VPN help?
Results 1 to 8 of 8

Thread: VPN help?

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    228

    VPN help?

    Hey guys,

    I set up my VPN tunnels though my router, Linksys RV082 8 Port VPN, but have had trouble connecting through a client. I have attempted to use the bundled VPN Client, "Linksys VPN Quick Connect" as well as Windows VPN client. So far, I've only been successful while using the Windows Client after I set up my PPTP server.

    The thing is, for security purposes, I really want to use L2TP and IPSec. I also want to use the routers built in management consule because I like the idea of tunnels being authenticated at the router before they go into my network.

    Here are a few details: I use the 192.168.1.x subnet. I remember from a class a few years back that the subnets have to be different. Is this true? If so, I would probably be better off changing my network subnet to something like 192.168.20.x.

    This doesn't make sense to me at all. If I'm able to connect through a VPN from within a small city, should I be able to connect from across the ocean? The reason I'm asking because all these issues seem to be popping up.

    BTW, any good VPN tutorials out there?

  2. #2
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Uhm, ok, WHAT?!?
    This doesn't make sense to me at all. If I'm able to connect through a VPN from within a small city, should I be able to connect from across the ocean? The reason I'm asking because all these issues seem to be popping up.
    What does that have to do with anything you've described previously in your post?

    Generally speaking, your VPN clients should be allocated IP's from a different subnet/pool than your internal nodes. That being said, you can do it either way...if you have the infrastructure to keep track of which devices are where and route packets properly. Good luck on ginning that up on your own, though.

    I'd say go hit the Linksys doco pages for the router. http://www.Linksys.com > support > technical support > Easy Answers and put your model number in the text box and search. Lot's of good info there.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Please remember that some VPN protocols cannot be NAT'ed...

    This may help: http://www.tomsnetworking.com/2003/05/20/how_to/
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    IPSec using AH cannot be NATed because it will fail the auth check on the packet headers.

    If you can't hit your hosts, you more than likely have a routing problem or a protocol issue with your VPN setup within the router. These are the more common issues with SOHO router VPN tunnels.

    Happy Trails.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Senior Member
    Join Date
    Jan 2004
    Posts
    228
    Yeah, I was aware of IPSec through a NAT. I had VPN passthrough and IPSec Passthrough enabled. I changed my network at home to another subnet and everything worked fine, minus having the passthrough capabilities on my local router. I don't have any trouble connecting through PPTP though, which should be ok because it doesn't add anything to the router.

    From what I remember from class, the NAT will strip the header. If IPSec adds to that header, then NAT will end up ripping all of IPSec and part of the header which will corrupt the data.

    My problem was getting in with IPSec while using my WAN IP. I connected straight through my modem and wasn't able to make it work. I'll go through all the links you all listed and see if I can get it to work.

    Thanks

  6. #6
    Senior Member
    Join Date
    Jan 2004
    Posts
    228
    Originally posted here by zencoder
    Uhm, ok, WHAT?!?


    What does that have to do with anything you've described previously in your post?

    Generally speaking, your VPN clients should be allocated IP's from a different subnet/pool than your internal nodes. That being said, you can do it either way...if you have the infrastructure to keep track of which devices are where and route packets properly. Good luck on ginning that up on your own, though.

    I'd say go hit the Linksys doco pages for the router. http://www.Linksys.com > support > technical support > Easy Answers and put your model number in the text box and search. Lot's of good info there.
    Sorry, I just added in some frustration. I can connect from home and I tested the accounts. The guys in Washington say they have IPSec passthrough/ VPN passthrough enabled on their routers, but are unable. I just drives me crazy. They can't even get in through PPTP which shouldn't be a problem.

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    VPNs issues can occure for a plethora of reasons; you need to give us way more details about your setup such as:
    -endpoints makers/models/versions
    -network layout
    -ipsec filter / policies / SA
    -virtual / vpn interface ip assignment methode (if any).
    -vpn protocol used (eg: pptp, l2tp, ipsec (ah / esp / esp nat-t) )

    Etc...


    Ammo
    Credit travels up, blame travels down -- The Boss

  8. #8
    Senior Member
    Join Date
    Aug 2002
    Posts
    123
    Make sure that NAT TRAVERSAL is enabled.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •