VPN not working on WRV54G

Unanswered Question
Sep 6th, 2009

We have a WRV54G router and connecting from the outside to inside SBS 2003 server through VPN has never worked. I get a 720 error on the client and a error in the SBS server about no GRE protocol being passed through. I swapped out the router with a WRT54G and it works. Router has the most current firmware, reset it to factory defaults and made sure VPN pass through are checked. Having issues trying to find a number to call and wound up here. Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
manlytrash Mon, 09/07/2009 - 07:02

Dave,

Thanks for the information regarding the contact number for Linksys. But regarding the information that I have to place the LAN side VPN server in a DMZ I believe to be incorrect. Currently the WRT54G is doing the VPN passthough with pinholes (L2TP/PPTP) with no problems. The WRV54G does not but I'm almost positive it should. I'll call the Linksys support number and post what they say. Thanks again for your help!

David Hornstein Mon, 09/07/2009 - 07:32

Hi Manlytrash,

I still think you should change your name

..it's hard to say hi to Manly trash....lol

My apology is needed,  the WRV54G was a Small business router not a domestic router.  Therefore to contact the Small Business Support Center, the toll free numbers can be found in the following URL.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

regards Dave

David Carr Mon, 09/07/2009 - 07:47

I would try portforwarding ports 1723 to the server and see if you can make a pptp session that way.

David Hornstein Mon, 09/07/2009 - 08:24

Hi David

I really don't think just port forwarding of TCP destination port 1723 is enough, you will have to port forward from the WAN to LAN protocol 47 (GRE).   Please note,  you will only see options for TCP or UDP in the WRV54G port forwarding firewall options and not protocol 47 (GRE).

So I think at the HQ side of that VPN link, you will need to look at a more advanced router, may work on the SA520 Security appliance.

There seems to be a incoming  rule to allow for PPTP forwarding. I will check. I am happy to work with Manlytrash to validate that both GRE and TCP port 1723 are forwarded to a LAN side private address.  But he would have to unicast me his contact details, if he would  wish to take me up on this offer.  The  SA500 series is a relatively new Security appliance purposely built for SMB clients and as such is relatively low priced.

regards Dave

manlytrash Mon, 09/07/2009 - 09:28

All,

My name is Clark but I hate using it online. Anyway, I found some interesting things related to the WRV54G and VPN's. Seems I'm not alone with GRE not working in this router. I google'd this issue "WRV54G GRE" and came across this posting. Farther down the page I got to this.

http://tek-tips.com/viewthread.cfm?qid=799983

"Create a forwarding rule using either TCP/UDP or both. Name the rule GRE. Use port 47.

Go into Config management on the WRV54G and download the current config. Make a backup just in case something goes wrong.  Edit this file and look for "GRE". Replace the protocol numbers (6) or (17) with 47. Save this file and Upload it back to the router. "

I will have to go onsite to the client to test this and will hopefully do that this week sometime since I have their router with me. Let me know what you guys think. Thanks!

David Hornstein Tue, 09/08/2009 - 05:51

Hi Clark,

As you appreciate not everything you read on the internet is true and actual.  The contributors to that Tek-tips  website has included a number of inaccuracies and  a number of correct facts, sometimes it's hard to see the truth through that fiction.

But you could not beat the packet capture found at that reference you sent me.

It mentioned TCP destination port 1723 and protocol 47 NOT port 47.

Check out microsoft site and scroll to the very bottom of the following link;


http://technet.microsoft.com/en-us/library/cc768084.aspx

How do i iknow that microsoft reference is correct, I have had to configure WAN to LAN PPTP forwarding over a firewall many many times.

At the moment, unless a Colleague can show me how to get PPTP past the WAN to the LAN on a WRV54G, i cannot see how it will work with my Router.

If you wanted to move to a more modern VPN protocol such as an unencrypted  L2TP tunnel , that can be easily passed from WAN to LAN via only a single UDP port 1701, with no complications like with PPTP.

regards Dave

manlytrash Thu, 09/10/2009 - 16:52

All,

The above fix I posted works! I can now succesfully VPN in to the SBS server!

David Hornstein Sat, 09/12/2009 - 08:41

That is a weird work around, I had no idea you could manipulate a saved configuration file. I have to try that myself to validate that tip.

But I am glad you are up and running.

regards Dave

David Hornstein Mon, 09/07/2009 - 06:36

Hi Manlytrash,

You could have picked a better name :D.

The WRT54G is a linksysbycisco product, not a business series product, but you are asking a question regarding , so your question should have been addressed to the linksys support folks via the linksys Toll free support number.

But I am guessing from the limited information in your email that you are trying to get a PPTP tunnel from a PC client past a WRT54G to a server of some kind.

I guess Point To Point Tunneling Protocol (PPTP)  to a Microsoft server.  I believe the domestic routers support VPN passthru from the LAN side to the WAN side and not the other way round.

As you probably appreciate PPTP tunneling uses two protocols  TCP destination port 1723 and protocol 47 (GRE).

That PPTP server should be in a DMZ or have a WAN router that will port forward both TCP port 1723 and protocol 47(GRE).  One of my colleagues will correct me if i am wrong, but you would have to use a traditional cisco wan router to perform that function of Port Address translation of TCP port 1723 and protocol 47 (GRE).

The domestic routers or in fact the Cisco small business series routers can do, from the WAN to the LAN, TCP or UDP protocol Port Address Translation and not redirect other protocols such as GRE.

Back to your original frustration, try the following for contacting linksys,  it is a  URL for domestic  router support;

http://www.linksysbycisco.com/US/en/support

regards Dave

Actions

This Discussion