1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRV54G VPN via wifi Hotspot or GPRS

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by chris547, Mar 24, 2005.

  1. chris547

    chris547 Network Guru Member

    Has anybody managed to get the VPN working via either a wifi Hotspot or GPRS with a a client other than QuickVPN ? I've managed to get the VPN working via a dialup ISP but I never get a connection via Wifi or GPRS. I think it's due to the fact that when I connect to either I'm behind a NAT.

    One wifi hotspot informed me that VPN would only work with VPN NAT-T support. Am I correct in thinking that the WRV54G doesn't have the patch necessary for NAT-T?
     
  2. H2O_Goalie

    H2O_Goalie Network Guru Member

    I believe that there is a definite NAT-T problem with the WRV54G. I say this based on these factors:
    1. I previously owned a BEFVP41...I could generate a VPN tunnel between it and my laptop anywhere, it worked beautifully. However, with no changes on the laptop and the VPN settings from the BEF duplicated exactly to the WRV I'm unable to raise a VPN tunnel from the laptop (in all but one case).
    2. The WRV is able to raise and maintain a tunnel from itself (public address) to my work HQ (also a public address).
    3. The one and only time I was able to get a tunnel established between my laptop and the WRV was when the laptop was assigned a public address. Every other time I've tried to connect I've been behind a NAT and the tunnel has failed.

    I have the Oakley logs from my laptop, and extensive logs from the router. It seems that the router stops negotiation (Main Mode) when it decided that there is no appropriate connection for the incoming IP. I think it's either a NAT-T problem or a problem with the use of "Any" as the remote group/gateway. By the way...I've tried all of this with both the 2.37.7 and 2.37.9 firmwares.

    To make a long story short...the VPN problems make this product virtually worthless, particularly at it's price. I've actually put the BEFVP41 back in place until a decent firmware is released for the WRV.

    Anyone else pissed that Linksys has chosen to release a firmware for enabling more QuickVPN clients but has ignored the problems with establishing a tunnel via methods other than QuickVPN?
     
  3. TazUk

    TazUk Network Guru Member

    Yep I agree, the WRV54G with current firmware doesn't support NAT-T. All they really need to do is recompile the firmware with the latest version of Free S/WAN, which I belives it uses for the VPN. I did email Linksys tech support and they replied that they couldn't replicate it in their labs and wouldn't confirm the lack of NAT-T support.
     
  4. chris547

    chris547 Network Guru Member

    I've just got a reply from Linksys regarding why I can't connect and they have confirmed there's no NAT-T support on the WRV54G. They informed me that they'd pass it onto product management, so they can consider it in the next release!

    Now the router states on the packaging that it can be used to connect upto 50 "travelling users" and if I'm travelling I'm not going to be using a slow dialup connection, so I'd say that in the UK this router breaches the Trade description act.
     
  5. H2O_Goalie

    H2O_Goalie Network Guru Member

    Sorry Chris, but probably not. I've heard that the QuickVPN client will work from behind a NAT. I can't use it (don't ask), but it's an option for others.
     
  6. chris547

    chris547 Network Guru Member

    QuickVPN seems to be their quick fix solution, it seems to get over the problem by talking on a https: connection. So good if you can actually run QuickVPN!
     
  7. TazUk

    TazUk Network Guru Member

    Didn't last time I tried it :(

    Next release, it should have come with it from the start :evil: What's more annoying is the much cheaper and older BEFVP41 supports it :roll:
     
  8. chris547

    chris547 Network Guru Member

    That's consider it,no guarantee it will be there or not. Since Linksys has come out with their own in house fix to this problem, QuickVPN and they are now selling fifty licence copies, I doubt they're going to be doing something about it very soon. If I purchased a D-Link product I wouldn't have this problem since they come with NAT-T from the start.

    I'd suguest anybody who's had problems because of this to log a support issue with Linksys. Perhaps if they get loads of complaints it might be fixed.
     
  9. DocLarge

    DocLarge Super Moderator Staff Member Member

    The last time I was able to connect from a WIFI spot with my wrv54g was with firmware version 2.36 using the linksys quickvpn client. I just saw recently where they're offering 50 tunnels with the quickvpn but these tunnels are formed through pptp as opposed to IPSEC aren't they?

    That being said, it looks like it will be greenbow vpn for folks until this supposed "firmware release" appears...

    FYI, complaing to Linksys won't really put much in gear because they don't seem to write much firmware anymore these days; a company called "CyberTan" writes it and Linksys puts their name on it. Here's an article I found confirming this:
    -------------------------------------------------------------------------------------
    Comments: How the Internet is broken, how to fix it, and why that's not going to happen

    Just out of curiosity I installed the Linksys WRT54G userspace distribution on my parents' WRT54G, and found it quite entertaining to browse around.

    Interesting aspects of it:
    - it runs an embedded ASP-capable httpd, which actually appears to be a customized ASP dialect (I don't know why they didn't use PHP or Tcl instead)
    - Linksys didn't actually write the code; it was done by a company called CyberTAN
    - This amusing notice appears in the top of it:

    This is UNPUBLISHED PROPRIETARY SOURCE CODE of CyberTAN Inc. the contents of this file may not be disclosed to third parties, copied or duplicated in any form without the prior written permission of CyberTAN Inc.
    This software should be used as a reference only, and it not
    intended for production use!


    - CyberTAN doesn't deem it necessary to follow the LFS, and I have no idea where the inittab (if any) lives.
    -------------------------------------------------------------------------------------

    Personally, I'm thinking about calling CyberTan...
     
  10. chris547

    chris547 Network Guru Member

    QuickVPN is their quick fix for this problem, it does communicate via IPSEC and the fact they are selling 50 client version questions weither they're going to fix this problem or not. I'm sure their not going to fix a problem that's going to make a quick fix solution that their selling obsolete!

    Also not sure if CyberTan writes all Linksys software, if they did wouldn't the WRV54G not have these problems and be just a upgraded BEFVP41 ? It seems both of these products have separate development lines. Even if their not producing it themselves there's still beta versions coming out. The last version I had was 2.37.13 which did improve the running of the unit for a little while but after that it was back to it's usual state. I'd rather not post it since I believe even Linksys would get sick of hundreds of people complaining about their product after a while and it gives people another reason to contact them.
     
  11. DocLarge

    DocLarge Super Moderator Staff Member Member

    Well,

    that leaves all of us WRV owners with one other option: use another VPN client. I've had my day fussing with Linksys and the bottom line is that a majority of their techs are there to collect a paycheck and are not affilliated with the craft the rest of us enjoy.

    I've owned mine for almost a year and while the improvements are minimal, they are improvements. Unless someone takes the initiative like the guys at HyperWRT and Sveasoft, we'll have to rely on Linksys/CyberTan for firmware fixes...
     
  12. chris547

    chris547 Network Guru Member

    That's the thing, you can't use another client unless the site your connecting from issues public ip addresses. Without NAT-T support your'll have problems connecting. QuickVPN get's around this by sending the relivant data about the client at the remote end by https:. Since Linksys are selling 50 client versions of QuickVPN I doubt they'd be in any hurry to fix NAT-T since they'd loose their monopoly.
     
  13. TazUk

    TazUk Network Guru Member

    Are you 100% sure the QuickVPN client does work in those situations?
     
  14. chris547

    chris547 Network Guru Member

    No not actually sure, I know that it sends your ip address when it connects but I've never seen it work, since I can't run it.

    That was the first thing I was asked when I contacted Linksys, but it could be just one of those things the first line support try. First thing try and get them to use QuickVPN, if they still complain send them the latest beta version. If they still come back transfer them to someone who actually understands the product!

    Ps. I've managed to find a way of testing QuickVPN and GreenBow client on my pc. The Greenbow client was configured with settings that were reported to work and both Greenbow and QuickVPN didn't connect! Looks like QuickVPN is Linksys's answer to everything, even if it doesn't solve the problem!
     

Share This Page