cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3159
Views
0
Helpful
50
Replies

Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

cashbubba
Level 1
Level 1

I know that this has been beat to death but none the posts I have found via Google have fixed my problem.

First let me explain what my goal here is. I want to connect my computer to my home network when I am on the road, I do not want a VPN that connects directly to a computer or other device. I want to have access to my home internal subnet so I can connect via IP to any of the devices.

 

Here are the steps I went through to setup a VPN connection to my WRVS4400N VPN router.
    I built a VPN user under the VPN | VPN Client Account and saved the account.
    Next I generated both the Admin and Client Certificates and downloaded both to my local computer.
    Next I enabled Firewall / Basic Settings / Remote Management. This enabled HTTPS and set Remote IP Address to Any IP address. I saved the settings.
    Next I downloaded the QuickVPN Client and placed the client certificate I downloaded from the WRVS4400N into the QuickVPN install directory.
    Next I setup the QuickVPN Client to connect to my public cable modem IP address.
    Next I setup a connection to the internet using a NATted outside public IP address from another provider and tested the VPN connection. It failed!

Now when I try to connect to the VPN via the QuickVPN Client I get the following in my QuickVPN Client Log.txt file.

    [WARNING]Failed to ping remote VPN Router!

Note: I have masked my public IP address with 7x.1xx.4x.5x.
--------------------------Begin Log.txt--------------------------
2018/06/29 10:35:45 [STATUS]OS Version: Unknown
2018/06/29 10:35:45 [STATUS]One network interface detected with IP address 172.20.10.6
2018/06/29 10:35:45 [STATUS]Connecting...
2018/06/29 10:35:45 [DEBUG]Input VPN Server Address = 7x.1xx.4x.5x
2018/06/29 10:35:45 [STATUS]Connecting to remote gateway with IP address: 7x.1xx.4x.5x
2018/06/29 10:35:48 [STATUS]Remote gateway was reached by https ...
2018/06/29 10:35:48 [STATUS]Provisioning...
2018/06/29 10:35:51 [STATUS]Success to connect.
2018/06/29 10:35:51 [STATUS]Tunnel is configured. Ping test is about to start.
2018/06/29 10:35:51 [STATUS]Verifying Network...
2018/06/29 10:35:57 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:36:00 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:36:03 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:36:06 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:36:09 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:36:13 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2018/06/29 10:36:15 [STATUS]Disconnecting...
2018/06/29 10:36:21 [STATUS]Success to disconnect.
2018/06/29 10:37:45 [STATUS]OS Version: Unknown
2018/06/29 10:37:45 [STATUS]One network interface detected with IP address 172.20.10.6
2018/06/29 10:37:45 [STATUS]Connecting...
2018/06/29 10:37:45 [DEBUG]Input VPN Server Address = 7x.1xx.4x.5x
2018/06/29 10:37:45 [STATUS]Connecting to remote gateway with IP address: 7x.1xx.4x.5x
2018/06/29 10:37:49 [STATUS]Remote gateway was reached by https ...
2018/06/29 10:37:49 [STATUS]Provisioning...
2018/06/29 10:37:52 [STATUS]Success to connect.
2018/06/29 10:37:52 [STATUS]Tunnel is configured. Ping test is about to start.
2018/06/29 10:37:52 [STATUS]Verifying Network...
2018/06/29 10:37:58 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:38:01 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:38:04 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:38:07 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:38:10 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:38:14 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2018/06/29 10:38:16 [STATUS]Disconnecting...
2018/06/29 10:38:22 [STATUS]Success to disconnect.
2018/06/29 10:49:59 [STATUS]OS Version: Unknown
2018/06/29 10:49:59 [STATUS]One network interface detected with IP address 172.20.10.6
2018/06/29 10:49:59 [STATUS]Connecting...
2018/06/29 10:49:59 [DEBUG]Input VPN Server Address = 7x.1xx.4x.5x
2018/06/29 10:49:59 [STATUS]Connecting to remote gateway with IP address: 7x.1xx.4x.5x
2018/06/29 10:50:03 [STATUS]Remote gateway was reached by https ...
2018/06/29 10:50:03 [STATUS]Provisioning...
2018/06/29 10:50:07 [STATUS]Success to connect.
2018/06/29 10:50:07 [STATUS]Tunnel is configured. Ping test is about to start.
2018/06/29 10:50:07 [STATUS]Verifying Network...
2018/06/29 10:50:12 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:50:15 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:50:18 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:50:21 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:50:24 [WARNING]Failed to ping remote VPN Router!
2018/06/29 10:50:28 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2018/06/29 10:50:29 [STATUS]Disconnecting...
2018/06/29 10:50:32 [WARNING]Failed to disconnect.
--------------------------End Log.txt--------------------------

Any and all help will be greatly appreciated.

Also I tried to open a support ticket and support said since it is End Of Support they can't help me. They suggested buying a new VPN router so I can open a warranty support ticket. This is too good of a router to just replace because I am having a difficult time setting up a VPN connection.

Thank you,
ChanceDawgMiner

50 Replies 50

Hello,

 

looking at the output, my first thought is to check if ICMP (ping) might be blocked on either side. The VPN client starts a ping test to verify connectivity, and that fails. Check at both ends if anything (e.g. the Windows firewall, if you run Windows) might be blocking ICMP...

Thank you for the response but my computer is not blocking ICMP, good thought though.

 

My computer is running Windows 10 and I use it to ping not only my various in-house network devices and servers I also use it to remotely connect to my various customer's VoIP networks and use ICMP (Echo, Reply), as well as FTP, HTTP, RDP, SNMP, SSH, FTP, SFTP, etc.. (I support Acme Packet Session Border Controllers remotely) throughout the day. So my computer is not blocking anything and just to make sure I disabled the anti-virus which replaced the Windows 10 firewall, my computer was out on the open internet with no protection at all when I tested the VPN connection. I tried the connection with the anti-virus firewall enabled too (Kaspersky) same result.

 

Now when I try to do a ping to my public VPN router cable modem IP address from the open public internet it does not respond. My ISP is Spectrum.

Hello,

 

your WRVS4400N is likely to block ICMP as part of the Intrusion Prevention. Check the IPS settings (page 135 of the attached user guide):

 

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/wrvs4400n/administration/guide/WRVS4400N_AG_OL-20048.pdf

I have IPS disabled.

 

Here are screen grabs of the settings.

IPS-001.JPGIPS-002.JPGIPS-003.JPGIPS-004.JPG

Hello,

 

with IPS disabled (and disable the Firewall as well to test) can you ping the public IP address ? If not, it might be worth checking with your ISP, they might be blocking ICMP.

Hello,

 

just to be sure...on your client, is the Windows Firewall enabled, and any third party security software (e,g. virus scanners) disabled ?

My client computer has Kaspersky anti-virus/firewall installed and the Windows 10 Defender is completely disable. I tested the VPN connection from my client computer with Kaspersky both disabled and enabled and as I pointed out in my last post both failed.

 

This has to be something very simple that I am overlooking.

Hello,

 

according to the document below, the Windows Firewall has to be enabled in order for the QuickVPN client to function properly, that's why I was asking...

 

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/app_notes/QuickVPN_an_OL-25680.pdf

I just did another test and this time I did a packet capture. I was expecting that the address the client was trying to ping was the 7x.1xx.4x.5x IP address but its not. The client is trying to ping the router's inside IP address 192.168.1.2.

 

So it appears that the tunnel is being established but is unable to complete the setup of the connection because it is waiting for an ICMP reply back from 192.168.1.2. Should it be trying to ping that IP address?

 

Is there a way to enable debug logging on the QuickVPN Client?

Hello,

 

sorry if I am asking redundant questions, but when you built the VPN, did you ' Build VPN connection from
Internet remotely' (Step 5 page 163 in the user guide) ?

 

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/wrvs4400n/administration/guide/WRVS4400N_AG_OL-20048.pdf

No I am not doing a router to router connection. I posted earlier this quote below. I want to connect my computer when I am away to my internal network. I do not want to build a VPN from the router to an internal device because that will defeat the purpose of giving my remote client computer access to all internal network devices. That is why I am configuring just the VPN Client Account. I was told by Cisco support that is all I need to do to achieve my goal to access the internal network, that was just before they said they could no longer support me due to End Of Support being reached and past for my router.

 

<-------Begin Previous Post------->

First let me explain what my goal here is. I want to connect my computer to my home network when I am on the road, I do not want a VPN that connects directly to a computer or other device. I want to have access to my home internal subnet so I can connect via IP to any of the devices.
<-------End Previous Post------->

 

Hello,

 

you must be missing something simple...

 

Check the troubleshooting info under this header:

 

I can’t get my Virtual Private Network (VPN) to work through the router.

 

Page 182 of the user guide. It deals with VPN Pass Through and local IP address settings...

 

 

I disconnected my cable modem from the router and connected it to another computer to test the ping from outside internet. I was able to ping the IP address (Spectrum) that DHCP assigned to my computer from my remote client computer that was connected to AT&T. This proves that Spectrum is not blocking ICMP and also that both of my computers are able to send and reply to ICMP ping requests.

 

The proves in my mind that the problem with ping not responding has to be caused by the router.

 

Do you or anyone else have a backup of a working WRVS4400N config I could test? I can backup my router and place the new config on it then do screenshots of each config page then reload my original config backup then do a stare and compare to see if there are any differences that could be causing this issue.

 

Thank you,
ChanceDawgMiner

Hello,

 

--> I disconnected my cable modem from the router and connected it to another computer to test the ping from outside internet. I was able to ping the IP address (Spectrum) that DHCP assigned to my computer from my remote client computer that was connected to AT&T. 

 

So you have a cable modem in front of the WRVS4400N ? Is that modem in bridge mode, making the WRVS4400N the device exposed to the Internet ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: