Re: QuickVPN issues - Page 2

Brian Bergin · ‎04-08-2009

We have a couple of customers seeking to use QuickVPN to allow their employees to connect to RV0x2's (one is a 42, the other an 82). We ensured both had the current firmware (1.3.12.6-tm for the 42, 1.3.98-tm for the 82). Created a test user account then proceeded to install QuickVPN 1.2.11 downloaded yesterday from the Cisco web site. We installed first on a Vista Ultimate SP1 (fully patched through March 2009's update cycle). The client installs fine then returns the error:

Failed to establish a connection.

This could be caused by one of the following:

1. Incorrect Password (I've checked, rechecked, and checked again, it's right)

2. No valid IP for the network card. (What network card is it talking about? The NIC on this computer allows ful LAN and Internet access so it obviously has a valid IP)

3. Incorrect server address. (One location has a server that has RDP enabled through the RV082 and I can copy/paste the address into mstsc.exe and connect with no problems so the address is correct).

4. Windows Vista with Windows Firewall disabled, which disabled IPSec service. (The Windows Firewall service on this Vista box is running as is the IPSec Policy Agent. Also, regardless of the Windows Firewall state, the Cisco VPN client works perfectly so I'm not convinced the statement that IPSec can't work if the WF is disabled unless the Cisco VPN v5 client uses a different protocol.)

5. Local IP address conflicts with the subnet of the remote VPN Server. (the local subnet is 192.168.100.0/24, the remote is 192.168.1.0/24 so no conflict here)

So we moved on to a XP Pro SP2 box. Again, we setup the same connection using the same QuickVPN software downloaded earlier yesterday. On the XP Box we received the following errors:

1. Incorrect Password (I've checked, rechecked, and checked again, it's right).

2. No valid IP for the network card. (What network card is it talking about? The NIC on this computer allows ful LAN and Internet access so it obviously has a valid IP).

3. Incorrect server address. (One location has a server that has RDP enabled through the RV082 and I can copy/paste the address into mstsc.exe and connect with no problems so the address is correct).

4. You may need to dsiable your Windows Firewall (Tried that, made no difference).

5. Local IP address conflicts with the subnet of the remote VPN Server. (the local subnet is 192.168.100.0/24, the remote is 192.168.1.0/24 so no conflict here).

We then tested the Cisco VPN v5.0.05 client on this XP Pro SP2 box and was able to instantly connect to remote Cisco ASA VPN hosts with no problem as we were with the Vista box.

So then I called Cisco Small Business TAC support for VARs. I gave them the SN of one of the devices and was told that since it was out of hardware warranty that support wasn't really able to help us. Huh? VARs can't get support for products we've recommended? We weren't looking to have a device replaced, only find out what QuickVPN, a product that has a less than stellar history, won't work on any system we try. Cisco has changed a long time policy with no way to renew support services like buying SmartNet contracts (which I'm not opposed at all to recommending to customers) to ensure continued access to support. I highly recommend that Cisco reconsider supporting VARs lest we start recommending customers buy products from a different vendor.

In the end, does anyone have any suggestions on why the Cisco VPN works and the QuickVPN won't? Honestly, I'm back to wishing that these products supported PPTP up to the max connections becuase I never have any problems with PPTP, but the limits on PPTP on these prevents me from using that as the solution.

Thanks...

Te-Kai Liu · ‎06-13-2009

[quote]I can ping from the GreenBow VPN Client PC to the VPN router subnet and PC's behind the VPN router. But if I try to ping from within the WRVS4400N VPN network out to the remote GreenBow VPN Client network, the pings fail with no response.[\quote]

Check the firewall setting on the PC you were trying to ping. Its firewall may be blocking the ICMP Echo Request/Reply packets.

[quote]Also, I thought that NETBIOS traffic would pass when using this VPN Tunnel connection, but it seems that it does not! [\quote]

You are correct. NetBIOS can pass over a Site-to-Site VPN tunnel, if you check the NetBIOS option in the Advanced section of the VPN>IPSec page on both routers. Cisco has a dedicated support team helping this type of problems if you call them.

staticfree2 · ‎06-13-2009

Hi, yes thanks for the reply! I did disable the firewall on the router and it allowed the pings to succeed in the outbound direction. So it was indeed the firewall causing the failed ping in that one way direction.

As for the NETBIOS traffic should pass when using site to site VPN Tunnel (not QVPN), I do have the NETBIOS check box enabled but it just does not seem to work. I'm using a tunnel to the GreenBow VPN Client software. So I don't know if that may have something to do with upsetting the NETBIOS traffic passing.

DmentionSystems · ‎08-17-2009

I just wanted to put a note in here that the QVPN client is unacceptable. It should not require admin. Over the last several years we have purchased and installed 15-20 RV042 for both our office and clients. Not one has failed. QVPN has been the one black mark on the RV series. During the time we have been using them i have tried every few months to try to get QVPN to work... I have never succeeded... We use the PPTP server but just now are staring to have issues with the 5 account limit. QVPN is a junk piece of software looking to solve a problem that doesn't exist. (except that Linksys/Cisco artificially created the issue with the PPTP limit)

CISCO:

DROP QUICK VPN AND REMOVE THE 5 USER LIMIT ON THE PPTP SERVER!

David Hornstein · ‎08-17-2009

.

DmentionSystems · ‎08-17-2009

FYI, I did talk to your Support guys... They did get it to work but unfortunately we are still stuck with the problem that it will not function on 64 bit operating systems and you need admin to run it. It seems you could save loads of money by stopping support for QVPN and just remove the PPTP Server Limits.

I'll re-try it on some legacy XP SP3 machines again and give it one more try when I have access again tonight....

richard

daviddun · ‎08-17-2009

Good Afternoon,

I am sorry that you have a problem using the Quick VPN client. Most computers have a built in VPN Client that works with little or no problems with RV series routers. I have worked with the RV series routers and find little or no problems in getting the QVPN to establish and pass traffic. I am sure if you update the firmware the past problems that you might be having will go away.

DmentionSystems · ‎08-17-2009

Just went through that. I had high hopes that QVPN might work this time but to no avail. I used the latest firmware and QVPN client. Another issue is the need for admin. That alone is a huge detractor and possible disqualification. I am currently running vista 64 and I tried it on my personal xp sp3 machine. It would not work on either. I tried many tricks suggested on various pages and none worked.

We all use the built in MS VPN Client and PPTP server and that has always worked flawlessly (as you mentioned). But that is limited to 5 users. Is there a back door key or firmware that can remove this limit that you are willing to share?

Richard

vreid_47362 · ‎08-31-2009

Just a quick reply to drop QVPN and remove the PPTP concurrent user limit.

Also, here is a free VPN client that may work with the client VPN component of the RV Series: http://www.shrew.net/software