cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8476
Views
0
Helpful
17
Replies

QVPN Works Only When.....

Alejandro Gallego
Cisco Employee
Cisco Employee

This is not a rare problem that only happens when we use a certain OS with a certain router on a certain day. It is no secret that QVPN can be problematic and inconsistent. This thread is meant for everyone to post both success and failure with the software. This thread is NOT meant as a place to rant about how much of a failure Cisco, QVPN or Router X is. This is meant to be constructive and to assist in finding common problems with particular scenarios.

BEFORE you post please read this post in its entirety so your voice can be heard. Cisco is not in the business in creating software that is incomplete or use its customers for testing incomplete code; even though it may appear to be the case with QVPN. That being said, this is how to post on this thread and how NOT to post.

A constructive post:

I have a WRVS4400N v2 router with FW 2.x.x; my internet connection is DSL and the modem is in "Bridge" mode. My public IP address is on my WRVS which is 34.x.x.x (Please do not post your full IP address). My local network (LAN) IP address is 172.16.x.x /24 and I am trying to connect from multiple locations. Being at a cafe, friend's house, and from work all with no success. From all locations the application hangs on "Preparing Network" and will time out. If I look on the router via remote management I see my user name as connected but the application timed out.

OS is Vista 32bit

A non-constructive port: (will be ignored)

This thing has never worked and I have tried everything. I have a WRVS router that never does what I tell it and port forward fails all the time. My computer is a PC and it works everywhere so I know its not my modem. Cisco needs to refund my money and I want a new Cisco 3950 and PiX firewall.......

(you get the picture)

Because QVPN creates an IPSec tunnel here are some pre-requisites which are not directly related to QVPN. Please make sure these conditions exist before posting your problem.

Remote and Local networks cannot be the same (ie. 192.168.1.0 and 192.168.1.0). It would be a good idea to set up your router with an IP address (local) to something like this: 192.168.247.0 /24. This is an address that is not very common and would assist eliminating known issues.

If you are running Vista make sure your Firewall is ON and QVPN is in the list of allowed programs (this has nothing to do with the application as this is typical OS behavior) if you have XP the firewall needs to be OFF or QVPN in the list of allowed programs.

For you W7 users follow the advice for Vista, if you have problems installing or running the client, right click the .exe file and run it under compatibility mode. Again this has nothing to do with the client as much as has to do with a brand new OS. The same problems existed when Vista first came out.

If you are really having problems please create a post or call Cisco Small Business Support at 1.866.606.1866 and start a case.

Again the purpose is to try to find common links in configurations which have no problem connecting and to those which are not able to connect using QVPN. This is a discussion where as a community we can work together and correct or find work arounds to QVPN problems.

Thank you,

Alejandro.

17 Replies 17

rbinning1
Level 1
Level 1

Ok lets get a start on fixing this. I have a gateway to gateway VPN configured and working with the RVS4000. Its a little sluggish for file sharing but hey...RDP is fine. I installed quick VPN on windows server 2003 R2 at my home thinking that I could create a quick tunnel to RDP some admin duties. To this point I have no luck.

  First of all maybe Win 2003 is not supported and I should use their built in software? You tell me.

  Now if it should work here is my network topology:

  Gateway 1 = WAN = DynDNS (DSL)

                      Lan = 192.168.1.x/24

                      Workgroup No AD

                      8pc units XP home/pro

  Gateway 2 = WAN = DynDNS (DSL)

                      Lan = 192.168.2.x/24

                      Workgroup No AD

                      2 units xp home

Network I would like to connect:

  QuickVpn Client  = Wan = DynDNS (cable)

                               Lan  = 192.168.3.x/24

What I have done so far on the router side in prep for QVPN

1) Added a remote client

2) Created a new tunnel

3) Copied the local settings from working VPN Tunnel

4) Changed remote to

Remote Group Setup  = IP Only
IP by DNS resolved   0.0.0.0
Remote security Group Type=subnet
ip Address = 192.168.16.0 (tried 192.168.3.0)
Netmask = 255.255.255.0

On QVPN I am pointing to the WAN IP of Gateway 1. (I figured I would help the name resolution along).
Port Set to Auto
Same error over and over
Failed to Estblish Connection
This could be cuased by one of the following....
blah, blah, blah

I'm not sure what more to do. My local firewall is enabled to let VPN passthrough?

Any thoughts?

Rob

What I have done so far on the router side in prep for QVPN

1) Added a remote client

2) Created a new tunnel

3) Copied the local settings from working VPN Tunnel

4) Changed remote to

Remote Group Setup  = IP Only
IP by DNS resolved   0.0.0.0
Remote security Group Type=subnet
ip Address = 192.168.16.0 (tried 192.168.3.0)
Netmask = 255.255.255.0

The only thing you need to do is just add the VPN user and nothing else. The QVPN client will automatically configure the tunnel so creating a separate entry is not necessary. That and let us know if you are able to connect.

Thanks for the reply. I have added the user. Still nothing. I am quite happy with the gateway to gateway but this is frustrating....

Hello, I think that your problem is that you are trying to setup the QVPN in the wrong place in the router.

Here are the steps:

1- Go to VPN - VPN client accounts on the router

2- Create an active user and add it to the list.

3- Save the settings

4 - Go back to the VPN client access screen and click on the Generate button. (This will generate an internal certificate for the router itself. Please generate this certificate evrysingle time you do any changes to the users).

5- Done, you should be able to acces the VPN.

NOTE: Make sure you are using the latest version of the QVPN software, as of right now, that version is 1.3.0.3.

If you are using windows vista or 7 you need to enable the windows firewall, disable it if running XP.

If you still have issues, contact your ISP provider on both places, the local and remote network and find out what is the status of ports 500, 4500, 443 and 60443. They all should be open for the QVPN software to work.

Hope this helps

Hello,

Thank you for the reply.

I have done the following to no avail....

Added user under client accounts

Saved setting

Generated a cert.

I am usin QVPN 1.3.0.3

I am using Win 2003 server R2

when I port scan my Router from remote access point it shows

8080 open (remote admin)

60443 open Vpn access

Port 500, 4500 are they not opened by default when VPN passthrough is enabled?. Is not the default 60443?

I am behind a Dlink 604 from remote access point. VPN passthrough has been enabled. Are there additional ports than need to be opened?

Thanks for the help!

Rob

Greetings,

From what I understand so far it seems you are using the client to gateway option which requires you to configure on the OS the correct IP SEC rules and

has nothing to do with our QuickVPN software.  This method pre-dates QuickVPN and is an alternative to using QuickVPN.

Here is a great guide to how to set that up from our older knowledge base website, hope it helps:

http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=207&p_created=1084206537&p_sid=5H-fWdpi&p_accessibility=0&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MjY5JnBfcHJvZHM9MCZwX2NhdHM9JnBfcHY9JnBfY3Y9...

Thank you Juan,

I am using Win 2003 server for this particiular client connection. I am assuming that this HOWTO would apply. I think QVPN has potential but is far from "Quick".

If I was going to recommend something to the programmers of the interface I would recommend a log file accessed from the app start window. Its really tough to track the issue when you get the standard "It could be this that or the other thing". I am not giving up on the app quite yet. I think with the assistance of this forum we can get functional and possibly get a few of the bugs fixed for future users.

When you say "client to gateway method" is that not what QVPN is supposed to be? A client to access a VPN gateway? I have a fairly solid gateway to gateway configured, now I am just looking to add roaming functionality for a couple of users. The QVPN came packaged with router so I have to assume that it is stable enough to to be used as is.  If required I will work my may through the HOWTO you very nicely posted. I think that if I am required to do that for each users different O/S then what is the point of having QVPN?

Any further advice would be greatly appreciated!

Cheers,

Rob

After talk twice with Cisco spanish support, I got run QuickVpn. I upload pics of my configuration working fine. I use Windows XP, Firewall disabled. In router MTU=1472

I hope this can help somebody.

Actually, it is the same thing except QuickVPN does it all for you, so instead of just configuring it on the O/S in this case the example is windows 2000 and XP, you download our QuickVPN software put some information and you can in a perfect world create your virtual tunnel anywhere and "Quickly" like I said the client to gateway method is the old way of doing QuickVPN, you will only find it in our veteran VPN routers some which are soon to be end of life. I am simply laying out all your options, we usually advice everyone to stick to QuickVPN but the old fashion way should work as an old alternative.

As far as your ports go, please do a port scan directly connected to your ISP modem, make sure the Linksys router has a direct public WAN ip meaning it is the border router, if you are behind another router like a 2wire DSL you need to set it to bridge mode.  Once you directly connect to your ISP modem run a free port scan called Shield Up https://www.grc.com/x/ne.dll?rh1dkyd2, and make sure ports 500, 443 are opened if you get a closed port or a stealth mode result you need to contact your ISP and ask them to open them for you.  Also the QuickVPN root folder creates a log everytime you attempt to connect from the client side, please check the log and post it up here for more precise information on why is it failing.  Another thing to watch out for on the O/S make sure you have the IP sec services started, if they are not please make sure you start them.

There are many small things you must watch out for. For more support please call our call center 1-866-606-1866. Thanks

DominikAu
Level 1
Level 1

Hi.

My WRVS4400n V2 (V2.0.0.8-ETSI) connects me with a static ip over a alcatel (bridge mode).

QVPN works on my XP machine, but theres everytime the warning, that the certificate of the server isn't found.

what i've done so far:

wrvs4400n -> create a vpn client account

     -> generated a new certificate

     -> exported the certificate

xp-pc -> installed qvpn (V 1.3.0.3)

     -> put the certificate in $programs$\cisco smb\qvpn\

     -> qvpn certificate alert when connecting

     -> installed the certificate via Internet Explorer (internet options \ contents \ certificates )

     -> qvpn still alerts

     -> qvpn directory \ openssl.exe s_client -showcerts -connect [PUBLIC_IP]:443 > [CERTIFICATE].pem

     -> no change, qvpn alerts

so i've opened the https:\\router ip:443\ and exported the server certificate

! It's different from the one i exported via the wrvs vpn admin page.

even if i reimport the new generated certificate, the one on 443 won't change.

did i miss something or is there a bug in the wrvs certificate management?

cheers,

Dominik

Hello Mr. Dominic, your issue is extremely weird. It doesnt seem to be related to the client itself but to the router.

In any case I have two recomendations for you, maybe you wanna try them.

First, in regards to the router; I don't know how much setup you have done on your router but it will be good to re-upload the latest firmware, then so a factory reset and then re-configure the VPN client access manually (Don't forget to generate the certificate).

This whole process may solve your issue once and for all.

Now, in the case that it is still no working, I got the second option.

Cisco just released the new version of the QVPN software Ver. 1.4.0.5. Here is a link to the download.

This new version is compatible with Windows XP, Vista And 7 for both 32 and 64 bits.

https://tools.cisco.com/support/downloads/authc/forms/CDClogin.fcc?TYPE=33619969&REALMOID=06-00037e88-5486-1314-b857-83846dc90008&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$GDuJAbSsi7kExzQDRfPKUItt%2bPcjKOjTGlbtk%2fRp7BdNYLiP9lyOBjXBU5PAxIXD&TA...

Yeah, that whole thing is the link.

Well, hope this helps

The router's SSL certificate is meant to be copied into the install directory of QuickVPN. Do not import it into the browser. The certificate is used by QuickVPN client to authenticate the QuickVPN router.

hi guys :)

for sure, i've used the new qvpn release as soon as it was available, but this didn't remove the problem.

as you said, it was the firmware. but: i've done exact the same procedure the first time, when i've upgraded from 2.0.0.7 to 8.

well, now this certificate problem is gone, it connects to the wrvs and verifys the signature.

is cisco aware of incompatibility of Firefox and the Web gui?

it works for daily tasks such as changing settings or just browse the logs, but if you'd like to upload a certificate or a new firmware, you have to use a different browser (worked with Internet Explorer 8).


as long as i don't have to upgrade on a daily base, its no big problem, just a small flaw.

cheers,

Dominik

laurent
Level 1
Level 1

Hello there,

in our small business, we were successfuly using quickvpn connections on a rv042 for a couple of years, now. (hence labelled "LinkSys")

Since a week or two, no one's able to connect anymore (5 users). No particular change was made to the setup.

The settings were :

RV042 fw 1.3.12.6, LAN 192.168.123.0/24, WAN 82.xxx.xxx.xxx static (bridged modem), MTU 1492 (PPPoE), firewall to defaults.

QVPN 1.2.8 on WinXP sp3, home or pro.

Again, everything was running just fine.

Now, QVPN hangs on "Connecting...", then pops up the Connection error message with 5 possible causes.

Disabled client protections (firewall, av) : same problem.

I upgraded the firmware to 1.3.12.19, and updated to QVPN 1.4.0.5, same error.

I tried to disable some settings in the RV042 firewall, same error.

The only way I could get any further was to altogether disable the RV042 firewall, but then it comes to a "gateway not responding" timeout.

No need to say that this is a serious nuisance, as everything was ok and users were used to access the vpn.

If you need anymore details, feel free to ask.

Thanks for your help,

BR

Laurent

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: