Issues with WRV200 / QuickVPN user names and passwords...

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by CalledToConstruct, Dec 14, 2007.

  1. CalledToConstruct

    CalledToConstruct LI Guru Member

    I've been trying the last couple days to establish a variety of VPN connections (some inbound from remote locations, some outbound to my work VPNs) and have run into a couple issues... possibly bugs or security concerns... and hope someone can verify the same issues on their WRV200. If so, perhaps Linksys can get the issues resolved.

    Ok, I'm running WRV200_1.0.36.img on the router.

    1) I setup a VPN user with characters such as . (period) @ (at sign) and about any password. Cannot connect to the VPN.

    2) I setup a VPN user with all alpha characters and a password of nearly 35 characters. When attempting to connect, the router crashes (local users are not effected, but the web interface is no longer accessable and the VPN port no longer responds)

    I have not tried creating a long user name, but I suspect that bad things would happen.

    #2 seems to be the most severe issue as it means anyone can crash the router by simply attempting to access the VPN from the outside with a long password.

    This could also explain some random crashes reported earlier. Anyway, has anyone else experienced this? Can anyone validate my findings?


    // Joe

    I am / was using QuickVPN 1.1.0 (downloading newer version next)
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    You can't use "." when creating usernames for quickvpn. This has been one of the few things users posted a few years ago when quickvpn first came out...

    As of right now, I know the WRVS4400N only allows for "22 characters" for a quickvpn password for users. I'm having quite the success connecting to my 4400n using quickvpn 1.0.28; this version does not have certificates by the way, but the security (to me) is fine.

    I used a long 22 character password on my 4400n and there was no crashing; I was also able to open up file shares and move documents "Now," what I did notice is that if I let the connection run longer than an hour and got the "gateway is not responding" error, I couldn't log in anymore. I had to reboot the machine.

    I'll have to try this on the WRV200 in a minute and see if I get the same behavior... By the way, I'm using 1.0.37 on my WRV200.

  3. CalledToConstruct

    CalledToConstruct LI Guru Member

    However, the WRV200 allowed me to save the VPN user entry with special characters (no warning or error was displayed). How about your experience, if you try adding VPN users with various special characters, do you get a warning from the device?

    What happens when you add a user account with a super long password, do you get a warning or error?

    Also, what happens when you attempt to connect with a super long password? I'm guessing:
    1) quickvpn does not warn or error, but simply tries to connect even though the password is too long.
    2) The router will exhibit some strange behavior (buffer overrun?)
    3) You won't be able to connect, regardless of whether the account was created with the same super long password or not.

    Yuck on the 'had to reboot the machine'.

    I am currently using 1.0.36 on the WRV200 and 1.0.28 on my laptop. I am able to connect and use the VPN successfully with normal user name and password. However, I had to completely uninstall quickvpn, manually delete the IPSEC settings, then reinstall to get it working again (not sure why).

    I hope to have some more time today to test special characters in user name, long user name, special characters in password and long password combinations. It's a bit of a pain here at home, since I have to use a dial up connection to test the VPN... oh what we are willing to do to have new technologies. LOL

    // Joe
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    Depending on which version you're using, this may have allowed you to save the username as you did...

    I connected with a 22 character password and received no warnings nor any problems with "overflows" due to excessive information. Furthermore, the router did not display any strange behavior. In fact, I spent about 2hrs streaming "" without any incidence.

    If I neglected to reinterate earlier, "any" connection over an hour with no activity seems to cause the gateway to stop responding.

    I do know that using the latest version of quickvpn (1.2.8), I could not connect to my wrvs4400n using port 443; connection was only made using 60443 and "auto."

    Still more to see...

  5. DocLarge

    DocLarge Super Moderator Staff Member Member


    I blame you for the latest wrinkle, dammit! :) :)

    Prior to your post, I've been successfully trying the "long password" technique and its been working. After my reply to your last post, the quickvpn connection I was using with this "long password" technique dropped. On top of that, then the router packed up *heh* You put the "mojo" on my gear, didn't you? :)

    Anyway, using the reset procedure, I'm back on top again and everything is running fine. Of course, I'm going to have to try the long password thing again to see if I can replicate this...

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice