02-14-2012 10:12 AM
Bonsoir,
J'ai mis en place un routeur RV082 avec comme version de firmware "v4.1.1.01-sp (Dec 6 2011 20:03:18)".
J'ai un modem netgear en mode Bridge.
Je me connecte en https sur l'interface de gestion de celui-ci sans aucun problème depuis l'exterieur.
Sur le poste client (Windows 7 Home Edition 64 bits), j'ai installé le client QuickVPN 1.4.2.1. Lorsque j'essaye de me connecter avec celui-ci, j'ai un message d'erreur "The remote gateway is not responding. Do you want to wait". J'ai aussi installé le client CISCO VPN IPSec pour me connecter à autre site, celui-ci fonctionne correctement.
Au niveau des logs du poste, j'obtiens les infos suivantes :
*********************************************************************
2012/02/13 22:02:10 [STATUS]OS Version: Windows 7
2012/02/13 22:02:10 [STATUS]Windows Firewall Domain Profile Settings: OFF
2012/02/13 22:02:10 [STATUS]Windows Firewall Private Profile Settings: OFF
2012/02/13 22:02:10 [STATUS]Windows Firewall Private Profile Settings: OFF
2012/02/13 22:02:10 [STATUS]One network interface detected with IP address 192.168.1.12
2012/02/13 22:02:10 [STATUS]Connecting...
2012/02/13 22:02:10 [DEBUG]Input VPN Server Address = XXX.XXX.XXXX.XXX
2012/02/13 22:02:10 [STATUS]Connecting to remote gateway with IP address: XXX.XXX.XXXX.XXX
2012/02/13 22:02:11 [STATUS]Remote gateway was reached by https ...
2012/02/13 22:02:11 [STATUS]Provisioning...
2012/02/13 22:02:20 [STATUS]Success to connect.
2012/02/13 22:02:20 [STATUS]Tunnel is configured. Ping test is about to start.
2012/02/13 22:02:20 [STATUS]Verifying Network...
2012/02/13 22:02:26 [WARNING]Failed to ping remote VPN Router!
2012/02/13 22:02:29 [WARNING]Failed to ping remote VPN Router!
2012/02/13 22:02:32 [WARNING]Failed to ping remote VPN Router!
2012/02/13 22:02:33 [WARNING]Failed to ping remote VPN Router!
2012/02/13 22:02:36 [WARNING]Failed to ping remote VPN Router!
2012/02/13 22:02:39 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2012/02/13 22:02:48 [WARNING]Failed to ping remote VPN Router!
2012/02/13 22:02:49 [WARNING]Failed to ping remote VPN Router!
2012/02/13 22:02:50 [WARNING]Failed to ping remote VPN Router!
2012/02/13 22:02:51 [WARNING]Failed to ping remote VPN Router!
2012/02/13 22:02:54 [WARNING]Failed to ping remote VPN Router!
2012/02/13 22:02:56 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2012/02/13 22:03:31 [STATUS]Disconnecting...
2012/02/13 22:03:35 [WARNING]Failed to disconnect.
**************************************************************************
Au niveau du routeur, dans le fichier de log, j'obtiens les infos suivantes :
***************************************************************************
Feb 13 22:00:01 2012 ACCESS_RULE UDP 192.168.2.2:138->217.108.217.152:138 on eth0
Feb 13 22:00:02 2012 ACCESS_RULE UDP 192.168.2.3:138->239.255.255.250:138 on eth0
Feb 13 22:00:06 2012 ACCESS_RULE UDP 192.168.2.2:138->217.108.217.15:138 on eth0
Feb 13 22:00:32 2012 ACCESS_RULE UDP 192.168.2.3:138->239.255.255.250:138 on eth0
Feb 13 22:02:10 2012 ACCESS_RULE UDP 92.128.124.192:138->XXX.XXX.XXX.XXX:138 on ppp1
Feb 13 22:02:10 2012 VPN Log added connection description (qknipsÿÿ«Éð)
Feb 13 22:02:10 2012 VPN Log listening for IKE messages
Feb 13 22:02:10 2012 VPN Log forgetting secrets
Feb 13 22:02:10 2012 VPN Log loading secrets from '/etc/ipsec.d/ipsec.secrets'
Feb 13 22:02:23 2012 VPN Log (qknipsÿÿ«Éð): deleting connection
Feb 13 22:02:32 2012 ACCESS_RULE UDP 192.168.2.3:138->239.255.255.250:138 on eth0
Feb 13 22:02:38 2012 ACCESS_RULE UDP 92.128.124.192:138->80.15.111.40:138 on ppp1
Feb 13 22:03:02 2012 ACCESS_RULE UDP 192.168.2.3:138->239.255.255.250:138 on eth0
Feb 13 22:03:32 2012 ACCESS_RULE UDP 92.128.124.192:138->XXX.XXX.XXX.XXX:138 on ppp1
Feb 13 22:03:32 2012 ACCESS_RULE UDP 192.168.2.3:138->239.255.255.250:138 on eth0
Feb 13 22:04:38 2012 ACCESS_RULE UDP 118.70.125.49:138->XXX.XXX.XXX.XXX:138 on ppp1
Feb 13 22:05:02 2012 ACCESS_RULE UDP 192.168.2.3:138->239.255.255.250:138 on eth0
Feb 13 22:05:42 2012 ACCESS_RULE UDP 92.128.124.192:138->XXX.XXX.XXX.XXX:138 on ppp1
Feb 13 22:05:43 2012 VPN Log added connection description (qknipsÿÿ«Éð)
Feb 13 22:05:43 2012 VPN Log listening for IKE messages
Feb 13 22:05:43 2012 VPN Log forgetting secrets
Feb 13 22:05:43 2012 VPN Log loading secrets from '/etc/ipsec.d/ipsec.secrets'
Feb 13 22:06:02 2012 ACCESS_RULE UDP 192.168.2.3:138->239.255.255.250:138 on eth0
Feb 13 22:06:12 2012 ACCESS_RULE UDP 92.128.124.192:138->XXX.XXX.XXX.XXX:138 on ppp1
Feb 13 22:06:17 2012 VPN Log (qknipsÿÿ«Éð): deleting connection
Feb 13 22:06:32 2012 ACCESS_RULE UDP 192.168.2.3:138->239.255.255.250:138 on eth0
Feb 13 22:07:23 2012 ACCESS_RULE UDP 92.128.124.192:138->XXX.XXX.XXX.XXX:138 on ppp1
Feb 13 22:07:24 2012 VPN Log added connection description (qknipsÿÿ«Éð)
Feb 13 22:07:24 2012 VPN Log listening for IKE messages
Feb 13 22:07:24 2012 VPN Log forgetting secrets
Feb 13 22:07:24 2012 VPN Log loading secrets from '/etc/ipsec.d/ipsec.secrets'
Feb 13 22:07:32 2012 ACCESS_RULE UDP 192.168.2.3:138->239.255.255.250:138 on eth0
Feb 13 22:07:47 2012 ACCESS_RULE UDP 92.128.124.192:138->XXX.XXX.XXX.XXX:138 on ppp1
Feb 13 22:08:01 2012 ACCESS_RULE UDP 192.168.2.3:138->192.168.2.1:138 on eth0
Feb 13 22:08:06 2012 ACCESS_RULE UDP 92.128.124.192:138->XXX.XXX.XXX.XXX:138 on ppp1
Feb 13 22:08:07 2012 ACCESS_RULE UDP 192.168.2.3:138->212.37.192.31:138 on eth0
Feb 13 22:08:12 2012 ACCESS_RULE UDP 92.128.124.192:138->XXX.XXX.XXX.XXX:138 on ppp1
Feb 13 22:08:16 2012 VPN Log (qknipsÿÿ«Éð): deleting connection
*********************************************************************************
J'ai désactivé l'antivirus et le firewall (F-secure et Windows) et après des tests j'obtiens le même résultat.
Est-ce qu'une personne a déjà rencontré le problème et existe t-il une solution?
Dans l'attente de vous lire,
François.
Solved! Go to Solution.
02-14-2012 11:08 AM
Hello everyone,
Some things to be aware of...
Router Requirements:
Microsoft XP SP3 (until 2014)
Windows Vista/ 7
The QuickVPN Utility is just a front end interface that allows for a user friendly interface on configuring the Microsoft IPSec service to connect to the router. (That’s why it doesn’t work on any operating system but Microsoft.)
First the client connects using SSL to the router and looks for a certificate.
If you are using a certificate it in needs to be installed or you can click no and bypass the certificate warning.
The next step authenticates the user name and password supplied to the router. Only one client per username can be logged in at one time. Once the user authenticates the IPSec tunnel will negotiate and establish. (Up until this point if anything fails you will get the 5 error message screen.)
At this point the client sends an ICMP Echo Request through the tunnel to the internal IP address of the router. (Yes, if you look the user is connected in the status of the routers interface for the tunnel.) The inside IP address determined during the authentication phase. The router sends an ICMP Echo Reply back through the tunnel to the client. (If this fails you will get the error Remote Gateway not responding.)
Out of the server thousand QVPN issues I have trouble shot it is 90%, or more the client’s windows firewall. The other 5% is third party software or firewall, 3% is customers using the same IP subnet on both sides of the tunnel, and the last 2% is configuration issues on the router.
Software like Windows Defender and other Antivirus and software will modify the TCP/IP stack and the security of the operating system. Some of these software’s will run in safe mode and others modify settings that even if removed from the computer will continue to prohibit the QuickVPN process.
Since XP, Microsoft has continued to make their operating systems more secure. The more secure you make something the more user unfriendly, and more productivity prohibiting it becomes. We all want our environment secure, but everyone’s environment is different, and manually changes must be made to allow traffic that we want to work through this added security.
By default Windows 7 is a more secure operating system then XP, and will block ICMP from other subnets than its own by default.
02-14-2012 11:08 AM
Hello everyone,
Some things to be aware of...
Router Requirements:
Microsoft XP SP3 (until 2014)
Windows Vista/ 7
The QuickVPN Utility is just a front end interface that allows for a user friendly interface on configuring the Microsoft IPSec service to connect to the router. (That’s why it doesn’t work on any operating system but Microsoft.)
First the client connects using SSL to the router and looks for a certificate.
If you are using a certificate it in needs to be installed or you can click no and bypass the certificate warning.
The next step authenticates the user name and password supplied to the router. Only one client per username can be logged in at one time. Once the user authenticates the IPSec tunnel will negotiate and establish. (Up until this point if anything fails you will get the 5 error message screen.)
At this point the client sends an ICMP Echo Request through the tunnel to the internal IP address of the router. (Yes, if you look the user is connected in the status of the routers interface for the tunnel.) The inside IP address determined during the authentication phase. The router sends an ICMP Echo Reply back through the tunnel to the client. (If this fails you will get the error Remote Gateway not responding.)
Out of the server thousand QVPN issues I have trouble shot it is 90%, or more the client’s windows firewall. The other 5% is third party software or firewall, 3% is customers using the same IP subnet on both sides of the tunnel, and the last 2% is configuration issues on the router.
Software like Windows Defender and other Antivirus and software will modify the TCP/IP stack and the security of the operating system. Some of these software’s will run in safe mode and others modify settings that even if removed from the computer will continue to prohibit the QuickVPN process.
Since XP, Microsoft has continued to make their operating systems more secure. The more secure you make something the more user unfriendly, and more productivity prohibiting it becomes. We all want our environment secure, but everyone’s environment is different, and manually changes must be made to allow traffic that we want to work through this added security.
By default Windows 7 is a more secure operating system then XP, and will block ICMP from other subnets than its own by default.
02-14-2012 02:46 PM
Thank Randy,
It's work good, I just activate the Windows 7 Firewall and stop the firewall off FSecure.
Best regards.
François
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: