WRVS4400N QuickVPN connection problem and a quick work around solution

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by carlzhou, Mar 27, 2007.

  1. carlzhou

    carlzhou LI Guru Member

    Just want to share my VPN experience with you so you don't have to waste time troubleshooting it.

    Versions I use:
    WRVS4400N firmware version: 1.0.13
    QuickVPN version: 1.0.39
    They are all the latest version found on the web site as of today.

    If you use domain name in the Server Address in QuickVPN program, you will have some problems with VPN connection. You can get successful connection in the first time. Then if you disconnect and you will not be able to get a successful VPN connection for the second time. The program will hung up at "Verifying Network". In order to get the QuickVPN working again, you have to use either of the following methods:
    Method 1. Rebooting the router or power cycle it
    Method 2. Enter the router setup. Click "Firewall", then Click "Save Settings"
    Method 2 will not cause the router to reboot, so it's a little bit quicker.

    Work around solution for this problem: just use the actual numeric IP address instead of domain name. You will then have no connection problem with QuickVPN. You can successfully establish QuickVPN connection for as many times as you want if you use IP address instead of domain name.

    I don't know which one is the bad guy (QuickVPN software or the firmware, or both). I think it's probabily the QuickVPN software. Anyway, let's hope they can fix it in the new release
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    When you say "use the ip address of the domain name," I assume this is provided the individual's domain name is synchronized with a ddns account?
  3. carlzhou

    carlzhou LI Guru Member

    Yes, I use dyndns.com's dynamic DNS service. Both domain name and IP address can be used to reach my location. It's just that QuickVPN can only work once before I haveto reset the router if domain name is used. So far IP address works perfectly every time.
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    Interesting you should mention that. The reason is that over 90% of quickvpn users always use the WAN address in the "Server address" field of quickvpn, so your mentioning that isn't really new information, however, the fact that you have quickvpn 1.0.39 working with wrvs440n firmware 1.0.13 "is" of interest :)

    I stopped using 1.0.13 on my WRVS440N when I noticed the DIAG light would not go out and some page hanging. I think I'll give it another shot and post my results.

    Nice find...

  5. kinoini

    kinoini Guest

    Hi, all. Not sure where to post this, but here seems to be as good a place as any. You folks seem friendly enough, so hey, what's up?

    I find myself in possession of a darling WRVS4400N thanks to the now defunct brick-and-mortar incarnation of CompUSA. Translate that: I got it for 60% off the day before they closed the doors.

    So....I'm playing around with the VPN. I'm no expert on vpns, matter of fact, this is my first foray into them.

    Now the shiny, silver 4400 says "QuickVPN"? That can only be the most cool-est, gizmo-di-est, awe-som-ist thing ever. Right? You with me? Yeah, me either. It doesn't work. I got it to work on one laptop. I have absolutely no idea what I did differently on that machine, but it works every time. But only after I sat trying to connect like a rat locked in a skinner box, with a mental patient in charge of dropping the pellet. I've checked the security policies, connections, trace routes....I do not see what's different on the one laptop. I tried all the recommendations I've seen around on the web. Turn off dmz, no forwarding. Enable/disable pass-through. Delete the VPN client on the router, add a new one, never using the same ID/password combo. Installed the xp patch for the icmp problem. Even found a registry edit for fixing nat-t issues (I wasn't sure if I needed it, but my grammy always said, an ounce of prevention...) Nothing.

    I connect, my policies get activated (how could you beat that on a Saturday night?) but I get hung up on "verifying network". Is there some way I could just vouch for the network, and say it's verified, you know, until next time? Between friends. Pauley Walnuts, c'mon.

    It's been frustrating. More so, because I have to keep hopping onto my neighbor's unsecured wireless network. I am loathe to do that, but I can't test it from within. Testing it from my office is hit or miss. I can't tell if I'm just not connected because they are filtering, or if its the same problem.

    I kid around a bit, but the issue is real. I'm not sure what I'm doing wrong. If I could get to the router interface, I'd post the log. I've rebooted my router, and apparently in the 2 minute recovery time, my isp has assigned me a new IP. Not a problem if I could update my dyndns. Which I can't because I don't know the new ip.

    Anyway, I'm following the instructions to a T. I've got quickvpn 1.0.39 and firmware version 1.00.13. I point the dmz to my webserver, so I've forwarded 60443, 500 and 4500 to the router's own IP. I created a client ID, password. Installed the client software, all firewalls turned off. Same thing everytime. Connect, activating policies, hangs on verifying network.

    Except for the one laptop. I can connect using the pcmcia linksys N card, or the internal G card.

    Anyway, thanks for letting me vent.
  6. aviegas

    aviegas Network Guru Member

    This is odd.... using a hostname or an ip address should not cause this kind of problems.

    A hostname is translated to an ip address at the client side (QuickVPN) and the connection is established using the IP address, not the hostname.

    But, the problem is that QuickVPN session starts with a HTTPS transaction to authenticate and retrieve the PSK (pre-shared key). HTTPS uses the HTTP protocol and it may use the hostname as part of the transaction.

    To sort things out, do a little test. Open you favorite web browser and type the following URL:

    Where: *user*, *password* are the QuickVPN user and password
    *router_addr* either the IP address or the hostname of the router
    *port* can be either 443 or 60443
    *client_ip* is the LAN IP address of the client

    Try first with just the IP Address of the router. Repeat a few times.
    Then try with the hostname. Repeat.

    Comprate the results. The only thing that should change on each attempt is the PSK.

    Post you results.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice