What's new

Linksys RV042 dynamic IP VPN setup

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

boteman

New Around Here
I am trying to get a pair of Linksys RV042 routers to set up a VPN tunnel with one end ultimately being served a dynamic IP address with DynDns.com handling the name -> dynamic IP mapping.

They work perfectly when both ends are static public IP addresses; thank goodness we have 2 diverse Internet links here at work. That part was a breeze.

After testing the static setup successfully, on the "A-end" (static head-end):

I changed the remote settings to point to the dynamic remote IP using the "Dynamic IP+FQDN" setting,
typed in the dyndns alias name for the remote settings.

On the "B-end" (remote dynamic IP):
I mirrored the settings from the "A-end" router, but typed them into the local settings fields.

I took the B-end home to my dynamic DSL connection, no joy. The log shows it sending out the initial packet, then nothing else. I can ping the A-end from home, so basic connectivity exists.

Some time ago I spent 3 miserable days at a customer's site under less-than-ideal conditions fighting this exact same problem and finally stumbled across the solution (it was not obvious). I'll be damned if I can find my notes that hold that precious solution, so I'm turning to yous guys as a last resort. I have tried everything here that I can think of and am now simply spinning my wheels and wasting time.

Thank you for any guidance you can provide. If any of this is unclear or you need more info just ask. If I find the solution myself, I will post it here.
 
This is obvious, but have you confirmed that your DynDNS domain is mapped to the proper IP?
 
Solved!

This is obvious, but have you confirmed that your DynDNS domain is mapped to the proper IP?

I found it, or rather stumbled across it since Linksys insists on misleading their customers with these screen prompts.

If you follow Linksys down the garden path and select "Dynamic IP..." it WILL NOT WORK.

You must counter-intuitively select
"IP + Domain Name (FQDN) Authentication"

which then lights up the next field below, in which you select:
"IP by DNS resolved" and type in your DynDns alias name.

I have no clue what the Dynamic IP settings do in the RV042, but they don't seem to have anything to do with what I thought they did.

Yes, my DSL service assigns a dynamic IP address, but the RV042 resolves is the domain name into an i.p. number.

The 64 million dollar question is: when the thunderstorms start rumbling through Florida and my DSL goes up and down like a yoyo, will the RV042 be able to keep up with the frequent i.p. number changes? When it's really bad it happens about every 3-10 minutes or so, thanks to BellSouth.net and their stellar customer support.

We shall see how this unfolds.
 
Thanks for posting the follow-up. I just had a look at the RV042 manual and the setting definitions are not exactly crystal clear.

Your solution also seems different than the examples in Appendix C. Anyway, glad you got it working.

As for tracking IP address changes, that depends on the quality of the DynDNS client built into the RV042, I guess.
 
In the security gateway type drop down menu, I've always setup
"Dynamic IP + Domain Name (FQDN) Authentication"
Which enables a field below it named Domain Name...in which you enter your DynDNS domain name....such as smallnetbuilder.homeip.net
 
In the security gateway type drop down menu, I've always setup
"Dynamic IP + Domain Name (FQDN) Authentication"
Which enables a field below it named Domain Name...in which you enter your DynDNS domain name....such as smallnetbuilder.homeip.net

Yep, that's what I dicked around with for 2 days. No joy.

As soon as I changed it to "IP + FQDN" I couldn't stop the connection, like 2 opposite magnetic poles glued to each other. This recalls to mind my experience at a customer site a while back where I wasted a similar amount of time due to the labeling of the selections provided in the VPN setup screen. This time I am making extensive tests and making detailed notes.

The user guide is typically useless on these important points, providing little more than circular definitions without explaining under what circumstances to select each one. The user gains no knowledge of how to use the product, so it's back to trial and error.

It does seem to take a LOT longer for the RV042 to realize that my DSL link is down and has come back up, on the order of 3-4 minutes, whereas my ancient WRT54G and USR5465 consumer grade WiFi routers restore it within 60 seconds. When the DSL is going up and down as often as it does here that can matter quite a bit.

Otherwise, I'm pretty happy with the results of this latest test. The VPN restores itself and the streaming audio devices I have on either end finally figure out a way to resume sending packets to each other after about 5 minutes. The point is that this happens automagically, no manual intervention required.

In a production environment such a crappy datalink would not be acceptable, but I am also evaluating these RV042 for my own personal use. I'm not sure I really need all this, but it does seem a league better in quality and reliability than the WRT54G--I will never own or use one of those again after the mountain of trouble it caused me at my father's house 1000 miles away. I'm done with those headaches, ready to tackle other headaches now. :)

Thanks.
 
Yeah I will state that the RV0 series can sometimes take a while to log back in with DSL. Cable even too.

I do find them quite stable though, they don't seen to drop or hang up like other lesser quality routers. Before these RV0 units came out, I used to use the BEFSX41 models (not the befSR, but the befSX) at most of my smaller business clients. The SX were the most stable in my experience back then...but now 'n then, still seemed to need power cycles. The RV0 models...pretty much set and forget, stable as Sonicwalls or little PIX501 or Junipers as far as uptime.

The VPN tunnels seem fairly stable too..especially on cable or T-1s, a little less on PPPoE DSL.

Pretty good "bang for the buck" units.

PPTP VPN is rock solid for clients, however I strongly dislike their IPSec QuickVPN setup....have had nothing but issues with that. So if you have a lot of "road warriors" that remote VPN in...IMO it's not your solution.
 
...PPTP VPN is rock solid for clients, however I strongly dislike their IPSec QuickVPN setup....have had nothing but issues with that. So if you have a lot of "road warriors" that remote VPN in...IMO it's not your solution.

What's up with the QuickVPN client?

I haven't tried it out yet, but I plan to once I get the point-to-point VPN completely figured out and documented for our purposes.

If the client supplied by Linksys is no good, then what is the XP VPN client like by comparison? I understand that it doesn't offer the same level of security that the QuickVPN does.

Thanx.
 
RV042 firewall policy violations

I am running the default firewall rules/policies, yet I get these log entries that puzzle me:

"Connection Refused - Policy violation...TCP 192.168.1.98:57148->93.93.xxx.yyy:80 on ppp0"

This is but one of many such messages for different machines on my network talking to different public addresses.

I'm trying to figure out:

a) what policy is being violated?
2) how a local machine hitting a web server violates a reasonable policy?

For all the messages that show me that I'm not reaching port 80 (and others), it sure seems that I'm reaching port 80 on my web browser just fine, albeit slower than through my standard setup with a USR5465 router.

Thanx.
 
What's up with the QuickVPN client?

I haven't tried it out yet, but I plan to once I get the point-to-point VPN completely figured out and documented for our purposes.

If the client supplied by Linksys is no good, then what is the XP VPN client like by comparison? I understand that it doesn't offer the same level of security that the QuickVPN does.

Thanx.

The experiences I had with it, as well as my colleague in using it with some of his clients.

Every now 'n then, when clients connect..they would hang...or get in but not actually have access to the network. Until the RV0 was rebooted.

On one of my larger clients...I had an RV016 and the 50x user QuickVPN package...I had about 30 users setup..and it got to the point where rebooting the router didn't fix it...a hard reset was required to...oh, I dunno..."clear the baffles". Something just got squirrrely on it where clients would either appear to connect..but not really connected....or just hang at authenticating. The hard factory reset was the only thing that fixed it..and that was unacceptable to me. Since this client was growing...quickly upgrading their VPN to a nice Juniper SSL box. Oh what a sweet solid stable fast unit that is.

I could never get clients to print to networked printers through the VPN client.

I stopped using the QuickVPN about 2 years ago...perhaps some issues have been fixed with updates to it. The RV0 itself I still like, I've deployed probably over 50 of them. And for those part time "road warrior" connections..as long as you don't need more than 5x users (the limit for it)...the built in PPTP VPN has always been rock solid.
 
Dynamic IP VPN setup from Linksys

Here it is right from the horse's mouth (or similar anatomy):

Linksys Knowledge Base article on how to set up the RV042 VPN tunnel over a dynamic IP link.

I wish I had had that article at hand when I was setting these things up. Doh well.
 
And what if both ends have two wan connections?

I'm about to buy hardware to solve a scenario similar to this.
The difference is that both ends have a two WAN connection in a failover setup, so VPN can have a better up time.

Will this work anyway? I mean, will VPN be restored if any router failsover the secondary wan connection?

Thanks.
 
Similar threads
Thread starter Title Forum Replies Date
R PPTP vpn to Linksys LRT214. Can't see devices on remote network VPN 0
Z Dynamic public IP question VPN 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top