cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
822
Views
0
Helpful
50
Replies
Highlighted
VIP Mentor

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

Hello,

 

is this your setup:

 

Local LAN --> WRVS4400N (in routed mode) -  Cable Modem --> Internet

 

?

Highlighted
Beginner

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

To make this a little easier I am going take screenshots of the router config pages and upload them later this evening when I am back home. I believe that will be the best way for you to see all of the settings.

 

I will redact/mask personal info such as public IP addresses and username other than default usernames.

 

Talk at you later this evening.

Highlighted
Beginner

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

I was able to get the screenshots done earlier than I expected.

 

I hope these help find out what I messed up.

 

0001-Router-Setup-Summary-Mod01.JPG0002-Router-Setup-WAN-01.JPG0003-Router-Setup-LAN-01.JPG0004-Router-Setup-DMZ-01.JPG0005-Router-Setup-MAC-Address-Clone-01.JPG0006-Router-Setup-Advanced-Routing-01.JPG0007-Router-Setup-Time-01.JPG0008-Router-Setup-IP-Mode-01.JPG0009-Router-Setup-Firewall-Basic-Settings-01.JPG0010-Router-Setup-Firewall-IP-Based-ACL-Settings-01.JPG0011-Router-Setup-Firewall-Internet-Access-Policy-Settings-01.JPG0012-Router-Setup-Firewall-Single-Port-Forwarding-Settings-01.JPG0013-Router-Setup-Firewall-Port-Range-Forwarding-Settings-01.JPG0014-Router-Setup-Firewall-Port-Range-Triggering-Settings-01.JPG0014-Router-Setup-VPN-Summary-Settings-01-Mod01.jpg0015-Router-Setup-VPN-IPSec-VPN-Settings-01-Mod01.jpg0016-Router-Setup-VPN-Clients-Accounts-Settings-01-Mod01.jpg0017-Router-Setup-VPN-VPN-Passthrough-01.jpg

Highlighted
VIP Mentor

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

Hello,

 

sorry for the delay, I am on GMT +1...

 

What is the local LAN IP address of the machine you are connecting from ? Your WRVS4400N has 192.168.1.0/24 configured, make sure the remote PC you are trying to connect from doesn't have an IP address in that same range.

 

The screenshots showing your setup look fine, I can't see anything wrong.

Highlighted
Beginner

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

It is 172.20.10.6

Highlighted
VIP Mentor

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

Hello,

 

have you tried to use another client, such as the Cisco VPN Client (link attached, scrool down to the '
CISCO VPN CLIENT 64BIT VERSION')...

 

http://www.firewall.cx/downloads/cisco-tools-a-applications.html

Highlighted
VIP Mentor

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

Or use the Windows 10 built-in VPN client...

 

https://support.microsoft.com/en-us/help/20510/windows-10-connect-to-vpn

Highlighted
Beginner

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

I tried the Window 10 built in VPN client and I also tried the "Cisco AnyConnect Secure Mobility Client" Version 4.3.01095 and both failed.


For a couple of tests I setup "L2 Switch | Port Mirroring" to mirror the Outside WAN port to another computer and did a packet capture via Wireshark while also doing a packet capture via Wireshark on my client computer while trying to connect via the QuickVPN Client.

 

From the packet captures I see the PING 192.168.1.2 being sent out from my client computer. And from the WAN port mirror packet capture I see everything from the remote client coming into the router except the PING 192.168.1.2.


Doesn't that lead to the conclusion that the PING is not reaching the router? Since the PING is sent from the client computer un-encrypted it makes sense that a plain ping packet from my client computer on the public internet could not reach the IP address 192.168.1.2 since it is a non-public route-able IP address. Shouldn't the PING packet be encrypted and sent through a tunnel to the router or should it be a public IP address like the router's public IP address?


ChanceDawgMiner

Highlighted
VIP Mentor

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

Hello,

 

you are right, the PING should go through the VPN tunnel...

 

I have read through the entire post again - can you check if Windows Defender actually allows IPSec through ?

 

How to Setup Windows 10 Firewall for L2TP/IPSec

 

https://www.magnumvpn.com/setup-windows-10-firewall-l2tp.html

Highlighted
Beginner

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

Windows 10 Defender is disabled, Kaspersky is the firewall not Defender.


Is there a test or something else I can do to verify that IPSec is working?

 

As an FYI I have a VPN connection to my company's internal network that I use the "Cisco AnyConnect Secure Mobility Client" to connect to and it works 100%. Would this prove that IPSec is working?

 

I do not have the company VPN connection running while I am testing the QuickVPN Client connection to my WRVS4400N router.

Highlighted
VIP Mentor

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

According to the QuickVPN guidelines the Windows Firewall has to be enabled, and any third party firewall/virus scanner software has to be disabled.

 

Try and create the IPSec rule in Defender and disable Kaspersky...

Highlighted
Beginner

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

Unfortunately I can't enable Windows Defender until I uninstall Kaspersky.

 

I'll uninstall Kaspersky long enough to test the QuickVPN with Windows Defender Firewall enabled after which I will have to reinstall Kaspersky.

 

Not sure when I will be able to do this, it may be tonight or a day or two. I have other work things to do that I have to complete before I can take the time to do the uninstall | test | reinstall.

 

I'll update as soon as I can get it done.

 

Thank you,

ChanceDawgMiner

Highlighted
Beginner

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

As an FYI I found that the "IPSec Policy Agent" is running screenshots below.
Does that prove IPSec is working?

IPSec-Policy-Agent-Properties-General.JPGIPSec-Policy-Agent-Properties-Log-On.JPGIPSec-Policy-Agent-Properties-Recovery.JPGIPSec-Policy-Agent-Properties-Dependencies.JPG

 

Here is the description of the service.
-----------------

Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.  This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec".  If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec.  Also,remote management of Windows Defender Firewall is not available when this service is stopped.

-----------------

 

Am I wrong in thinking that IPSec is working with Kaspersky Firewall enabled and Windows Defender Firewall disabled?

Highlighted
Beginner

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

Okay I uninstalled Kaspersky then rebooted. Made sure that Windows Defender Firewall was on and created the inbound rule for UDP ports 50, 500, and 4500. Ran another test of the QuickVPN Client connection and it failed with the exact error as before.

--------------------------------------

2018/07/02 22:34:41 [WARNING]Failed to ping remote VPN Router!
2018/07/02 22:35:03 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.

--------------------------------------

Ran the test again with port rule set for both inbound and outbound and it failed also.

 

I did a packet capture and the client is still trying to ping 192.168.1.2 as shown in the screen grab below.

 

There has to be a setting wrong that is causing the client to ping the 192.168.1.2 before the tunnel is up.

 

CiscoQuickVPNClientStillTryingToPing192.168.1.2.jpg

 

Highlighted
Beginner

Re: Configure WRVS4400N VPN Client Account to connect my computer via VPN to my home internal subnet

I was able to make the ping work for testing purposes only.

 

I edited the vpnserver.conf file and changed "remotelanip=192.168.1.2" to "remotelanip=7x.1xx.4x.5x" then made vpnserver.conf file Read-Only then tested.

 

With 7x.1xx.4x.5x as the remotelanip the ping worked and the client connected to the router. This doesn't work for setting up the connection to my internal IP subnet but it proves that ping from the remote client to the router does work so the problem has got to be a client or router config issue.