i.e., \\\vpn). Before you click finish, click on “connect as different user†because in order to connect, that local computer needs to have a username and password created on it so it recognizes who you are. When you click this link, you’ll be asked to type in a username and password that has rights to the machine. Click O.K., then click finish. The shared resource you’ve been given access to should pop up! If the account you‘re connecting to has the permissions set properly, you’re all good now!

    Here’s one last tidbit: if someone has connected to a shared resource on your computer via quickvpn, you won’t be able to connect out using Quickvpn to “the same connection†that’s coming in, namely, the remote end client that is currently connecting to you. However, you can traverse the incoming connection and connect “in a reverse fashion†if the connected user has a username and password, to include a shared resource on its end available for you. So, if Dave is connected to a resource on my server from his location, I can go to that server, open up “map a network drive,†pick a drive letter, and then type in the ip address of his machine that has an account and share available for me, click “connect as different user) and connect (\\\reverse). A senior IT partner of mine (KJ) showed me this trick when we first started fooling with quickvpn.

    Overall, I feel Linksys just never showed anyone how to communicate with the WRV54G properly because they tested it in a sterile environment (bare OS and Quickvpn loaded probably) and didn’t take in account any problems in the field, such as Quickvpn not playing nice with another vpn application loaded at the same time, firewall settings, etc, etc, etc… Hey, it was a rush job. Otherwise, that’s all folks!

    VPN AT Last! VPN at last! Good Gawd, almighty, VPN at last!

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice