cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
37570
Views
6
Helpful
25
Replies

QuickVPN and RV042 not verifying network

ccolotticisco
Level 1
Level 1

I installed an RV042 this weekend at my home office that has dual DSL connections.  The unit works great except now I am offsite and I cannot get to the VPN.  The frustrating thing is that the quickVPN CONNECTS it just does not verify the connection via the remote ping.

2009/06/08 08:48:19 [STATUS]OS Version: Windows XP
2009/06/08 08:48:19 [STATUS]Windows Firewall is OFF
2009/06/08 08:48:19 [STATUS]One network interface detected with IP address 10.15.25.xxx
2009/06/08 08:48:19 [STATUS]Connecting...
2009/06/08 08:48:26 [STATUS]Remote gateway was reached by https ...
2009/06/08 08:48:26 [STATUS]Provisioning...
2009/06/08 08:48:33 [STATUS]Tunnel is connected successfully.
2009/06/08 08:48:33 [STATUS]Verifying Network...
2009/06/08 08:48:37 [WARNING]Failed to ping the remote VPN Router!
2009/06/08 08:48:38 [WARNING]Failed to ping the remote VPN Router!
2009/06/08 08:48:39 [WARNING]Failed to ping the remote VPN Router!
2009/06/08 08:48:40 [WARNING]Failed to ping the remote VPN Router!
2009/06/08 08:48:41 [WARNING]Failed to ping the remote VPN Router!
2009/06/08 08:48:42 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.

As you can see the windows firewall is off, I have a 10.15.25 address on the client side, (The VPV side is 192.168.100.xxx).  So the tunnel connects okay but the network verification fails.  SO this means that 443 from where I am is open.  Of course who would block 443 anyhow?  Is there an access rule that needs to be created to allow ping to the local address of the router or something?  If so that is not in the documentation anywhere.  Help please?

25 Replies 25

daviddun
Level 3
Level 3

The ISP may be blocking port500, this is the port that the quick VPN is using to verify security of the tunnel.  The easist way to look at this to go to www.grc.com and try the tool call sheilds up to check to see if the port is being blocked.  Make sure that you are directly connected to the ISP modem with your firewall turned off.  This is a great test to get a screen shot of when calling your ISP.  Typically all ISP's say they do not block port 500, but with this test you will know the answer before you call them.

Hope this helps you resolve your issue.

https://www.grc.com/x/ne.dll?bh0bkyd2

Port 500 info

http://www.grc.com/port_500.htm

So even though the QuickVPN connects on 443 it still uses 500?  So that means a company blocking IPSEC VPN would still not work?  I was assuming since it was using 443 that it was an SSL style VPN tunnel with no IPSEC.  Can you confirm this for me?  I can try from a hotel tonight that should have all VPN ports open but I was hoping to see it work from where I am.

When I did the sheild's up test it said 500 was "Stealth" so I am not sure what that means.  I am pretty sure this company actually blocks IPSEC though.

-Chris

When doing your testing you need to be at the ofice you are trying to VPN into.  Then unplug the router ands run the shields up program off you computer that is directly attached to the DSL/Cable Modem.  This will let you see if Port 500 is being blocked.  The ping that happens after you connect across Port 500 is a security check to see if that the VPN tunnel is secure.

If you are still having a probelm, you need to open a ticket with Cisco

Best of luck

If that is the case I know 500 is open on the Home Office side as I have used other VPN clients and products.  Therefore I know 500 is open on the end where the RV042 is sitting.

However it may be closed from the location I am trying to go out from.

Would that still pose the same errors in the log?  I will definately try from the hotel where there is no VPN restrictions tonight and re-post, but if 500 is used I pretty much know that is blocked from the customer site I am at trying to get out.  Thanks so far for the help knowing about the 500 requirement was helpful.  All documentation makes it seem like 443 is the only requirement for QuickVPN to work and that seems to not be the case if 500 is also a requirement on both ends.

As far as I know, port 443 or 60443 is for QuickVPN client to get VPN settings from the QuickVPN router via the SSL protocol. Ports 500 and 4500 are used for establishing IPSec tunnel per the IPSec protocol.

lancooper
Level 1
Level 1

I ran into this same problem with the latest version of QuickVPN (1.3.0.3).  I have three computers running Windows XP Pro SP3 in a local network that I wanted to individually connect using VPN to a remote network with an RV042 router.  However one computer would not connect (the other two worked ok).  It would get stuck at Verifying Networks.  That told me it wasn't the local router (a D-Link DI-604) causing the problem.

After comparing all firewall settings (the XP firewalls were enabled) and much research on the Internet I came across one suggestion which fixed it.  On the one computer which did not work the service "IPSEC Services" was disabled (Control Panel > Administrative Tools > Services > scroll down to IPSEC Services).  I set it to Automatic and Started it.  Voila - QuickVPN connected right away.

Hope this helps others find the solution as this thread showed up near the top of the list when I Googled the problem.

lpkurdelski
Level 1
Level 1

I have the same original problem.

The ISP told me that NO port is blocked by him.

Shields Up shows me nearly all ports al "stealth" if the computer is connected via the router, and as "closed" if the computer is connected directly to the cable modem. The ISP told me that they have several customers using VPN successfully. Now it looks it is my fault.

Here are the question: If I take the router out of the box it is not clear

- do I have to define a tunnel first? It is the only point where I can define an ip-subnet

I used a different ip subnet like x.y.z.0 as private net and x.y.z+1.0 as vpn subnet

- do I have to open the ports 443, 500, 4500, 60443 and ICMP in the router?

  from the documetation it looks like I do not have to do int.

BTW: system is Ubuntu 9.04 64 with vpnc incl. openssl and windows XP sp3 running as vm in vmware.

No firewalls are set up. ufw on ubuntu is inactive.

Any hints on what I have to setup, change?

daviddun
Level 3
Level 3

Good Afternoon All,

Just wanted to check in, this post is still active and has a not answered status on it.

Please post if you have additional questions

Have a great day :)

i had the same issue but on a wrv210, as soon as i port forwarded "ESP" it all started to work...

David,

This is definitely *not* resolved, and I am having the exact same problem with an RV042 (firmware version 1.3.12.19-tm) from a WIndows 7 Ultimate (v6.1.7100) platform.

All of the ports on the RV042 are fully available from the internet.  Here is an nmap scan of the entire RV042:

C:\Users\markm>nmap 173.13.184.201

Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-10 22:12 Pacific Standard Time

Interesting ports on 173-13-184-201-sfba.hfc.comcastbusiness.net (173.13.184.201
):
Not shown: 995 filtered ports
PORT      STATE  SERVICE
80/tcp    open   http
113/tcp   closed auth
443/tcp   open   https
1723/tcp  open   pptp
60443/tcp open   unknown

Here's the screen shot of QuickVPN (not much to tweak):

QuickVPN Screen.png

When try and connect, it get's all the way through everything, but hangs on "Verifying network..."  This is the classic "can't ping the server" problem...  FWIW, I inserted a copy of my QuickVPN logfile at the end of this post.

I see a lot of guys trying crazy stuff, but no answers, or even suggestions that seem to understand the problem.  Maybe I should turn this around a little...

Has *anyone* successfully connected using QuickVPN under Windows?  If so, can you please describe your configuration?  I suspect this tool worked once in '98, and Linsys/Cisco still thinks it works. 

  As best I can tell, the tool simply hasn't worked since at least WinXP, maybe Win2K.

Helllllllllllllllllllllllllllllllllllllp!

-Mark

Log file after unsuccessful connection attempt (with 2 retries):

2010/02/10 21:54:55 [STATUS]OS Version: Windows XP
2010/02/10 21:54:55 [STATUS]Windows Firewall is ON
2010/02/10 21:54:55 [STATUS]One network interface detected with IP address 10.69.1.100
2010/02/10 21:54:55 [STATUS]Connecting...
2010/02/10 21:54:55 [STATUS]Connecting to remote gateway with IP address: 173.13.184.201
2010/02/10 21:55:00 [STATUS]Remote gateway was reached by https ...
2010/02/10 21:55:00 [STATUS]Provisioning...
2010/02/10 21:55:04 [STATUS]Tunnel is configured. Ping test is about to start.
2010/02/10 21:55:04 [STATUS]Verifying Network...
2010/02/10 21:55:10 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:13 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:16 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:19 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:22 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:25 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2010/02/10 21:55:33 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:34 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:35 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:36 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:37 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:38 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2010/02/10 21:55:46 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:49 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:52 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:55 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:55:58 [WARNING]Failed to ping the LAN IP of the remote VPN Router!
2010/02/10 21:56:01 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2010/02/10 21:56:05 [STATUS]Disconnecting...
2010/02/10 21:56:13 [STATUS]Tunnel is disconnected successfully.

UltimateSE
Level 1
Level 1

I'am sorry for my english, I write from Russia ...

And so, at me precisely same problem, a broad gull simply copy, has noticed such piece if I am connected with allocated to me static ip address through ethernet that all ok! If I am connected from 3G  modem, ip address dynamic that is jumped out by these error. May be really at the provider is closed udp 500, as firewall it is turn off, the service ipsec is started!!!  I test 5 laptop to connect for RV042 with linksys QuickVPN through static ip adress on work, and all was connect!!!

I will try tonight houses, to test udp port on page http://www.grc.com/port_500.htm

And in general it is possible to conncet by means of  TheGreenBow VPN client, there all parametres in the manual register, but on RV042 it will be necessary to create connection client2gateway as Microsoft XP/2000 VPN client...

UltimateSE
Level 1
Level 1

If to trust the site specified above udp 500 it is opened!!

When using qvpn there a lot of factors to take in account. Most the time when we get a failed to ping remote ip address, usually there is a firewall blocking the icmp echo or the reply. I have seen in some case where the users where put in and a certificate wasn't created , even though you don't need the certificate to connect, it's best practice to create a new one after deleting or adding users.I would do a test with a pc plugged directly inot your modem(where the RV042 or WRV210) is located. Bypassing the router ! Go to GRC.COM run a shields up test. You can specify your ports 443,500,4500,60443 click(user specified customer port probe). This is just to confirm that ports are opened at the vpn site. After you know that the ports are opened then it's just matter of firewalls on the pc or router that you are remote from. XP (firewalls off)

vista(firewall on  (compatibility mode xp pro service pack )

windows 7 (firewall on  compatibility mode vista service pack 3) can't use dns name on windows 7 you have to use the public ip address. right now windows 7 is not support but i have had it working with many my account and any time i test someone vpn i use windows 7 so these settings should work for you.

If you have any of the RV042 RV082 RV016 you can also enable the PPTP server in these routers, to have another vpn connection that you use and also maybe test to see if port 1723 is open. PPTP uses port 1723  You use the vpn client installed in your windows machines to connect to the PPTP server.

Also do this, delete all your qvpn users and create a certificate while no users are in the table save settings, add all your users and generate a new certificate with user in your table.

Thanks,

QuickVPN doesn't run on Windows 7 yet.  It will in the 1.4.X.X release.  Should be out soon.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: