1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRV54G QuickVPN woes. Almost there...but....

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by MrBlogg, Aug 23, 2005.

  1. MrBlogg

    MrBlogg Network Guru Member

    OK sorry this is long, but I have to admit I must join the party of those having trouble with QuickVPN.

    I've read many posts from contributors, especially the ever-helpful DocLarge, and I'm sure I've followed the instructions 'to-the-letter', but I just can't get QuickVPN to work. I don't doubt for a minute those who get it working straight away, I'm just envious of you!

    Here's what I can do:-
    I've setup a VPN Client account on the WRV54G.
    On a remote PC running QuickVPN can get to the "Verifying Network...." pop-up window point.
    If I look at the status page back on the WRV54G it now shows the client as 'Online'.
    If I run 'ipconfig /all' on the remote PC I get the router's IP address added to the DNS list (e.g. 10.x.x.x).
    If I try to ping the WRV's IP address, or any of the other PCs on our network, I just get 3 or 4 lines of 'Negotiating IP Security'.

    So I guess QuickVPN is connecting and getting the tunnel working, but I can get no further. After about 15secs of 'Verifying Network', the window "...remote gateway is not responding..." appears which then disconnects me when OK is clicked.

    I've read much here about disabling firewalls, removing other VPN software etc, so here's the list of what I have...

    Work network:-
    Linksys ADSL2MUE modem, configured as 'bridged mode only'.
    Linksys WRV54G (V2.38) connected to ADSL2MUE using their standard internet ports.
    WRV is acting as our DHCP server for our peer-to-peer network - LAN ports of WRV to other PCs and hubs/switches.
    MTU is set to AUTO.
    All PCs on our network have user login names so we can share directories etc. This works perfectly within our building, so does our internet connection & wireless.
    WRV Security Firewall page: Firewall Protection enabled, block anon WAN requests enabled, other settings disabled.
    WRV Security VPN page: IPSec & PPTP passthrough enabled, others disabled.
    WRV Status page lists our WAN IP, gateway & DNS servers correctly so the ADSL2MUE is happily working in 'modem-only' mode.

    When the first VPN Client was setup to test the connection, the WRV wanted to change our IP addresses to 10.x.x.x etc, so I let it. This also means that the LAN address of my remote PC at 192.x.x.x is not going to cause a conflict WHEN I get connected.

    Remote Client:-
    BEFW11S4V4 cable router on Motorola SB5100 cable modem.
    IPSec passthrough enabled.
    Windows XP Pro - firewall disabled.
    NIS2004 installed but security is OFF.
    IPSec service is running.
    No additional VPN client software installed or running.
    No communications software installed, except Skype which is shutdown.

    Also tried on a separate PC running Windows 2000 and a 3rd PC from another location with ADSL connection and no router. Get identical problem, so I assume there's something wrong with my WRV54G setup, or the network it's attached to?

    Am I missing a trick somewhere? I'm expecting QuickVPN to make a connection, then allow me to enter the IP address and share name of a directory on my work PC. Do I have to set or use DNS in any way? I've not come across anything to that effect but am having to start clutching at straws now.

    Any advise would be appreciated, likewise I'll respond to any questions for more info.

    Thanks in advance.

  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    In the future, to get around the WRV changing your lan setting, "do not" create any vpn clients until you've changed the default of first. Basically, when you first take it out of the box, change the LAN IP to "anything" first (i.e., After you reboot, you can then change your LAN ip to whatever you want, and the router will not try to change your LAN IP. The reason it does this is because "everybody" starts out using and if you try to set up your vpn with the LAN default and somebody else is running on default, the vpn will not connect. Just keep this in your hat the next time you have to set up another WRV54g :)

    If you can get "verifying network" but still no connection, that means the client and the router are "handshaking", which is why you get "negotiating IP" when doing a ping. If you're getting that far, the router sees you but can "seal the deal."

    I just noticed you said "Or the network it's attached to." How exactly do you have your WRV54G connected to a corporate Lan? Is it connected via one of the four LAN ports or its WAN port?

  3. MrBlogg

    MrBlogg Network Guru Member

    Hi Doc,

    Thanks for the speedy reply.

    Poor terminology perhaps on my part. The WRV is not connected to a corporate LAN - our 'network' is essentially just a bunch of PCs connected via their NICs to a 24-port hub/switch. All are running Win2k or XP Pro. We can therefore access each other's shared drives, printers, etc.

    The "Ethernet" port on the ADSL2MUE is connected to the "Internet" (WAN) port on the WRV with standard (not crossed) CAT5 cable. The only other connection on the modem is the one to the adsl phone line. I've used "" to indicate labelling on equipment!

    One of the 4 LAN ports on the WRV is connected to one of the spare LAN ports on our hub/switch. The other LAN ports are not being used, though we could if we needed to put a PC near the WRV.

    We don't have any 'servers' as such, we just login to our own PCs as whatever username is appropriate. The WRV is providing the DHCP server function for us, as well as access to the internet via the ADSL2MUE.

    Although there's never more than 6 of us, we have, upto 15 PCs connected to the hub/switch and any can access the internet.

    I hope that clarifies our setup.
  4. MrBlogg

    MrBlogg Network Guru Member

    ....oh, a few more bits of information...

    All our PCs have individual computer names and belong to the same Workgroup <details in System Properties - Network Identification>.

    Maybe there's an issue with belonging to a Workgroup instead of a Domain? If so, not sure how to change that at present.


  5. DocLarge

    DocLarge Super Moderator Staff Member Member

    Only because I use to own an ADSL2MUE, I've experienced your angst and need to ask the question. I'd wager that you most likely connected "one to the other" (ADSL2MUE to WRV54G) and went from there, correct? Reason being, the ADSL2MUE "does not" have the ability to do port forwarding. :thumbdown: Although the WRV54G "should" show some sort of dynamic routing if you check the "advanced routing" tab, this "may" very well be the problem. I have neglected to ask the question; is your connection PPPoA or PPPoE?

    I owned an ADSL2MUE that I gave away because it was advertised as just a "modem" on the linkys site; instead it was Linksys's "cheapest" adsl modem/router combination I didn't need (I needed an ADSL modem to connect my WRV54G to). I'd tried bridging the damn thing but that was pointless because that meant the device daisy chained to it (my WRV54G) would have to handle PPPoA protocol, which the WRV54G is not designed for (this would change my diagnosis slightly if your connection was PPPoE). Long story short, I was without vpn, so I bought the x-modem ce from adslnation.com to remedy the situation (nothing like a "plain" hardware modem); my vpn worked fine from that point on.

    The failure of the ADSL2MUE to do port forwarding to the WRV54G would be my guess. Should that not be it and I'm "flat out" wrong, don't worry, there are others out here who've read your post and our (hopefully) thinking it over. :)

  6. MrBlogg

    MrBlogg Network Guru Member

    Hi Doc,

    (Good news below, but please read full reply).

    Yeh, connected the 2 together, but after I'd read yours & others posts on problems with the ADSL2MUE. Wanted to get the X-modem CE but was not available, so tried ADSL2... with option to return if junk.

    Modem is setup in bridged mode, ISP says they use PPPoA, which as you say the WRV wasn't designed for and has no setup option for. Anyway, took a chance & setup WRV using ISP user & password info as required BUT as PPPoE. Our internet connection works v.well and seems as reliable and as quick as it was before.

    As I mentioned in my original post, the advanced routing tab shows all the routing info I can think of, about 3 DNS addresses, our IP, gateway, subnet etc as detailed from our ISP when we first signed-up.

    That's that bitout of the way, now the good news:-

    I've reconnected the remote PC at home with its NIC directly into the Motorola SB5100 modem from my cable supplier, and not into the Linksys BEFW11S4V4 router that is normally betwen the two. I've disabled NIS2004 intrusion detection, and.......
    I can connect with QuickVPN!!!!!
    I can ping PCs on my network at the office, but cannot map a network drive to them as yet.

    So 2 things to sort out now:-
    1/ Get the network drive mapping sorted so I can see my files at work.
    2/ Find out how (or if!!) I can connect via my BEFW11S4 router.

    Thanks for support so far, but please advise on how I might cure '1' & '2' above. I've saved all the "ipconfig /all" info with a working & non-working connection (interesting IP addresses etc when working, not what I expected). Please let me know if these would shed any light on the new problems.

  7. MrBlogg

    MrBlogg Network Guru Member

    ...a few things I forgot re. mapping drives:-

    In the Win2k map network drive window, I'm entering the internal IP of the PC I can quite happily ping (\\10.x.x.x\share_name) and I'm using the option to log on as a different user, and it's one who has full admin rights, but still no-go.

    I did wonder if there's an issue with both sites using the same workgroup name? I'll change mine at home later and see what happens.

    Out of interest, is there any way to ping the shared drive/folder, and not just the PC?

  8. DocLarge

    DocLarge Super Moderator Staff Member Member


    I figured you must have thrown PPPoE in somewhere along the way if you were running your WRV behind your ADSL2MUE. Nice one! Anyway, you may have already figured this out (drive mapping), but I'm dropping this in just in case:


    Once you’ve made the connection and you want to connect to a shared resource that you have rights to from a remote location, on the "client" computer, open up windows explorer and click on "tools," then “map a network drive.†After clicking on that, choose a driver letter and type the ip address of a computer you have rights to on that network. You would type the following: \\\sharename

    Where you see sharename would be where you would substitute the name of a folder you have share permissions to access (i.e., \\\vpn).

    Before you click finish, click on “connect as different user†because in order to connect, that local machine needs to have a "username and password" created on it so it recognizes who you are. If you are part of a domain, make sure that your "domain user account" has been added to each computer you want to access remotely.

    When you click this link, you’ll be asked to type in a username and password that has access rights. Click O.K., then click finish. The shared resource you have been given access to should pop up! If the account you’re connecting to has the permissions set properly, you’re all good now!

    Look through that and see if there is something you might have missed. Your issue may have something to do with share/security permissions. What I normally do is create a "vpn" group, but due to you having a decentralized structure (workgroup), you just need to make sure any folder you create has granted the appropriate share/security rights to th individual account needing access.

    By the way, in case you didn't realize it, you've just blazed a new path for WRV54G connectivity. Had I not been so impatient, I should have considered setting the WRV up as PPPoE behind the ADSLMUE while it was running in "bridged mode." Basically, you've made it possible for Linksys to now "officially say that dogged out hardware (ADSL2MUE) really does work thanks to ingenuity on yur part.

    Way to represent, Blogg!!
  9. MrBlogg

    MrBlogg Network Guru Member

    I had already tried that method to map the network drive Doc, but it didn't work.

    I get the "Attempting to connect to \\10.x.x.x\share-name" message box, followed by the error/message box "The network path \\10.x.x.x\share-name could not be found" several seconds later.

    I'm 99.99% certain the user & share names are correct & have admin rights on the destination PC, so it should work.

    Guess I still need to figure out how to connect via my router. I've now connected QuickVPN using a different PC running XP Pro by connecting it straight to the cable modem instead of via my router. Bit of a pain but if I can get the drive mapping sorted I suppose I could live with the hardship of having to swap cables to get QuickVPN connected if I really had to. (I'm sure there's a way around it though).

    More testing in the a.m. me thinks.
  10. DocLarge

    DocLarge Super Moderator Staff Member Member


    when is the last time you've upgraded firmeware to your router? The reason I ask is because if you can connect via a straight thru connection to your modem but not through the router, there's a chance something is wrong with your router's "vpn pass thru" function. If you haven't upgraded, make sure you have a copy of your present firmware and try that. If you have upgraded and are currently unable to use the pass thru function, look at downgrading to the previous version. These are places I would start...

  11. MrBlogg

    MrBlogg Network Guru Member


    Upgraded firmware on BEFW... a few days ago while having the initial problems connecting, in the vain hope that might have been an issue. Installed V1.52.02 I think (latest on Linksys web site anyway). It was running V1.4... something, so I guess I'll go back and try older versions.

    Passthrough is enabled but may not be working correctly.

    Failing all that, is the WRT54G worth considering as an alternative? Would also upgrade wireless from B to G. I've just fitted one in another family member's house for their network, so I guess I could borrow it for a few hours to try!

    Will try firmware later and report back.

  12. MrBlogg

    MrBlogg Network Guru Member

    While I remember, I've taken a look at the issues I raised earlier re. IP address changes when connected directly through the modem instead of via my router.

    I'd always assumed that my WAN IP address was static, even though my cable ISP says it issues them dynamically. The reason I thought this was down to the report from my router status page. No matter how many times I've switched it (& my modem) off, it always comes back with the same IP, gateway, etc, and it's been in for about 11 months now.

    When I hooked-up my Win2k PC directly to the modem yesterday, I got a different IP address assigned (as reported using ipconfig /all). The subnet, default gateway & DNS servers all reported back the same info however.

    Then I connected the XP Pro PC to the modem instead (no router still), & it got a completely new IP, subnet, default gateway & DHCP server, but all DNS servers were still the same.

    I put the router back, reconnected everything, power-cycled router & modem and I'm back to the original 'static' IP settings!

    Ideas anyone?

    Ta, MrB.
  13. MrBlogg

    MrBlogg Network Guru Member

    :cheering: Forget all that's gone before, I've now got QuickVPN working on any of my home PCs in the UK.:cheering:

    Now just trying to get the boss's connection working in Australia! He has the same laptop etc as me but can't get past 'verifying network', but then his ISP is iffy, so is changing it in a few days.

    I'm too tired now to explain fully (it's 2am!), but I will try to post what I found that got things working shortly.

    Biggest find was the username length - needed to be 7 or 8 characters, nothing else seemed to work. Bizarre!

    I can access the office router from home and add new VPN Clients remotely upto the max of 5, but if I remove then add a new one in place of an existing one I can't connect using those settings. Maybe there's a minimum lease time on the clients? Not a big issue because I would normally only access this in the office.

    time for bed....
  14. DocLarge

    DocLarge Super Moderator Staff Member Member

    It appears that you have a dynamic connection to your ISP and the MAC address of your router is probably reserved
    'if that doesn't change" when you disconnect/reconnect it (but that's just me). All your other devices are just pulling the next available ip from the looks of things.

    I use 3-character usernames without any problems, personally, but if using 7-8 characters work for you, go ahead and "do the damn thing!" :thumbup:

    If your boss is getting the "verifying network" then you are 95% there. Just have him look for the usual "reasons why quickvpn won't connect" (firewall, communication software, user/password mismatch on the computer/router) and you should find the culprit :)

  15. MrBlogg

    MrBlogg Network Guru Member

    OK, I'm late with this, but I've been busy!

    Thanks for the info Doc re. dynamic/reserved IP's, I guess that makes some sense.

    I've now 'cured' the limited username length issue and can setup what I like. I think what happened was if I modified remotely any VPN Client 'accounts', they stopped working, but any new ones that I added worked fine.

    I had to reboot the WRV for the 'modified' accouts to work. This was all done remotely, from home. I just had to wait a while for the WRV to reboot then remake the internet connection via the ADSL2MUE. I think in future I'll force a reboot whenever I make a change to any VPN Client settings, may not need to but what-the-heck!

    Going back to an earlier point (25th Aug), if I remove the router and connect directly through my cable modem at home, I get QuickVPN connected fine, and can ping the PCs at work, but still cannot map any drives.
    If I connect via the router it all works perfectly and I can find/access PCs at work using IP, pc name or share names, even with NIS2004 firewall & intrusion detection fully running. Since I always connect via the router, it's not a major issue, but a curious point none-the-less.

    Finally, if I use my laptop's wired LAN connection at home, QuickVPN works perfectly. If I disable the network card and use the laptops wireless PCMCIA card instead, I can't get past the 'Verifying Network' stage. All other issues required to get Q-VPN to work seem to be the same for each network card, but I may need to delve deeper to get wireless Q-VPN working.
    I know it doesn't like having 2 network cards running to connect properly, because I've managed to enable my wireless card while connected and the Q-VPN connection gets dropped! Disable the wireless card and it works again.


Share This Page