RV082 and PPTP with Windows XP VPN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by djspeed, Nov 12, 2005.

  1. djspeed

    djspeed Guest

    Phewwww..... Finally got a VPN Client solution to work. Recently upgraded from a BEFSX41 to an RV082. We will be upgrading our two satellite offices in the future from BEFSX41's to an RV082 and an RV016 in the coming months and moving the 41's to two home offices to facilitate the coveted "work from home" option for some of our management. Our primary reason for doing the upgrades was to obtain additional VPN tunnels to let us connect the home offices but ALSO to give us the ability for client VPN's for some road technicians that needed access to the company network. BINGO! We thought we had the solution with the RV series and the QuickVPN software. hehe... apparently we were wrong. Chalk this one up to not doing enough research before selecting a solution or we could have found all of the ramblings on the QuickVPN problems before we experienced them ourselves.

    In any case, after 2 days of failed attempts at getting QuickVPN and even GreenBow VPN to connect successfully, we looked into the PPTP server onboard the RV082 and used the Windows XP VPN client. Within 5 minutes we had a fully functional client VPN with no need for 3rd party software on our client PC's.

    The question I have is....did we just get lucky? Or is there a reason that the built in PPTP server would not be a preferred and widely used method for VPN connections on the RV082. I noticed a few posts discussing the RV042 not having functional firmware to allow PPTP, but the RV082 worked like a charm.

    Any input on this would be great. We even managed to get the PPTP solution up just with the on-line help screen though the RV082. Hehe...I was actually pretty shocked when it just logged right on.

    ---No longer dismayed with our new purchase...
  2. TazUk

    TazUk Network Guru Member

    IPSec is widely regarded as being more secure than PPTP and so is the preferred method for VPN's :)
  3. DocLarge

    DocLarge Super Moderator Staff Member Member

    Just as Taz stated, pptp is alright, but you'd much rather be using IPSEC. Greenbow will usually fail if you don't set your gateway's as such:

    local secure gateway: (You Local LAN)

    remote secure group: any

    remote secure gateway: any

    You can normally get the greenbow vpn client to connet with these settings. Here's a link to review that's good for all linksys model routers to connect with greenbow:


  4. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    For part time connections, such as "road warriors" connecting from the road, or the occasional home user, I consider PPTP just fine.

    For full time connections, "home workers", or "site to site VPN tunnels" bringing a WAN together, yes you would prefer a strong IPSec tunnel.

    As you notice, the QuickVPN client can be finicky, as I've noticed with some other software clients, like Sonicwalls, etc. But the PPTP server in the RV082/016 models...works like a champ every time.
  5. Thominator

    Thominator Guest

    XP Client Setup Info Request

    Would you mind posting your router's VPN settings for the PPTP XP Client setup, I've been pulling hair out trying to get it to work.

  6. burble

    burble Network Guru Member

    I found the XP VPN wizard default settings to work.

    1. Network Connections -> Create a new connection
    2. Next...
    3. Connect to thet network at my workplace (VPN)
    4. Virtual Private Network connection
    5. Enter the name of the connection icon in "Company Name"
    6. Do not dial the initial connection (or if you need to)
    7. In the hostname/ip enter the external WAN address of the RV082. Or, if you have a DNS pointing to it, that name.
    8. If you get asked for a smart card, "No".
    9. Finish!

    For the settings on the RV082 PPTP Server page, I have:

    [X] Enable PPTP Server

    Range Start: [200]
    Range End: [204]

    For the username/password list, enter a username, and a password, then click "Add to List." Remember to click "Save Settings" at the bottom of the page. I tend to forget that step!

    If you can view your RV082 PPTP Server page, load it up and refresh the page while you connect.

    On the remote system, click on your new icon and enter the username and password as configured on the RV082 under the PPTP users list. Click connect. If it seems to get stuck at the "Verifying Username and Password" stage, refresh the PPTP Server page and look at the bottom.

    If you see a connection appear, but no username, and the remote times out, your remote firewall might be blocking IP Protocol 47 (GRE). If you can reconfigure it to pass PPTP, try that; if not, you're SOL. (I am in that boat)

    If it works, the remote will be verifying username and password for a few seconds, and then it will zoom down to the taskbar and all your IP traffic will route through the PPTP connection. You should now be able to Remote Desktop, and open shares on your computers. Note that, you might have to resort to IP addresses instead.
  7. chibisak

    chibisak Network Guru Member

    Newbie to this forum,

    Burble, I did have the same setup as u post above, however is not working....

    I did try the VPN client which works but any idea to make the PPTP work?

  8. burble

    burble Network Guru Member


    How far through the PPTP connection did you get?
  9. chibisak

    chibisak Network Guru Member

    Most of the case it give me an error 678 on 2k/XP PPTP client.

    At one time i am able to get the verify the username and password. but after that i dun see the username on the web menu and i got another error i believe is 619..
  10. burble

    burble Network Guru Member

    Hmm.. tcp connections to port 1723 might be blocked.
  11. DocLarge

    DocLarge Super Moderator Staff Member Member

    That's exactly what it is. Linksys has blocked port 1723 (PPTP) and Protocol 47 (GRE) from passing through the WRV54G and RV0XX line's to prevent third party vpn clients/processes in order to promote quickvpn.

    Unfortunately, if you want to run a vpn server or connect with a third party vpn client, you'll either have to connect the machine in question "directly" to your xdsl/cable modem or put a router in front of your RV router that can do NAT-T, PPTP, and pass GRE, such as the Linksys BEFVP41 and the SMC SMCBR18VPN routers.

  12. chibisak

    chibisak Network Guru Member

    I have added the 1723 PPTP service pass through on the firewall.
    unless the ISP block the GRE, otherwise i dun get why not working, because the RV082 has VPN/PPTP

    maybe i am wrong
  13. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    Error 678 usually means "no answer"..that you're "dialing" the wrong IP address. On Win2K...pre service packs it was a bug in Windows 2K..fixed in SP2 I think. But I don't ever recall it being a bug in XP.

    If IP type 47 is blocked..error 721 is more common.

    Double check any software firewalls you're running on the machine you're dialing from. And hardware firewalls protecting the network you're dialing from. Make sure MTU on your hardware firewall is set correctly according to your broadband type, 1492 for PPPoE DSL, and 1500 for bridged DSL and cable or frame.

    As a poster above noted....when enabling the PPTP server on the RV0 router...and adding users..make sure you hit that "save settings" button on the bottom of the web admin...I've missed that myself.

    If you've done any "tweaks" to your TCP stack of the machine you're dialing in from, you may want to redo your TCP/winsock from scratch. If using XP, use the Winsockxpfix
    If on 2K...easy to remove TCP, reboot, and add it again. If still using old Win9X, just install the latest DUN for Win9X, I think it's 1.4, can get from Microsoft.

    Check for malware on the machine you're dialing from also...lots of it scan screw with the winsock files, need a clean system.

    The network you're dialing in from should be on a different IP range than your destination/office network...that you're dialing into. Meaning, not both on 192.168.1.XXX. But have the office on something like 192.168.3.XXX.

    Those things being said and attended to...you should be able to connect, I've deployed over a dozen of the RV0 routers...and I find their PPTP server to be very rock solid, reliable, dependable, etc.
  14. burble

    burble Network Guru Member

    I tried my PPTP attempt again from my work. The error I get is error code 619.

    I did a packet trace and I found that in my case, the TCP portion of the negotiation completed successfully. That is, port 1723 traffic worked fine. The GRE packets (IP protocol type 47) however, failed.

    the XP machine sent out GRE packets, but received no response.

    I don't think I've managed to get to the 678 error code yet.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice