Quickvpn freeswan & firewalls

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by ReRun, Jun 14, 2006.

  1. ReRun

    ReRun Network Guru Member

    Hey, my 1st post. I have been in (when I have a new WRV54G to install) and out (after I gave up) of the forums for months now. I finaly got serious about learning VPNs. Not that I know anything yet. Its all alpabet soup of TLAs and a bunch of how-to that never seem to tell me what the h*ll everything is actualy used for. ANYWAY, I decided not to he-haw around about posting after I ran across this little surprise.

    I installed a WRV54G w/239 this week at a remote location. (Little side note here, do a hardware reset after you flash. Seems to have removed a bump or two I was having. Plus, the *snicker* techs will make you do it when you call.) I am trying to XP VPN into the router with the IP Security Policies thing from behind a Microsoft MN-500 dawg of a router. Well, as you guessed, none of that worked. Tried some port forward and DMZ but ended up just connecting directly to the Internet. That worked. Maybe it was because I was using the public IP I recieved in my configurations or maybe the firewall was a problem or both. The instructions I read and the help I got from Linksys seam to say to use your WAN IP on the router for your XP settings but doing this never produced any packet traffic for me on ping. Using my 192.x.x.x IP from behind the router at least produced traffic but never worked. I remember reading somewhere about typing in a static route in DOS but is sounded so freaky that I didn't try it and have no idea where I read it from. I include all this to possibly get some of these questions answered in this topic.

    Now, I will try now to get to the point. I need my customers to be able to use VPN where ever they go, not dork around with GRE at every hotel they stay at. I caved and installed QuickVPN. That connects but Windows Remote Desktop RDP only brings up a nice black screen and times out. Well, I started looking at QuickVPN. It installed a nice, little set of settings in the IP Security Policies called Freeswan. Has all the nice Host to remote host filter actions, IPs, Preshared keys and EVERYTHING in it. Assigning it manualy does nothing of cource without the QuickVPN interface and username password combo. QuickVPN does assign it after the GUI goes through. What is QuickVPN doing that gets this to work past my firewall? Is it something about this Username/password part like some kind of CHAP thing or what? The reason I bring it up is, what the heck makes QuickVPN punch through this dawg of a firewall of mine but MY settings just fall flat on their face? I installed QuickVPN because soooo many people seam to say that its that or bust when you have a lame router with GRE problems.

    What am I missing here? Some of you, please step up to this plate and look through freeswan settings in Windows that QuickVPN installs and crack this puppy wide open for the good of all us sappy linksys customers everywhere! Stand up and unite against this slop! :cheering:

    Oh, and thanks 1,000k for all the hard work you have done over the years. You know who you are.

  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    What's happening?

    You missed the revolution on this one :D

    The answer to this problem was the WRV200 router that's currently out. In the meantime, if you're still supporting WRV54G's, quickvpn is designed to work "spefically" with the WRV54G/RV0x/WRV200 line of routers. Port 443 is "open by default" to listen for quickvpn connections. If you're having problems, a "helluvalot" of us have posted fixes for getting quickvpn to work and I rolled it all together into the "Quickvpn Setup Guide" which is due for revision shortly.

    Unfortunately, you'll have to "hang it up" getting GRE to work with the WRV54G "unless" you can modify the config file to allow GRE. Somebody in the forum posted a few weeks ago and said they were able to get GRE to work with their WRV54G by modifying the config file; I'm still trying to remember who that was...

    Short of that, quickvpn is your "only" solution with the WRV54G unless you want to configure a tunnel for each of your folks while they are on the road; it's gets difficult with the amount of changing ip addresses of road warriors...

  3. ReRun

    ReRun Network Guru Member

    This is what I am thinking when I read your reply. Now remember, this is from a vpn novice, but wouldn't it not matter that the WRV54G has a problem passing GRE not matter if it is my tunnles endpoint? I can see my MN-500 causing a problem but I am not behind the 54G. Or does GRE have something to do with RDP?

    Thanks in advance,
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    I apologize, because I didn't really understand what you were trying to say in your last post, could you run it by me again?

  5. ReRun

    ReRun Network Guru Member

    Well I have started to learn a few of these TLAs enough to do better searches on altavista. What I learned about QuickVPN and the XP/2000 IP Security Polocies is this:

    QuickVPN does not use AH, it uses ESP. I don't see any way on the PPTP settings page in this WRV54G to change this. AH requires the IP information to not be changed to make the packets tamper proof. ESP does it differently to watch for tampering like man-in-the-middle attacks (something that makes PPTP one of the best vpn securities). I setup a rule just like the freeswan that QVPN makes in the security poloices with my own PSK and did the settings as best I could but I still get time outs and no tunnel.

    I will keep reading and testing and posting here.
  6. ReRun

    ReRun Network Guru Member

    Fixed my black screen on Remote Desktop with Quick VPN. I unchecked the Bitmap Caching option in RDP and now the login comes right up. Maybe I can use QuickVPN after all. I did drop my MTU down to 1430 and may try to raise it back up and see how it goes. I tested opening my remote shares outside of Remote Desktop by both IP \\10.x.x.101 and \\pcname and now only the IP will open the files. I still can only copy files down and not up.

    At least I can remote manage the PC. STUPID CHECKMARKS
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice