VPN newbie (is WRVS4400N right for me?)

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by swiego, Jan 10, 2007.

  1. swiego

    swiego LI Guru Member

    Hi! First time poster here so go easy on me :)

    I'm pretty familiar with PCs, servers, etc., but very green on networking, so I apologize in advance if I butcher some terminology!

    I have a small office network that I'd like to network together and get access to remotely. Internally there would be only four desktops/servers but I need them to be connected together via gigabit if at all possible... and the faster the better. (e.g. jumbo frame support, etc. all would be nice-to-haves). I also need to be able to support a few Wifi clients in the office... nothing fancy, just laptops that need to connect to these servers. Also need internet access via cable internet to the office. (I think that's where I'm plugging the cable modem output into the WAN port of the router, right?)

    I also want to be able to VPN in so that I can work remotely (say, from the local coffee shop) but have my laptop appear as though it's connected to the network. Two or three others would need this ability but not more than that... we don't need a lot of horsepower when we're connecting externally... just enough to connect to internal servers from client software running on our laptops, mount/map drives, etc. Don't need to support hundreds or even tens of VPN users. But reliability would be nice.

    It seems to me that the WRVS4400N might be the perfect device for me. I was wondering if (a) someone could read over the above and tell me if it is or isn't a good fit for me and regardless, possibly recommend some alternatives. I'd also like to hear your opinions - does this device work well?

    I *think* that I can do what I want with a gigabit switch, a 802.11g router, and some Linux server running VPN server software I guess, but that seems like some work to setup. I'm hoping to get an all-in-one-box solution that simplifies things for all of us. Thanks in advance!
  2. swiego

    swiego LI Guru Member

    Oh, I went through the many posts on this board. This router is starting to give me the creeps. Sounds like nobody is able to get the VPN software working. Should I be looking elsewhere, or trying to piecemeal my solution using multiple devices? That this does everything in one box appeals to me, however I don't want to be buying a reliability nightmare. I'm not an advanced user, just need its basic capabilities (VPN, switch/router capabilities) to work.
  3. DocLarge

    DocLarge Super Moderator Staff Member Member

    The router is fine for vpn "if" you're going to be using the 5 IPSEC tunnels. Right now, quickvpn's latest release is not passing information through the tunnel. You can make a connection, but after the initial connection, traffic is not being passed.

    I'm having "complete" connectivity dropouts with mine in conjunction to what I've mentioned above. This may have something to do with my using it on an ADSL connection with an ADSL ethernet modem. Also, I've noticed that my wrvs4400n will establish an internet connection if I allow it to obtain it's dhcp address from my ISP, but if I set it to "static" (which is the connection I have) and input the static values myself, it won't connect to the internet. Interestingly enough, I can set my wrv200 for both "obtain ip automatically" and "static" and connect to the internet without problems.

    Long story short, the unit needs work. Yes, it's a great product, but it's something that's going to require some "field fixes" from users like myself who own it (similar to what we're doing with the wrv200). Now, if you're using a cable modem connection, the issues I'm having may not even be a factor for you, so there's a positive :). The router would be perfect for what you're looking for as long as you understand that every new product has a few "bugs," as we get more info, we pass it on to the development guys and try and get a quick turnaround. Again, this is how we're approaching the WRV200 and as you notice, new beta versions are coming out almost at a monthly rate as opposed of "every so often."

    If you're really not comfortable with it, go for the WRV200, firmware 1.0.24 with quickvpn version .39; no, there's no security issue with the firmware any greater than you parking your car on the street. It's fine for use...

  4. swiego

    swiego LI Guru Member

    Thank you!

    Thank you for the response.

    From reading your post and others, I think I will go with another brand. From reading this site, one gets the impression that the Linksys VPN routers tend to be pretty buggy. I was only interested in them for the quickvpn capability and if that's not absolutely reliable, then the products are not appealing to me. I disagree that every new product has bugs. I've used many products, including software that were essentially bug-free and did not require fixes. Included among them are some routers and switches although I have to admit, routers in general seem to be pretty buggy.

    I'm not sure if people can recommend something else that would fit my needs even if it's out of the linksys space. I don't care much what the brand is, only that it works reliably. "Monthly fixes" sounds kind of scary to me. The WRV200 also seems to be pretty buggy. The most popular topic on this board is about dealing with WRV200 bugs.

    Just to be honest here, as someone who came here to research products, this site really dissuaded me from considering Linksys :(
  5. docinthebox

    docinthebox LI Guru Member

    You can consider the WRT350N. dd-wrt v24 beta was ported over couple of weeks ago. There are still a few quirks like the USB storage link doesn't work. But no one has commented on the OpenVPN server yet. dd-wrt is well written firmware compared to Linksys stock firmwares. Also, the hardware you get for the $180 is not bad either, including the BCM-4705 processor which should be pretty fast. The gigabit ethernet probably does not support jumbo frames. But on the good side, you get a USB storage link so you can have a file server (when they finally get it working under dd-wrt, which they will given time, like the case with WRTSL54GS on which dd-wrt now works very well).

    If you're okay with a not so secure VPN solution, dd-wrt also allows you to run a PPTP server so you can use the Windows PPTP client to connect easily.
  6. DocLarge

    DocLarge Super Moderator Staff Member Member


    your aprehension is understood. In order to minimize the "bugs," a few of us have volunteered "our" time (normally, after a full days work) to lend a hand in reducing the amount of failed features these routers are shipping with. Yes, we've asked the question "How the Hell did this thing make it out of product review an onto the shelves?!??!!" but it appears there's a process missing or neglected when the boxes are being put together.

    It's not our place to get into the politics of what goes on "inside" Cisco-Linksys, however, by them giving a few us access to tell them directly what's not working out here in the "real world," meaning someplace away from their sterilized lab findings, they gain real insight into user problems. No, the users shouldn't have to find faults, however, on a positive, the linksys community now has a "direct" line to Linksys development when problems do occur (something I'm betting you just won't find with Dlink, Netgear, SMC, or any other companies).

    Sorry if the answers you were looking for weren't the best to offer, but the testing team and myself are hoping to improve things :)

  7. swiego

    swiego LI Guru Member

    I took a chance on the WRVS4xxx router. In all functions except VPN it has been a joy to use. The configuration is easy, the performance is incredibly fast of 1GbE, everything works fine.

    So I tried setting up VPN in hopes that the most important feature of all (in terms of my need) would parallel the rest of my experiences. Ha. I went into the router and created a VPN client account (username and PW). Installed QuickVPN 1.0.39 and it gets stuck on Verifying Network... I'm using a friend's local Wifi connection to test connectivity from the "outside" - could it be a problem with her router? Is there some configuration that should be done there? What am I supposed to do?

    I see references to 1.0.47 quickvpn but it's not on the linksys web site. I am at a loss as to what to do right now. Is there a checklist of things I should verify?
  8. swiego

    swiego LI Guru Member

    Updates -

    - I learned that my remote network and current network can't be in the same subnet range. They both were 192.168.1.x. So I changed my remote subnet to 192.168.11.x and now I can VPN in to connect.

    - I also learned that the 1.0.47 update of quickvpn beta seems to require corresponding firmware upgrade on the router, which this one doesn't have. SO... don't install it! (If you do, you can always go back to 1.0.39 by uninstalling and reinstalling.) There is a 1.0.40 version on this site but I'm not sure what it does or whether I should try it.

    - I can ping machines (windows PCs) in my remote network by turning off my windows xp sp2 firewall. Feels risky but at least I can ping them. Firewall up = no pinging at all, in fact no nothing.

    - I still can't open up a share, for example I have a windows share in a PC called and doing Start | Run | \\ gives me the "network path was not found" error. However I can ping this box, and I can open that machine and its share from a PC inside the network. Update: if I turn off Windows firewall on this internal box (too) then I can open up shares to it. Yikes... this whole VPN thing is pretty anti-firewalls!

    - I learned about the RDC port forwarding thing, set it up and I can successfully do a remote desktop connection to the same, which is nice.
  9. DocLarge

    DocLarge Super Moderator Staff Member Member

    With a software firewall in place, you have to "allow" certain connections to come in; what you are experiencing is "exactly" what's supposed to happen if an unknown request comes in :)

    Depending upon the brand of SW firewall you use (Norton, Black Ice, McAfee, Windows), you'll need to make a rule(s) that lets protocol 443 through the firewall.

    By the way, what type of medium do you use to connect your WRVS4400N to the internet (Cable, xDSL, ISDN)?

    Additionally, I've used my WRVS4400N for site-to-site vpn tunnel connection to a Linksys WAG54G/WRV54G/RV042/WRV200 and a CISCO PIX 501; the performance is solid!! There's (yes) a "minor" bug in creating the vpn tunnel. In "advanced settings of the vpn tunnel page, you have to change the option from "local ip address" to input the ip subnet for the routers handling the vpn tunnel to "name," save it, then change the option back to "local ip address," save it again, then the tunnel will work. I've already passed this on to the developer who'll be working the project and I'll follow up to see if they've been able to fix it.

    Another issue I ran into is that my linksys routers are running the US firmware, yet I connect them to an ADSL connection over here in London, UK (I'm American living overseas). I'm using an ADSL ethernet modem to make my connections and it's been fine, however my Linksys routers behave "waaay" differently over here, such as when any of them are set for DHCP, they lose internet connectivity within 48hrs and I have to do a reebot. If I set (for example) the WRV54G, WRV200 to "static" (I have a static ip) they work fine. However, if I set the wrvs4400n to static, it won't connect to the internet at all. To get around, that, I had to use another router as an "edge" router; once I did this and put the wrvs4400n on a separate segment behind it, I can now set it to "static" and get the "full" use from it (vpn, Qos for my two vonage routers running behind it, etc...)

    I've got an Infrant ReadyNAS NV+ that has a gigabit port and supports jumbo frames connected to my WRVS4400N:

    http://www.infrant.com/products/products_details.php?name=ReadyNAS NVPlus

    I'm moving my files off of my Windows OS file server to this unit; the wrvs4400n and this unit were made for each other. The transfer speed is like "Whoa!"

    In short, I'm now starting to like this router after now having found out that the medium to connect to the internet may be the cause why alot of the users here in the forum are having problems with their routers. For example, toxic can leave his WRV200 set to "obtain ip automatically" on his cable modem connection and he can run vpn tunnels fine; I can't. I have to set my WRV200 to "static ip" on my "ADSL Connection," then I'm able to run vpn tunnels.

    I think the disparity has been found...
  10. swiego

    swiego LI Guru Member

    I've been generally pleased with this router, now that I've gotten to understand it, though displeased with the general lack of information about how to actually make everything work properly.

    I am using a regular cable modem with DHCP. That part works well. Also working well is the phenomenal gigabit ethernet part. I have four systems connected to the four gig-e ports with jumbo frames enabled on all devices, and performance is just stunning. I wish I had more ports so that we could plug my laptops in as well when I need to move big files.

    I'm not using mine for the site-to-site VPN. I am only using it to VPN into my office network from remote locations like a client's place, a friend's place or the local coffee shop. Quickvpn installs well but that's where things end. The amount of firewall configuration that needs to be done (on the linksys router, on my remote connection's router, on the XP firewall on EVERY PC INVOLVED) is phenomenal, and none of it is documented anywhere except in various messageboard posts scattered through the internet. Need remote desktop? Well you have to tweak firewall #1, #3 and #4 like so. Need to access remote shares? Well you have to tweak A, B, C, D and maybe E depending on whether F is G or not.

    I've gotten it working but it's hit or miss--it really depends on the firewalls wherever I am. Worse, the whole thing about accessing windows shared folders and printers is still up on the air... I usually can access them via IP but still can't access them by the machine name, and I still don't know how to get the router to always assign certain PCs certain IP addresses. (In my old router you could tell it to assign a particular IP address to a particular MAC address.)

    At least I have a rough idea of what MAC addresses and all are. I can imagine someone less knowledgable about firewalls and all being completely lost with this router.
  11. DocLarge

    DocLarge Super Moderator Staff Member Member


    I put together a "Quickvpn Setup Guide" a while back that helped "a lot" of people get quickvpn configured. Had the link been up (we were doing some fine tuning), this probably would have helped you a little bit:

    http://www.linksysinfo.org/forums/showthread.php?t=47114 (Quickvpn Setup Guide)

    The intracacies setting up quickvpn is nothing new. Prior to any support from "Linksys," we (linksysinfo) were the only ones who knew how to set it up consistently. Oh, the quickvpn setup guide was based on procedures with the WRV54G (which are still applicable today).

    If you didn't know, quickvpn is it's "own" beast; it's not like using PPTP where an address is translated from the vpn server to the client. Quickvpn establishes itself based on it's authentication to the router (this method "is" secure; Linksys, like most other vendors, is refining this process to make it more secure). That being said, there is no Netbios traffic passed through the tunnel; the workaround is by actually installing a WINS server. Otherwise, all sharing/mapping will have to be done by ip address of the system you want access to.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice