Jim Moy

2/26/2002

Linksys VPN Configuration

Filed under: — jbm @ 1:05 am

I have an inexpensive home network setup that allows me to use a Linksys BEFVP41 to access my office network, without having to ditch my Linux firewall that I’ve become fond of, and without giving up fast access to my internal network.

I VPN to my office where there is a Linksys BEFVP41 that gives me access to the internal network. I have a second unit at home on my internal network that handles the home end of the tunnel. I’d previously been using the built-in IPSec capabilities of Win2k, but switched recently to using two of the Linksys boxes, and am happy with the results.

With two Linksys units, a typical setup has the home Linksys box as the main DSL/Cable modem router and firewall for the home network. I’ve chosen to put up a public server, so I wanted the flexibility of a multi-interface Linux based router, but that meant putting the Linksys somewhere behind the firewall. The first thing I tried was to put the Linksys between the firewall and my laptop. This worked, but the problem is that the WAN port on the Linksys is a 10Mb/s interface, and so that limited the speed with which I could get at the rest of my internal network, backup server, mp3s, etc. So the solution turned out to look like this:

What’s interesting is both the WAN and LAN ports of the Linksys sit on my fast subnet with different addresses. They plug right into the same hub. I turned DHCP off on both ports of the Linksys and pointed the WAN port default gateway to the firewall. I added a route on my laptop that directs office subnet traffic to the LAN side of the Linksys for VPN’ing. Then I made the changes to my firewall to not filter IPSec, and to masquerade them between the external and internal interfaces.

It works! Cheap, no extra subnetting or routers required. Nobody else in the house knows about it, avoiding the inadvertent access of the office network by others in the house, because no other machine has the extra route in place. I can add the route to other machines temporarily if I need it (out of my office, watching the kids). It only handles traffic routed through it from my laptop and ignores (doesn’t interfere with) everything else. My laptop accesses the other servers on the LAN at full speed, and in all other respects behaves as if there were no VPN box at all.

One downside is “office” traffic is more than doubled on my fast LAN, first heading to the Linksys and second in encrypted form on its way to the firewall and out, but heck, it’s a 100Mb/s backbone and it’s just me and a few other machines on it. And that should get fixed if I replace my hub with a switch someday.

Another thing, if anyone’s interested in trying this: as a result of having both interfaces on the same subnet, you’ve gotta turn off the Advanced > Filters > Multicast Pass Through feature of the Linksys box, or get ready for various floods of ICMP router solicitation packets, as the Linksys happily takes every broadcast packet and re-broadcasts it in an infinite loop, sucking down the network.

Added 6/8/2003: Sorry that I can’t take the time to solve everyone’s problems individually, but this page has devolved into a general Linksys support line, which I’m not prepared to handle. I’m happy to host the page, it’s been my very small contribution to the community, and I’d also like to continue with the discussion on the original subject. My 4/19/02 post below applies to many of the comments here and since I, for the most part, don’t even touch my vp41 any more because it’s been working so well, I’m not really up to date on the latest firmware revs or what’s going on with the community of people who have them. If you have general tech support issues, you may be better off in a forum which has a broader audience, as this is just my humble weblog… -Jim

144 Comments »

  1. Jim,

    I read your article with interest. I just purchased 2 Linksys BEFVP41s. After alot of playing aroound I finally got them to connect. Now my only problem is that I can’t find any instructions on how to share my folders via the vpn. Can you offer me any advice? Thanks the remaining hair that I have appreciates your help.

    Jeff

    Comment by Jeff Bushell — 3/2/2002 @ 5:03 pm

  2. Jeff, if by “share my folders” you mean Windows File Sharing via the Network Neighborhood, I don’t think the Linksys boxes pass NetBT broadcasts, required for maintaining Workgroup lists of computers and shared volumes.

    I have been able to manually enter IP addresses, for example, \\192.168.100.100\share, and get that to work, as well as put the names in my Win2k\system32\drivers\etc\hosts file so I could use the \\server\share name, but I think you end up needing a WINS server to really make that go (though I’m not sure, I’ve never even set up a WINS server).

    Here’s something interesting, though I haven’t tried it yet, some undocumented features in the Linksys box.

    Comment by Jim Moy — 3/3/2002 @ 12:02 am

  3. Thanks Jim, I was able to use the \\192.168.X.X to map the folders.

    I also tried the hidden feature of NetBIOS broadcast. I wasn’t able to get it to work. Should you find an additional tweak that enables it, I would love to know. It would be a nice added feature.

    Thanks for your help

    Jeff

    Comment by Jeff — 3/3/2002 @ 7:16 am

  4. Jim,

    I have a small network, and from what I have read there is no real benefit to using DHCP, and in fact I may have an easier time not using it so that I might better be able to access static lan ips. In other words I can remember which of the machines is which IP.

    Can you tell me how to setup my machines to have static lan ip address and still make it work with my befvp41?

    Thanks

    Jeff

    Comment by Jeff — 3/3/2002 @ 9:12 am

  5. Yeah, I don’t think there’s much of an issue there. Just make sure the static IPs you assign to the computers are on the same subnet as you gave the LAN IP Address of the BEFVP41, and turn off its DHCP feature. Shouldn’t have to change anything about the VPN configuration so long as your Local Secure Group is based on that same subnet. Setting up the computers for static IPs has been documented plenty other places, try your favorite search engine.

    Comment by Jim Moy — 3/4/2002 @ 12:26 am

  6. Jim– My friend and I are interested insetting up a VPN connection (via two linksys) between our houses. Can you give and suggestions/steps to how we would go about configuring them to talk to one another? Right now were exhausted getting our windows 2000 VPN up and stable, and this seems to be a more reliable method. Thanks for any info you can provide ;)

    Comment by Greg — 4/4/2002 @ 1:19 pm

  7. ‘VP41 to ‘VP41 is pretty straightforward in the manual, if one you has a static IP. Even easier if both of you do. Go check it out! You don’t need my help if you’ve managed to get a Win2k VPN going…

    Comment by Jim Moy — 4/5/2002 @ 2:39 pm

  8. Hi Jim,

    I’m about ready to pull my hair out…maybe you can help.

    I have 2 Linksys BEFVP41 routuers and a tunnel that is connected between them. I can see all computers in my workgroup via explorer from both locations.

    Problem is when I try to access any machine at the remote location I get this error message:
    \\computerx is not accessible. You might not have permission to use this network resource.
    The network Path is not found.

    I’m logged on with administrator permissions.

    What am I missing?

    Thanks.

    Comment by Maria — 4/5/2002 @ 4:51 pm

  9. I guess it’s just alittle more straight forward than I thought ;) We finally picked up a couple, and plan on getting it setup tonight.. I’ll let you know how it goes!

    Comment by Greg — 4/6/2002 @ 10:50 am

  10. Maria, you might want to check out the http:///IPSecAdvance.htm page and turn on the NetBios settings. I haven’t tried it yet, but have read it works.

    Comment by Jim Moy — 4/6/2002 @ 10:42 pm

  11. Well, after having to deal with RR being down a couple time this weekend, we were finally able to get the VPN up! We then managed to update the firmware to 1.40.02 (I believe), and played with the netbios settings! If possible, do this! It worked like a charm for us! We are still having some weird issues were some computers can’t be seens remotely/locally, but they are able to see everything (win98 box). I also have a linuxbox and a winXP box that can’t be remotely pinged, but everything else seems to be fine?
    Thanks to all for the input, I’ll let ya know if I come up with any fixes for these problems I labeled above…
    Thanks..

    Comment by Greg — 4/8/2002 @ 8:20 am

  12. hey Jim,

    question…
    i have a network consisting of 5 locations (small office each of 5 or 6 PCs) i want to setup a linksys VPN router at each so that they can all access my location for databackup in intranet services. Anyway with the linksys does each of my locations need to be in a different private network so that i dont run into the problem of users in diff locations with same private IP address.??
    So basically do i need each location to have a different private IP address?
    location1-private: 192.168.1.0 public: 64.5.5.2
    location2-private: 192.168.2.0 public: 207.4.5.9

    ?

    Comment by Geo — 4/10/2002 @ 10:34 am

  13. One more Question Jim,
    how secure are linksys routers. Is the extend of the security just running NAT and not replying to ping request?
    Do i need to worry about DoS attacts?
    thanks,
    Geo

    Comment by Geo — 4/10/2002 @ 10:42 am

  14. Geo, yeah you’ll need separate subnets, I think you answered your own question. I’ve never set it up in the configuration you’re trying, though seems like it should work, you’ll just have to set up N tunnels for each site, one for each of the other sites you want to be able to connect.

    Comment by Jim Moy — 4/10/2002 @ 7:09 pm

  15. Jim, In your diagram above, is the firewall a Linux box? If so, are you using NAT/IP Masquerading on the LAN? What private IP address range are you using on the LAN? And finally, the most important question - What are the IP addresses of your BEFVP41s interfaces (WAN & LAN). Oh yes, one more - can you provide a sample ‘route add’ command that directs VPN traffic from your ‘enabled’ computers to the LAN interface (I hope!) of the BEFVP41?
    Thanks!

    Comment by Harjit — 4/11/2002 @ 9:07 am

  16. Yeah, it’s a Linux box, and I’m using its masquerading. Doesn’t really matter what the private addresses are (and not helpful, security-wise, to publish them on the net), but, for example, you could make them 10.0.0.99 and 10.0.0.100. Something like this would work: “route add 10.0.1.0 mask 255.255.255.0 10.0.0.100″ if .100 were the LAN port address.

    My, isn’t this blog turning into quite the Linksys online-support place…

    Comment by Jim Moy — 4/11/2002 @ 10:54 am

  17. Hi Jim, google search brought me to your page.
    How do I setup a VPN test-bed scenario at home?. I have one Linksys befvp41, an IPCop(linux)firewall box, an OpenBSD, Win2k srvr/pro & win9x systems and an smc7004abr bband rtr and an adsl line with a static IP. Is it possible? Can you give me some tips/hints?
    Thank you in advance. David

    Comment by David — 4/19/2002 @ 4:16 pm

  18. Hi Jim, wrong email address here is the correct one. Thnks. David

    Comment by David — 4/19/2002 @ 4:19 pm

  19. A length of crossover CAT-5 should do it :-)

    Seriously, my limited experience so far is that there are enough variables in ISP routers, filtering, subnets, etc., that make it hard to say you’ve effectively tested your configuration until you actually get it into that final configuration.

    So you put the VP41 behind the Linux firewall at home, then you have the other systems behind the SMC router at the office? Which is the reverse of the Win2k setup I had before, but it doesn’t sound unreasonable to make that work.

    My advice is to start small, make something work, then grow it as you figure it out and learn. At least, that works for me. Make your VP41 the home gateway, and the Win2k box at the office your VPN server, to simplify it. That’s a for instance, you have so much equipment there I can’t tell what you want to use on what end. Then use what you learn to try and put other machines on the net. And so on. At some point you’ll need to fire up Ethereal, or tcpdump to figure out what packets are making it to what point in your network.

    Comment by Jim Moy — 4/19/2002 @ 8:34 pm

  20. Hi Jim,

    Nice site. One question; I’ve got my 2 Linksys BEFVP41s connected, but can only ping a couple of IP addresses through the VPN. I can’t see any computers in Network Neighborhood and can’t login to my Novell server, although I can ping it’s address. Seems pretty random, any ideas?

    Scott

    Comment by Scott — 6/6/2002 @ 5:09 am

  21. Scott - I don’t know anything about Novell servers, sorry. See my comment above to Maria about the NetBIOS broadcast features, Linksys made that page visible in a recent firmware update, there’s a “more…” link on the VPN page. I put machines with static-IPs in my hosts file to get at them across the VPN and don’t use the Neighborhood feature much.
    If I understand right, you’d need a WINS server to get machines on different subnets working across the Network Neighborhood. Here’s a good link on the Network Neighborhood.

    Comment by Jim Moy — 6/6/2002 @ 9:03 am

  22. Jim,

    I have been read your input about the LinkSys VPN. I currently trying to get a Win98se which has the newest MSDUN41 and its Layer 2 PP/IPSEC VPN adapter, to connect to the BEFVP41. It dose fine until it gets to the QM_I1 and that is where it seems to kick out on with an error message.

    IKE[1] **Check your Encryption and Authentication method settings !
    IKE[1] Tx >> Notify : NO-PROPOSAL-CHOSEN

    Whats your opinion on this?

    Thanks in advance :-)

    Comment by Robert Canary — 6/27/2002 @ 11:49 am

  23. Sorry Robert, I have no experience with VPN’s from Win98.

    Comment by Jim Moy — 6/27/2002 @ 9:11 pm

  24. I have been thinking of setting up a Linksys VPN router at home. My question is can this be done with my ADSL ISP which provides only a dynamic IP address. Or do I need to have a static IP Address for my router?? Or is their another way to set up the router so the client doesn’t need the IP address, which changes, of the router to connect to it?

    Comment by newbe — 7/29/2002 @ 10:44 pm

  25. Newbe, the Linksys works fine with a dynamic IP behind it, we’ve got a guy doing it at home to the same office Linksys that I’m connected to.

    Comment by Jim Moy — 8/19/2002 @ 11:03 am

  26. Hi Jim,
    I have two BEFVP41 with the newest firmware installed. I can connect a vpn tunnel fine and everything works. However, when I ping the IP of the remote computer with the tunnel disconnected it still responds. Should it not be “destination unreachable"??

    Comment by Jonathan Rugge — 9/17/2002 @ 11:37 am

  27. Jonathan, the VPN connects itself. You’ve probably got the Remote Security Gateway setting such that it knows how to look the other box up, so it goes ahead and does it.

    I bet if you disconnect, ping and see it connect, and refresh the admin page, it’ll say you’re connected. And look in the log file for the activity.

    That’s a feature, by the way, at least to some of us :-)

    Comment by Jim Moy — 9/19/2002 @ 9:42 pm

  28. Hi Jim, Great Page – Very Useful. I have managed to get my office LAN online with a VPN through a Linksys BEFVP41 using the Win2K IPSec client behind a cable modem and netgear RP114 router on my home side. The office lan is running NTServer and it is configured as a WINS server for its LAN, which information the VPN router passes to my client so I can browse the remote network.
    Question: There appears to be a significant amount of ‘conversation’ going on between my client and the VPN even when the connection is idle, e.g. no file transfers going on, remote drives may not even be mapped. The network icon lights in the system tray are almost constantly illuminated and ipsecmon shows about 1 MB / hour of traffic on the average. Its not huge, but I don’t know what processes may be going on to require this bandwith. Is this normal?
    Thanks for your or anyone else’s comments.

    Comment by John Webb — 9/24/2002 @ 2:36 pm

  29. John, I don’t see extra traffic like that, but I’ve got two VP41’s talking to each other, not Win2k any more. I seem to remember when I had the Win2k IPSec set up that it was timing out the secure sessions, but I don’t imagine it’s what you’re seeing. Sorry no help here.

    Comment by Jim Moy — 9/26/2002 @ 2:49 pm

  30. Jim,
    I have two of the Linksys BEFVP41 connect between my office and home. Even though they say that they are connected I can’t see the other networks at all, I really need help.
    Thanks,
    Milton

    Comment by Milton Sheen — 9/29/2002 @ 11:51 am

  31. Milton, is what you mean that you can’t see the other network in the Windows Network Neighborhood? In which case you might want to try the suggestions in some of the previous posts regarding NetBIOS issues, hosts files, or even using the IP addresses directly.

    Comment by Jim Moy — 9/29/2002 @ 2:31 pm

  32. Hi Jim
    Great FAQ ;)
    I have setup a VPN using three BEFVP41 routers. At all the three locations we have DSL connections and hence the IP address is dynamic. I also setup the VPN tunells between the three locations. When I hit connect it does connect too. Also I have enable NetBIOS broadcast on all the locations. Now the problem is from either of the places I cannot sethe computers on the other side of the tunnel. Nor does it ping them. Neither from network neighbourhood nor from search computers. It was working fine before a couple of days and all of a sudden it vanished. The tunnel is there but the computers are not seen. If you can help me out please email me at vikasdesai79@yahoo.com. Thanks a lot

    Comment by Vik — 10/22/2002 @ 3:38 pm

  33. Jim, Very informative site, one of the better ones I have seen. Here is my problem, I am trying to create a vpn between a befsx41 and a befvp41 and are running into some clitches. After I have configured both of the routers and I connect the vpn tunnel is supposedly established successfully.(This is what the log says on both routers) When I try and ping any computer on the LAN I have connected to I get timed out. Also I have tried enabling the net bios broadcast on both routers. Both routers have the latest firmware and linksys hasn’t a clue to what the problem could be. I am starting to think the sx41 is the problem. If you have any ideas please email me or post them on your site. Thanks (bbrown@computer1inc.com)

    Comment by Bruce — 10/25/2002 @ 1:16 pm

  34. Jim, very good information on the BEFVP41. I finally got my HQ workgroup talking to one of our remote office workgroups. We are a pretty mixed bag of NT, XP Pro, XP Home, and Win98 users. The remote office does not have a network server, just peer to peer via linksys switch.
    I had trouble getting pings thru the tunnel (I did get the success entry in the log) until I created a LMHOSTS and HOSTS table and placed them in each Win98 user’s WINDOWS directory. I also turned on the NETBIOS support. I also tried the ROUTE ADD process, but that was not a success. My problem now is thrughput.
    Any recommended MTU settings? Also, If I create a second tunnel between the same offices, would the routers be confused? Or would the data be able to traverse both parallel tunnels? I havn’t tested with this yet, just wondering if anyone else has. One office has DSL, while the other is running Cable. Thanks again for the very informative site.

    Comment by rob chamberlin — 10/31/2002 @ 8:53 am

  35. One additional comment, I found this url >>http://www.homenethelp.com/vpn/router-config.asp>

    Comment by rob chamberlin — 10/31/2002 @ 12:46 pm

  36. Hey Vik, I have had limited success with the NetBIOS broadcasts, and I can’t say I’ve investigated it that deeply. Mostly I can directly access Network Neighborhood machines by name, but they don’t show up in my ‘hood window.

    Comment by Jim Moy — 11/3/2002 @ 5:02 pm

  37. Rob, thanks for the post about homenethelp.com. Sorry to say there’s nothing I can say is obvious from your description about why the pings aren’t working. My best advice is if you can get a copy of NetMon or Ethereal, they’re great for figuring out why things are or aren’t working between these VPN boxes. You start looking at IPSec packets and figure out things like, “oh, they’re leaving this box just fine but not appearing on my remote LAN…” Anyway, that’s helped me a lot, because otherwise you’re just staring at a multi-box problem and all you know is “it doesn’t work.”

    Comment by Jim Moy — 11/3/2002 @ 5:13 pm

  38. hey jim,I am having the same problem that your having with the vpn router and a standard linksys router thew win2k, I setup the shared keys thew the secpol.msc command and when i activeate it i get the Negotiating IP Security, i have tried everything,i even tried to forward a few ports like 1723 and 500, 47, i spoek to linksys about it,( maybe this might help you to as well) but iam fresh out of ideas,,any ideas yourself?
    Jim another question for ya,on both linksys router (vpn router and the standard linksys router) do i have disable block wan request so that two boxes can see each other?thanks again

    Comment by dan — 11/14/2002 @ 11:34 am

  39. Dan, hard to say from your short description. I’d suggest looking at the earlier articles on my Win2K IPSec adventures, there’s a good MS article on debugging the connection. Also, the Block WAN Request feature should be irrelevant, I think that’s got to do with the response to ICMP packets (like ping).

    Comment by Jim Moy — 11/15/2002 @ 11:19 pm

  40. VPN through a Linksys BEFVP41 using the Win2K IPSec client behind a cable modem and netgear RP114 router on my home side… I have this exact setup. The same as John. Is there anything I need to change on the Rp114 before I can connect? I can connect right now having a direct connection to my modem instead of going through the RP.

    But I really want to get the router back on the network…

    Any help is extreamly appreciated…

    Jacques

    Comment by Jacques — 11/18/2002 @ 9:45 pm

  41. iam pulling my hair out my self Jacques..iam having alot of help with people getting me through this,but ill let you know when i get this fixed

    Comment by dan — 11/19/2002 @ 5:41 am

  42. Hey Jim,

    Good info here, it should help solve one of my issues. The other issue, I connect to my corp office via BEFVP41 and VPN. My VPN connects, and I am logged on in the domain, but I can’t see or find any of the servers in the Network Neighborhood. I use Verizon DSL.

    Any suggestions?

    Thanks,

    Mike

    Comment by mike — 12/3/2002 @ 10:50 am

  43. Ignore the above post, it got cluttered when I copied the log out of the VPN.

    I’m trying to connect a WinXP machine to the BEFVP41. Following the tunnel directions in the Linksys manual, i get the following error.

    2002-12-03 21:04:16 IKE[1] ERROR: This tunnel should not be initiator !

    Any idea what this means? Linksys’s tech support seems to know less than I do.

    Comment by Amit — 12/4/2002 @ 7:53 pm

  44. I have a Linksys BEFX41 router in a remote office, they are using SBC Yahoo DSL for internet Access. SBC uses PPPOE. They can access the internet fine. Now I want them to have access to our VPN , which is through WorldCom. They each have a secure remote client on their PCs. I have enabled IPsec on the Linksys. They are running Windows 98. I have enabled IKE as the Encryption method on the client and as well on the Firewall. They are using DES encryption on the firewall also. They authenitcate to the VPN fine, but are unable to authenticate and login to the Windows Domain. In other words they can’t browse the network or get the Network Login. I have tried to have them ping the WINS servers and still no luck, all they get is Request Timed out. I have used the LMHOSTS as well and also putting the WINS into the TCP/IP properties. Still it doesn’t work. The Firmware on the router is 1.4313. Any help would be greatly appreciated. Thanks -Jay

    Comment by Jay — 1/31/2003 @ 10:52 am

  45. Jay, there are so many variables in your situation and there is so little working that it’s worse than a shot in the dark for me to try to diagnose that from here. My best advice is to get out the packet analyzer (Ethereal, that I linked above, works very nicely, and freely downloadable), and start figuring out what’s working and what’s not. -Jim

    Comment by Jim Moy — 2/2/2003 @ 8:07 pm

  46. I have a BEFSX41 acting as the client and a BEFVP41 at the office. connecting is intermittent and unreliable. When it does connect, I cannot ping the remote LAN router

    Client Lan Router address: 192.168.1.1
    Office Lan Router address: 10.0.0.41

    Help!

    Comment by Miles — 2/5/2003 @ 6:04 pm

  47. I have been able to set up a VPN connection between two SX41’s but cannot get my VPN connection to work between an SX41 and a VP41. I keep getting an error “Check your ISAKMP Pre-share Key setting". Any ideas on this?

    Thanks.

    Comment by Allen Miller — 2/15/2003 @ 8:40 am

  48. Jim,

    I’m setting up two location with DSL and putting in 2 befvp41’s I’m trying to set up the VPN services and I get this error message in the log. I have two static IP’s I am able to ping the routers and I’m sure I’m missing something in the setup. Do you have any suggestions
    IKE[1] ERROR: This tunnel should not be initiator !

    Comment by TJ — 3/24/2003 @ 1:55 pm

  49. I have just set up a small network in my house. I cannot VPN into a server in another office. I am using a Linksys, which I think is blocking it.
    What can you recommend.
    Thanks
    Sinead

    Comment by Sinead — 4/3/2003 @ 8:30 pm

  50. Hey! I’ve got 2xBEFSX41s creating a VPN tunnel just fine, one at work and one at home. I can see/ping/etc. each end of the VPN from the other end of the VPN. The problem is more basic: from “inside” the work VPN, I can’t log onto my work Windows Domain! Actually, even more strangely, I CAN log on, but it takes about 20 minutes!! Any obvious gotchas, anyone? I have added WINS servers manually, etc., to no avail!

    Comment by Hugh MacMullan — 4/7/2003 @ 1:24 pm

  51. Am I missing something? I try to connect using a notebook from the internet to the Linksys router. I can connect. I can ping the LAN port on the router. However, nothing beyond that. I have openned protocol 50 and udp port 500 to the router. (As it can initiate the connect from my notebook.) I suspect that connection going out to the internet have not gone thru the router. Should I do anything to my linux firewall to solve this problem? THX JIM!

    Comment by Lester — 4/8/2003 @ 3:16 pm

  52. We have three of the linksys vp41 going and our only issue is that the routers lose the settings every once in awhile. Does anyone know if there is another setting out there that will keep the connection persistant? These really work good for everything else, we have four VOIP lines going through it with no problems as well as up to 6 Citrix sessions.

    Comment by Rick Zich — 4/11/2003 @ 11:10 am

  53. I agree

    Comment by Ivor Biggakok — 4/13/2003 @ 10:23 am

  54. I see that lots of people have Questions…but noone seems to ever answer them………..!!!

    Comment by Trevor — 4/13/2003 @ 5:18 pm

  55. I have two linksys befvp41’s which keep losing their Wan IP addresses almost daily. I have to reset them on each end. Any suggestions how to stop this? Thanks.

    Comment by CaDrifter — 4/14/2003 @ 5:43 pm

  56. I just bought a couple BEFSX41′S to have two remote client sites on. I setup a Windows 2000 RAS server with PPTP and L2TP ports. I want the SX41’s to VPN into this server for connection to my LAN. Both remote sites have Adelphia cable modems and I have this RAS server connected to my Qwest T1. At both remote sites I want 1 computer and 1 IP phone to login to my network here. Has anyone done this?

    Comment by Ben — 4/15/2003 @ 8:55 am

  57. Hi Trevor, and everyone else making comments here. Sorry that I can’t take the time to solve each of your problems individually, but this page has devolved into a general Linksys support line, which I’m not prepared to handle. I’m happy to host the page, it’s been my very small contribution to the community, and I’d also like to continue with the discussion on the original subject.

    My 4/9/02 post applies to many of the comments here and since I, for the most part, don’t even touch my vp41 any more because it’s been working so well, I’m not really up to date on the latest firmware revs or what’s going on with the community of people who have them. If you have general tech support issues, you may be better off in a forum which has a broader audience.

    Comment by Jim Moy — 4/23/2003 @ 6:35 pm

  58. Hi Jim,

    I’m having the same issues with my Linksys BEFVP41 dsl/router. I enable IPsec and also IKE. I have a static IP address on Linksys. But when I tried to connect remotely using windows 2000 Pro. I get erroR:769 The specified destination is not reachable. Now according to microsoft, Article 252735 “Windows 2000 IPSec tunneling is not supported for client remote access VPN use because the IETF IPSec RFCs do not currently provide a remote access solution in the Internet Key Exchange(IKE)protocol". I’ve called Linksys several times, but non seems to know what they are talking about. I’m frustrated and ending up replacing the Linksys dsl/router with windows 2000 box, which act as a router and vpn box. Everything is working fine. The downside, my download and upload suffers. I would like to use the linksys again. Is their any other way to configure this to make it work. Are their any other dsl/router out their that can support pptp and lt2p protocol. Linksys does not support this two. \Please help!!!!!!!!!!!!!!
    thanks
    Adi

    Comment by adi llanos — 4/24/2003 @ 8:01 pm

  59. The Linksys tech support people are very accessable but don’t seem to know much beyond basic installation. And what is that strange accent they all have ….

    Comment by Jim Burrett — 5/8/2003 @ 5:09 pm

  60. hi jim
    can you plse help as i am pulling my hair out…home computer (w2k pro) with latest sentinel
    vpn client connects to linksys befvp41 ok…but i cannot see or ping any machines behind router..altho router is added to the lan and can ping the router from any lan machine…added static routes to home computer but no joy….plse please help ( lan is nt4 )….thanks

    Comment by harry — 5/10/2003 @ 2:44 am

  61. Concerning the problem on 1/31/03 with Windows 98, VPN and Windows networking… I’ve gone through the same thing here with PPTP and a Linux PPTP server, and I’m convinced that it’s a Win98 issue. Regular TCP/IP traffic works just fine, but NetBIOS TCP/IP traffic seems to want to use the IP address of the network card or modem on the client side, instead of the IP address given by the VPN server. Because of that, any replies coming back from the server are routed outside of the VPN connection, and probably never make it back to the client.

    That’s the main reason I’m putting 2000 on my laptop this weekend. Apparently Windows NT 4.0 and later don’t have this problem.

    Comment by Brian — 5/14/2003 @ 10:56 am

  62. hi,
    i was womdering if you had any suggestions. i have 2 computers with XP, Home and Work. With VPN set up. I get A tunnel fine. but cannot see the computers in netwrok neighbor hood. one has cable and dsl. they connect fine. but no computers ienable netbios no luck. any info would be great. thank you very mucj billy

    Comment by Billy Arnold — 5/18/2003 @ 12:59 pm

  63. Hi Jim, I’m setup with two befvp41 I have configure the both router to make a little network with a big office. The vpn is connected but i’m unable to ping anything and I can’t get access to the network.
    Could you help me please ?

    Comment by Wildaeolus — 5/22/2003 @ 7:59 pm

  64. Hi Jim, I have 2 others questions for you.
    1. Does the receiving VPN conection router (befvp41) need to be a dhcp server ?
    2. Did you know if it is possible to reconnected vpn automaticly when we rebooting le befvp41 ?

    Thank 4 your help

    Comment by Wildaeolus — 5/22/2003 @ 9:24 pm

  65. In response to: Jeff on March 3, 2002 09:12 AM

    I know its old but… :)

    The easiest way to get a static IP on a Linksys is to simply specify the IP in the TCP/IP settings of Windows. Despite being set to DHCP you will get the requested IP (granted that its not already in use)

    Also, you can use an IP thats under the DHCP range (default would be between 192.168.1.2 and 192.168.1.99)

    Comment by Linky — 5/28/2003 @ 9:46 am

  66. “The Linksys tech support people are very accessable but don’t seem to know much beyond basic installation. And what is that strange accent they all have …. Posted by: Jim Burrett”

    If you call support in Europe its because most of them are dutch :)

    Comment by Linky — 5/28/2003 @ 9:53 am

  67. Jim,

    Couild you give me any Ideas on the following problem. I cannot ping any internet sites from my Windows xp computer through the Linksys befsr41 router. If I hook the cable modem up directly to my computer I can ping any site.

    This problem is also causing me not to be able to ping any of the work stations at my office.
    I can make a VPN connection. But I’m unable to ping any work stations.

    Comment by Robert — 5/28/2003 @ 7:37 pm

  68. I want to configure a Windows XP Professional PC throw an other service provider (At home) going throw the internet to the Linksys BEFVP41 Cable/DSL VPN Router and using the encryption 3DES and SHA Authentication, Also the Key Management without configurating a PPTP Microsoft server. The Linksys BEFVP41 Cable/DSL VPN Router is at work in a other location that access a Bell DSL modem.Is their a client that has to be installed on the PC? Can you help me to configure this problem?

    Can you clarify this for me!

    Is linksys going to make a vpn client for their routers because this equipment stats that VPN (Virtual Privet Network). It like being in your own network connection. Because Cisco has acquired Linksys. So does the Cisco VPN client product work with Linksys routers.

    Comment by LUC — 6/5/2003 @ 8:36 am

  69. First, thanks to Jim for putting this page up.
    I purchased 2 BEFVP41’s last week – my previous VPN experience was with Checkpoint/SecureRemote on T1/Host–Dial-up/Clients. In this scenario both office and home locations are DSL with dynamic IP’s. I used DDNS to setup a FQDN for the office router. Office setup is as follows: 192.168.2.0; 192.168.2.2=PDC/DHCP_Server/WINS_Server; 192.168.2.1=VP41. VPN setup as follows: LSGrp=Subnet/192.168.2.1/255.255.255.0; RSGrp=Any; RSGw=Any; On both sides: Encr=3DES; Auth=MD5; PFC=On; Advanced=MainMode & Anti-Replay HomeNet setup is as follows: LSGrp=Subnet/192.168.1.1/255.255.255.0; RSGrp=Subnet/192.168.2.1/255.255.255.0; RSGw=FQDN/DDNS_Name On my HomeNet computers I set 192.168.2.2 as WINS Server. VPN connects fine; I can ping by IP or Name; Can access company Intranet; Can open MSExchange email; Can mount remote drives; Do not see remote computers in NN, but it doesn’t matter for my purposes as I can view resources if I enter \\computer-name. When my HomeNet computers were in same domain I was able to browse office domain in NN, but I have changed to Workgroup at home. Using 2000/Pro at home and NT_Domain/XP-Pro_Clients at office.When I compare the ease and price of this setup to other solutions I am quite pleased. To the person that was getting the “IKE[1] ERROR: This tunnel should not be initiator !” error – I recvd this error when I setup the HomeNet RSGrp=Any – changing this to the Office Subnet resolved the error.

    Comment by Rachel — 6/8/2003 @ 12:41 am

  70. Luc, there is some information on the Linksys knowlage base regarding Cisco VPN connections. Because Cisco purchased Linksys unfortunealty dosent mean all thier products work together perfectly :)

    Comment by Linky — 6/13/2003 @ 1:11 am

  71. Yes, thanks, Jim for putting this page up.
    I had been considering using Linksys BEFVP boxes for secure connectivity between office and home LANs - but wanted to verify there were other users out there who got these boxes to work. A google search pops this page right up.

    I bought two BEFVPs and after a couple hours of experimenting, got the whole thing to work fine. Now more people are jumping in the bandwagon deploying these in their houses.Yes, the documentation could have a been better and error messages in the logs a bit more descriptive, but, heck, for $95 - I love it :)

    Comment by Zardoz — 6/25/2003 @ 12:21 pm

  72. trying to vpn with two nic server…one wan one lan using pppoe…can it be done and how to..
    thanks

    Comment by jmw — 8/10/2003 @ 5:39 pm

  73. I have just installed 8 BEFVP41 VPN Routers with all except one using dynamic DNS (www.dyndns.org). All the Routers were very unstable until I updated the firmware to V1.41.0. This is a beta firmware release but all my problems went away and I have not had one dropped tunnel. Anyone using this model VPN Router needs to update to 1.41.0.

    Comment by Gil Daley — 8/13/2003 @ 3:47 pm

  74. I have installed and configured a few xp machines via ipsec to create tunnels to linksys vpn routers. Your instructions and tip have been very helpful, so thank you :)

    I have one xp machine behind a linksys router that used to work then all of a sudden no longer works. I hav gone through the setup about 10 times to ensure everything is setup properly, but no matter what I do I cannot create the tunnel, when I try to ping it just continually times out.

    I was wondering whether you have heard of any MS patches/hotfixes that may have casued this. My other machines are still connected and functioning well.

    Any assistance you can over would be greatly appreciated.

    Thanks,

    Ryan

    Comment by Ryan — 8/27/2003 @ 9:12 pm

  75. Hi Jim / Hi All.
    I have setup a VPN tunnel using two Linksys BEFsx41 routers. The tunnel connects fine and seems to be pretty stabile. The problem I am having is being able to see the PC’s or servers on each side of the link. I can ping any PC on either side and the actual router addresses. I have enabled the Netbios on each router. Linksys stated to try and change the MTU settings on each router. I tried this with no luck. I also have Netbuei and IPX/SPX enabled on the PC’s. I am using Windows 2000 Professional OS on both ends.
    Any tip or suggestions would be very appreciative.
    Thanks, Richie

    Comment by Richie Bloodworth — 8/28/2003 @ 6:29 pm

  76. wow, looks like it is do or die for me. I will see if what is listed above helps me. Thanks for all the feedback folks

    Comment by klint — 9/11/2003 @ 11:41 pm

  77. Jim has done a great job with this site. Best info on Linksys BEFVP41 I have seen in a year.

    Here is my situation, I have several BEFVP41s setup. All but two lose their WAN DHCP IP address intermittently, sometime daily. I am using cable modems. Of the two that do not lose the IP, one has a static. CADrifter posted a similar issue in April. Gil Daley, did you have to call Linksys for the 1.41.0 firmware?

    Comment by Dave — 9/15/2003 @ 6:12 pm

  78. Dave, the only time one of my vp41’s have lost their brain is when the ISP for our office had problems with their Qwest line. The vp41 reset itself, don’t know why. We’re still running fairly old firmware, 1.40.2, I think.

    Comment by Jim Moy — 9/18/2003 @ 1:50 pm

  79. For those that have been trying to share files and printers across a Linksys VPN, and are getting the Negotiating IP Security response when trying to ping across, you simply need to add a static route and enable NetBIOS Broadcast. See my article for more info

    Comment by dave — 9/22/2003 @ 12:07 pm

  80. My compliments to the host of this site. I say this just for the patients he has shown in continuing to post answers to questions he has received. I appreciate not only his original post regarding his personal experience with this product, but his continuing effort to share information with each inquiry even where he cannot claim the knowledge to provide a solution. While, unfortunately for me, the solution to my own problem with this Linksys Product does not appear on this sit, I still felt compelled to thank Jim for his attentivness to those whom continue to inquire here…Thanks Again Jim…Ken

    Comment by Ken — 9/27/2003 @ 1:04 am

  81. Thanks for the pointer dave, I touched up your post to make your URL a link.

    Comment by Jim Moy — 10/2/2003 @ 2:39 pm

  82. Hey Jim, I have two BEFVP41 VPN routers. I am trying to connect my remote offcie PC’s to our main server. I have the routers behind my Actiontec DSL modems. I am able to ping my server’s IP. I use the IP of the server for doain name so I can login the remote pc, but I get an authorization failure. What do I need to do to allow the remote pc to login to the Domain controller/server? The server is Windows 2000 server. Thanks

    Comment by Richard — 10/4/2003 @ 4:13 pm

  83. Hi , I have 2 BEFVP41 , one of them at other town , and the second in my office. The VPN connection works fine but only 2 network are visible each other - 10.30.11.0 /remote office/ and 10.11.11.0 /my office/. In my office I have more than one network /10.14.11.0;10.66.66.0 etc./, but the others can’t ping 10.30.11.1. At main cisco router I have a route 10.30.11.0 trought 10.11.11.227 / linksys’s private IP. In other case if I put both linksys in one network trouhg public interfaces , all networks are visible, but in the case wich I describe at the top , the ping command returns time out.Can you tell me that to do ?

    Comment by Svetlio — 10/6/2003 @ 4:39 am

  84. Has anyone had any experience setting up the befvp41 with a Sonic wall SOHO3? (Befvp41 at one end and Sonic Wall at the other) Either using the SOHO VPN or connecting another befvp41 to the sonic wall?

    Comment by Fasted — 10/30/2003 @ 11:49 am

  85. JIM, Good day! I would like to know if I set up two (2) branches (A & B) using Linksys VPN Router on each side, can a remote computer with operating systems such as Mac or Windows be able to connect to either branch A or branch B using their built-in VPN software. This should apply to our current situation because we have a Plant(branch A), an office (branchB) and mobile and home users (remote without Linksys VPN router) that needs to get connected on either branch. Is this possible? Please advise. More power!

    Comment by razel dazel — 11/6/2003 @ 8:01 pm

  86. Razel, sure I was doing essentially what you described when I was running the built-in Win2K IPSec client. I haven’t tried the equivalent on the Mac, but I suspect such software exists, particularly on OS-X. Anyone out there with OS-X to verify this?

    Comment by Jim Moy — 11/16/2003 @ 7:58 pm

  87. Hi Jim, I would like to ask a basic question which I couldn’t find an answer to by scanning the questions posted. I have a linksys BEFSX41 vpn/router/firewall in my home, connected by DSL to the internet. Here’s the question. When I take my laptop (running XP) on a trip, and use my aircard to connect to the internet, can I setup a VPN connection back into my home network by pointing to the IP address (WAN address) of my home network. Would I then get a LAN (192.168.x.x) address from the DHCP in the Linksys router and be “on” my home network? I want to do this so I can use Laplink to control my home machine WITHOUT having to put it in the DMZ. If this is possible, is there some tutorial that might explain how to do it? Thanks for your time.

    Comment by ron — 12/20/2003 @ 3:49 pm

  88. Jim,

    I’m using Linksys VPN routers, and there is absolutely no info in any help screen or manual regarding DDNS. Assuming the DDNS info is valid and enabled, do you know how often it refreshes DDNS, or does it refresh each time the router connects ?

    Comment by Captain P — 1/6/2004 @ 7:01 am

  89. Hi Jim. I have a second hand Netgear RP114 router which I have been attempting to set up for my SBC Yahoo! DSL service. I had previously installed their “Efficient Networks: Enternet 300″ connection software to establish the connection. I attached the router and went through the firmware upgrade and setup (many times). I disabled the Efficient Networks PPPoP adapter. Checked the IP settings, server name, etc. But when I ping I cannot get past 192.168.0.2 (dsl modem). I’ve tried everything. Does sbc yahoo not allow the connection through routers? i know they discourage it. but are they able to prevent it like that? And as for the rodents of unusual size, i don’t believe they exist. Thank you.

    Comment by D — 1/18/2004 @ 1:07 am

  90. Hi,

    I have connected two BEFVP41 at two networks, now both endponits is connected, But I not understand how Authenticate to users.

    If the two BEFVP41 is connected What is the next step?

    Thanks

    Regards.

    Comment by Babe meneses — 1/27/2004 @ 9:15 am

  91. I want to set up VPN on my BEFSX41. I have set up DDNS using dyndns.org Now I want to know which software to use to log into the router remotely via VPN. The router is set up

    Comment by Ad — 2/5/2004 @ 9:53 am

  92. I have a Linsys VPN Router on my Home Network that I use as a gateway to the internet.

    I want to be able to access my Home Network from work.

    My work machine is running WinXP. I went through the Linksys instructions step by step, but I cant connect to home from work… (nor work from home for that matter)

    Whats the problem? Here at work, I am behind a firewall, but this isnt the problem is it?

    Comment by Joe — 3/3/2004 @ 1:16 pm

  93. MacOSX does include the nessecary client software to connect to the Linksys BEFVP41. There are some additional setings that can be set via the comand line. I am in the progress of connecting a BEFVP41 to an InstagateEX2 router with Win2000 and MacOSX clients. Shot me an email if you are doing or have done something similar.

    Comment by Matt Corcoran — 3/16/2004 @ 1:14 pm

  94. Hi Jim..nice site for Linksys fans…I hope this one stays up as long as there are people longing for an answer to VPN’s and Linksys issues…Thanks for the help, Jim :)

    Comment by Chris Decano — 3/24/2004 @ 8:13 pm

  95. Hey Jim, thanks in advance for the help. I am in healthcare and we are going to set up a centralized office with several imaging centers sending xrays to an archive at the centralized location. We want to have a linksys BEFVP41 at the centralized location and have BEFSX41 at the imaging centers. First of all, is the linksys products stable and secure enough for this type of application and second will these VPN connections always be available while the DSL is connected? Thanks again.

    Comment by Tony — 3/30/2004 @ 6:52 am

  96. I have a Linksys RV082 using DDNS and a Router BEFSX41 using DDNS.
    If I make a VPN using the Wan Ip of each side it works fine.
    But I need to make a VPN using de FQDN on each side. I cantttt make it works.
    Anyone have the correct config to make this work ?

    Comment by Diego de la Fuente — 4/21/2004 @ 7:36 pm

  97. Tony, we have four vp41’s at remote sites, and they all connect to the one at the office which is behind a DSL line. If the route drops between the office and any of the other vp41’s, it occasionally requires the tunnel to be dis/re-connected from the admin page, but that doesn’t happen to often.

    Comment by Jim Moy — 5/12/2004 @ 4:11 pm

  98. I finally got around to updating to the 1.41.1 version of the firmware, because the office side was being forced to update for an incompatibility with its new DSL setup.

    I then spent two days of wondering why it wasn’t reliably re-connecting after network outages like it used to. Turns out that whatever number I had previously entered into the Key Lifetime field on the VPN configuration page was causing it to timeout and then not automatically re-connect. I didn’t write it down, but after the new firmware upgrade there was a very large number in that field, possibly a new interpretation of the number that was there before.

    So I reduced the value to something shorter (my programmer self automatically picking a number smaller than the nearest signed-integer rollover value), and everything’s back and working peachy again.

    Comment by Jim Moy — 7/19/2004 @ 9:53 pm

  99. Here’s another interesting factoid about weird VP41 behavior while I was configuring the tunnel at the office VP41 unit.

    I thought, since I recently changed IP addresses, that it would be good to have two tunnels in the VP41 configured, in case I use my old connection as a backup. That way I could enable/disable the appropriate tunnel based on which connection I was using.

    What happened is that when I had two tunnels configured for the same remote subnet, the second tunnel didn’t work. The configuration was exactly the same as the first tunnel, and the first was disabled, but the second tunnel still did not work. So I deleted all the entries associated with the second tunnel, changed the IP address of the first, and things are working again.

    So it looks like I’ll be sticking with my single-tunnel remote configuration.

    Comment by Jim Moy — 7/26/2004 @ 1:35 pm

  100. Please give the solution on vpn site to site with cisco 506W Firewall and ADSL router on both sites.Isp providing dynamic ip adress on both sides.
    Please let me teach how to make the vpn with dynamic ip address.

    Comment by swamy — 8/16/2004 @ 2:37 am

  101. I ve got a problem to connect my office to my home…can netscreen 50 establish VPN using IKE with pre-shared key to linksys befsx41. Actually, the log on netscreen shows “Rejected IKE packet from ethernet 3 with reason phase 1 IKE received from unrecognize peer gateway” that’s mean the unrecognize peer gateway is coming from Linksys….so how to solve it?…help me….

    Comment by alias — 8/18/2004 @ 7:53 pm

  102. Here’s a good one I didn’t find on your post. I have a VP41 set up at my main office with PPTP enabled. I have a SX41 set up at a remote office tunneling to the main office no problem.

    I use my home pc which is connected to a BEFW with pptp enabled to connect to a PPTP server behind the main office VP41. I have no problems connecting and accessing the resources at the main office. So what’s the problem? I cannot browse the internet.

    The MS VPN Client software has the “use default gateway on remote network” enabled. The tcp/ip dns setting is set to the dns server at the main office.

    Got any ideas to help solve this one? Been trouble shooting now for a week… If I disconnect from the pptp connection, internet browsing resumes no problem.

    Any help would be great.

    Comment by Tim — 9/24/2004 @ 12:52 am

  103. Tim - Sorry I can’t help you with your problem, but I wanted to ask you – It sounds like you have established a MS PPTP tunnel from your home clien to a server behind your VP41? I’m trying to accomplish the exact same setup, however I believe PPTP Pass-thru is broken on my VP41. Even though it is enabled it does not seem to be handling GRE IP Protocol 47. Can I ask what version your firmware is? I’m 1.41.1 (version 1 of VP41). Thanks!

    Comment by Matt Farley — 10/18/2004 @ 12:24 pm

  104. Hi Guys! For those who can get two VPN router to connect but cannot ping remote computer or see remote shares (like my case)

    I found out my problem is the subnet filter on my pc. i used 255.255.0.0 instead of 255.255.255.0 so the traffic that is suppose to go to the remote computer didn’t get routed to the local gateway which then forwards it to the remote gateway.

    after the correction i can ping the remote computer. even though i don’t see the remote computer in the Network Neighbourhood, i can connect to it by typing //myRemoteComputerName at the windows explorer.

    1. make sure local and remote network are on different sub nets
    2. make sure you enable sharing on your remote computer
    3. enable NetBIOS broadcast in VPN(if option is available)
    4. and many others mentioned in the posts before mine. ;)

    Hope this helps. :)
    Howard Lim

    Comment by Howard Lim — 11/3/2004 @ 9:48 pm

  105. Hi Jim & Hello to everyone reading this…

    Jim, could you please help me out but if I’m a bit of a bother to you, could you please refer me to someone who can solve my problem regarding BEFVP41 version2…

    you see, I have two BEFVP41 routers with firmware versions of 1.00.13…I need to get the VPN connected between these two and as of this time I’ve no luck in accomplishing the task…here are the details:

    siteA (main office with static IP)= dsl modem –> WRT54G –> befvp41

    siteB (remote office with dynamic IP)= dsl modem –> BEFVP41

    I’ve looked up the Linksys knowledge base…still no dice…

    Jim, any piece of advice or referral would be greatly appreciated.

    thank you very much and best regards,
    Chris

    Comment by Chris Decano — 11/8/2004 @ 12:53 am

  106. Chris, first get the firmware in both of your VP41’s upgraded. Then I’d suggest removing the 54G from the picture until you’ve got the VP41 working. On the office end put the DSL modem into “bridge” mode so the VP41 is handling the IP address directly, it’ll make the config easier. That should be a start. Only after the two VP41’s are talking should you try to add the 54G behind it on the office side.

    Comment by Jim Moy — 11/8/2004 @ 11:09 am

  107. I have 2 BEFSX41 router. I configured the VPN tunnel successfully I believe since the status is connected. Site A, WS A I can ping the router A internal (LAN) and external (WAN) IP, I can also ping the Site B exteral (WAN) IP but I cannot ping the internal(LAN)IP and the WS B. And vise versa from WS B to WS A. Am I missing something? Any inputs or suggestions. BTW, both router’s firmware have been updated already. Thanks

    Comment by jane — 11/25/2004 @ 11:18 am

  108. I assume by WS you mean a Workstation on the internal LAN behind router A. In which case are you trying to ping the IP address or the host name? If it’s a Windows machine you may need to turn on a switch to let NetBios broadcast traffic be routed over the VPN.

    Comment by Jim Moy — 11/25/2004 @ 11:07 pm

  109. Hi Jim. I have a Linksys BEFSX41 router, Comcast DSL connection to the Internet using a dynamic IP address, and a LAN with Windows 2000 Advanced Server with Active Directory and several computers connected to the router via Linksys Workgroup switches. I’ve been trying for the longest to VPN into the network. I’ve followed all the instructions and I keep getting “remote peer is not responding” when I try to connect. Can you help me with this problem?

    Comment by John — 12/2/2004 @ 6:11 pm

  110. John, does the router for your LAN pass the appropriate ports and protocols from/to the machine on which you’re trying to set up IPSec? Someone’s going to need a static IP so you can configure the Linksys VPN “gateway” to instigate the connection.

    Comment by Jim Moy — 12/4/2004 @ 12:12 pm

  111. Hey I think that Jim had already giving enough information about how to set up VPN between 2 remote using Linksys BEFVP41. The information given is very useful for those who need it. For those who have question again, I think they need to refer back the comment from the beginning coz i saw many of the questions had been asked and answered before. Please read from it start over and be patient when solving problem.
    10z to Jim….
    cheers…

    Comment by Jacque — 12/29/2004 @ 9:08 pm

  112. I am form Argentina. I have a problem with VP41. When a create the either VPN Tunnel with FQDN no save the settings of FQDN. Only i can create nine tunnels if i use an ip adress static. I need help. Sorry but my english is very poor.

    Comment by Diego — 2/2/2005 @ 12:06 pm

  113. Jim: I found a way to share the files between two BEFVP41 routers running XP Pro on multiple machines. I had to disable the XP SP2 firewall on each computer. Linksys is adamant that this is safe due to the built-in firewall of their routers. I was then able to map the drives as \\192.168.1.xxx\shareddocs. This works seemlessly when running between routers. There is a bit of a delay, even when saving files remotely, even with a broadband connection, but it is more convenient that using remote desktop. The one question I have is whether or not I can connect a VPN tunnel between my laptop when I am on the road (unkown IP in advance)? Thanks.

    Comment by Jon DeBord — 2/4/2005 @ 3:30 pm

  114. Jon, for the most part having the address translation in the Linksys protects you from direct attacks. But I believe the SP2 firewall includes some outgoing connection trapping that is also useful in case trojans get into your machine.

    If you have 2k or XP on your laptop then you may be able to get the software-only VPN client working. See the other post I have on using the VPN in this manner (though I’m no longer using that technique any more since the two-VP41 solution has worked so transparently for me).

    Comment by Jim Moy — 2/5/2005 @ 7:29 pm

  115. Jim,

    1.) Thanks for providing excellent information at your web site. I have A Comcast modem connected to a Vonage (Motorola VOIP VT1000) phone adaptor that is then connected to a BEFVP41 router + 4 PC’s. I’m trying to connect to the BEFVP41 remotely using “TheGreenBow VPN Client v2.50.019” software. I can not establish a tunnel with the Vonage box in the mix. If I remove Vonage box, I can establish a tunnel to the BEFVP41. Do you know how to make this work with out putting the Vonage box on the LAN side of the BEFVP41? The remote BEFVP41 LAN address is 192.168.2.0 and has a Static WAN IP address assigned to the Vonage box.

    2.) Once my remote PC establishes a tunnel (without Vonage), I’m NOT able to view network resources behind the BEFVP41 with out disabling the Windows XP SP2 Firewall on the PC I’m trying to connect to, behind the BEFVP41 router. At the remote PC, I can leave the Windows Firewall turned on. Is there a way to adjust a setting in the Windows Firewall that would permit me to turn on the Firewall for the PC’s behind the BEFVP41? Or should I not worry about the Firewall and leave it off? I feel like my pants are down with it off.

    3.) I’m using the trial version of The GreenBow client software. Is this my best choice to use with the BEFVP41 or is there something else that would give more bang for the buck?

    Thanks, Phil

    Comment by Phil Scarbrough — 2/13/2005 @ 3:44 pm

  116. Hi Jim I have RV042 linksys vpn router and I want to setup a vpn from my house to to my office. I have public IP’s at the office on 6 computers. I am currently using Bellsouth Netopia router, at home and at the office, can you give me some diirection on how to set it up. Thank you in advance.

    Comment by Vincent Arthur — 2/15/2005 @ 1:33 pm

  117. Hi Jim,
    I Have two Befsx41’s How heard is to vpn them together. Can you give me help regarding this issue I know that i need my static ip from road runner in order to connect.

    Comment by Jeb Castle — 3/22/2005 @ 1:47 pm

  118. hi jim, i have two BEFVP41 Linksys VPN Router, im using static ip, i follow the manuals on how to configure the VPN, but the status is still disconnected, for how many times i tried to change the configuration but still disconnected. can u send pictures of the Linksys VPN Configuration.. pls.. as of now i’m not connected… thanks and advanced..pls email me this: sayiha_all@yahoo.com

    Comment by al — 4/1/2005 @ 8:21 pm

  119. hi jim, i have two BEFVP41 Linksys VPN Router, im using static ip, i follow the manuals on how to configure the VPN, but the status is still disconnected, for how many times i tried to change the configuration but still disconnected. could u send me a pictures of the Linksys VPN Configuration.. please. I hope to hear from you soon.

    Comment by sophearom — 4/14/2005 @ 4:31 am

  120. Hi jim, I’m trying to setup a VPN between my house and office, the office has a static IP, the house a dynamic IP. When I follow the instruction from linksys how to setup a VPN I can connect the VPN Tunnel but that’s it . The office is running Small business server 2000 and is a domain, the router connects to the network thru a second network card on the server, the DHCP feature is disabled on the router. How can I connect to my server? please help me. Thank you

    Comment by Haroust — 5/11/2005 @ 7:44 pm

  121. Haroust, look at previous comments about NetBIOS. You may also need to figure out how to use your `windows\system32\drivers\etc\hosts` file.

    Comment by Jim Moy — 5/12/2005 @ 9:13 am

  122. Quick question. Setting up a VPN tunnel between a Netscreen and a Linksys BEFSX41. When the Linksys is set to connect as a static IP, everything works fine. When the Linksys is set as dynamic IP the Netscreen reports that packets are received before expected and stops the authentication process. Any idea on how to fix this?

    Comment by Melrose — 6/6/2005 @ 10:05 am

  123. Hi Jim, I am using a Linksys BEFVP41 in front of a Win 2000 server. NETBIOS is enabled and I was able to connect an IPSEC tunnel and see the file system using both a Max OS X and a Win XP machine when directly connected to my home DSL modem. I recently got ComCast cable modem and they are blocking (filtering) TCL ports 135-139 and 445. I can still build the tunnel but can’t ping the Win 2000 server or see any of the shared files. Is there a way to move NETBIOS/Samba to other ports? Thanks

    Comment by Brad — 7/13/2005 @ 3:56 pm

  124. Brad, you’re probably better off on the Samba forums than here. I’ve never tried messing with the standard NetBios ports. Doesn’t seem like it should matter though, since all traffic is going to go out over the encrypted tunnel, bypassing whatever the cable modem is blocking.

    Comment by Jim Moy — 7/14/2005 @ 3:53 pm

  125. hi jim. thanks for putting up with us!
    i have a befsx41 at home with a cable modem connected and two pc’s.
    i am trying to connect from work (remote end) to home (befsx41 + cable modem)…static ip.

    i followed the instructions according to the linksys manual for setting up ipsec pols on each machine. i set them up both exactly the same way and use preshare key. i also turned off xp firewall at home

    on the remote end (at work) i am on XP PRo machine on a diff subnet 192.168.0.72
    my local machine is XP PRo (at home) IP is 192.168.1.57

    i set the policies up as follows:
    filter list
    1. xp -> bfsx
    source = any ip
    destination = specific ip - (192.168.1.57)

    2. bfsx -> xp
    source = specific ip - (192.168.1.57)

    destination ip = any ip

    and the tunnel endpoint was my WAN IP

    ============================================================
    as for the router

    Local Secure Group: Subnet IP 192.168.1.0
    Mask 255.255.255.0
    Remote Secure Group: ANY IP

    Encryption: 3DES Authentication: MD5
    Key Management: Auto: (IKE)
    PFS (Selected)
    pre-shared-key: test
    Key Lifetime: 3600

    ============================================
    to establish connection:
    i created a new connection using wizard on xp (remote)
    VPN - using the WAN IP as the Host address

    and allowed incoming connnections on the XP (home)
    I added two users that have local acounts on the machine.

    ** when i try to connect i get error 678 - the remote computer did not respond.

    can u tell me what i did wrong ? and how to resolve ?

    thank you.

    Comment by james — 7/29/2005 @ 12:31 pm

  126. Jim, you’re the man! I was having trouble getting machines to talk through the VPN even though my two BEFVP41’s established a connection, I was searching through this page, just reading your responses. I came across the one response (#99) that mentioned having two alternate tunnels setup, one disabled and one enabled, and the disabled tunnel still prevented the enabled tunnel from working. I recognized that immediately as my situation, deleted the alternate tunnel and it fixed my problem.

    Thank you.

    Comment by Dave — 8/22/2005 @ 10:08 am

  127. good day jim,

    We buy two linksys router the befvp41 and befsx41 for vpn using both two static address both sides, I’m going to put befvp41 at main site and befsx41 at branch side, are apllication is client/server environment (ORACLE). my question is that my workstations at the branch side can connect to our Oracle Database server?

    Comment by albert — 1/25/2006 @ 1:30 am

  128. Jim,

    Using the Linksys WRV54G VPN router at a small office. Using the Linksys QuickVPN client to connect to the WRV54G. The VPN client connects fine, and I can ping all devices on the office LAN segment just fine. I am back to the age-old issue of being able to browse and map to Microsoft devices. The WRV54G lets you enable ‘NETBIOS broadcast’ only on site-to-site (router to router) VPN Tunnels - nothing for the remote access VPN users. Funny thing is I can not even map to a known share using //IP_ADDRESS/SHARE. Using a local LMHOSTS file does not work, either. Using latest 2.37.1 firmware. Any ideas? I thought of possibly using the port forwarding feature to forward the Mircosoft NETBIOS ports to the specific MS 200 server, but feel that would leave me exposed to every known virus using those Microsoft ports…

    Comment by Tom Whaley — 2/6/2006 @ 12:20 pm

  129. Can u suggest VPN router RV042 configuration method.

    Comment by Sudhanshu Shekhar — 5/1/2006 @ 7:17 am

  130. #128: Hi, I have the same problem with an RV042… From what I read (haven’t tried it yet), you should enable netbios on the client (remote) PC (network connections -> TCP/IP -> Advanced) and disable the XP Firewall on the remote computer. Good luck!

    Comment by Dan — 5/12/2006 @ 12:38 am

  131. Hello, i have read here about people connecting their vpns using FQDN for the local/remote secure gateway type on befsx41 and befvp41 routers. i have been working with linksys support for days, finally they tell me, because my befsx41 does not have FQDN (let alone any local secure gateway settings) it will not work with ddns services and a dynamic ip. they tell me also, that they do not manufacture a soho router capable of using FQDN local/remote secure gateway types. how is it that the people in this foroum can do it? i have a befsx41 on a dynamic ip trying to connect to a rv016 with static ip. any information would be very helpful, as this is now the 3rd time i have had to send 3 purchased routers of the same type back and buy a different model (each time linksys says that’s the model that will work) =(

    please send response to mcass@di-comm.com with linksys vpn in subject line if at all possible. thank you.

    mark

    Comment by Mark — 8/16/2006 @ 11:25 am

  132. Hi Jim,

    I am also trying to setup a VP41 to VP41 VPN connection. I have two static ips provided by ISP. So, I had set up one for each of the VP41. Since they are under the same account, both rounter’s has the same IP addr. under the Romte Security Gateway. Both Local Secure Group and Remote Secure Group are points to each LAN’s Subnet and the Remote Subnet respectively. But I have NOT yet successfully connected. My Logs has always been:

    2006-11-15 10:23:47 IKE[1] Tx >> MM_I1 : “Default Security Gateway” SA
    and that is it all for the VPN portion!.

    I have been trying almost everything but in valid, greatly appreciated for any help offer.

    Thanks a lot!
    Howard

    Comment by Howard — 11/15/2006 @ 10:43 am

  133. at wits end! we just installed a Linksys RV082. works fine. When we installed QuickVPN on the clients though, it hangs on “Verifying Network” the icon says disconnected but they are actually on. Problem is the message and they can’t disconnect because it thinks it’s not connected! Had Cisco VPN client on before, did a uninstall and cleaned up the registry…in case i missed something? Thanks in advance. jim

    Comment by jim — 11/21/2006 @ 9:10 am

  134. Hi Jim and everybody! I’m wondering how to setup a VPN secured tunnel with this network layout:

    Internet WAN (BEFSX41) LAN

    Comment by Ivica — 1/23/2007 @ 6:33 pm

  135. Let’s try again ;) We need to secure a wireless link (between 2 buildings) used to access internet. How do we setup VPN for this layout: INTERNET – BEFSX41 – VPN TO SECURE EXISTING WIRELESS LINK – BEFSX41 – SWITCHED LAN. We’d like to use both Linksys routers as firewalls as well… Thanks for any help!

    Comment by Ivica — 1/24/2007 @ 3:05 am

  136. Hi! I have connected one vpn router BEFVP41 at my office and one at my home. both shows connected but I can’t ping at my home from office and vice a versa. I have installed Linux firewall. Is that problem? how to solve this problem? My office router and firewall has different gateways. If I change firewall gateway to router gateway address in my pc than I can get home network but i can’t access internet and LAN.

    Comment by het — 2/9/2007 @ 1:56 pm

  137. Hi! I have a 2 BEFVP41 router at my office and one that will be used to deploy at different location. When i connect my router on the same lan everything works fine but when i take my deployed router and place it on a different Network it does’t work. My tunnel displays a sucess, but i can’t ping or pass any traffic. My office router is using a static route pointing to my network and the local IP address for that router is 192.168.1.1 and my remote router is using DHCP and local address is 192.168.0.1. I was told that i need a proxy server added in my routing on the office router that that the router will know how to route back. i’ve tryed everything. Can some one help me out

    Comment by Johnnie Smith — 3/13/2007 @ 6:28 am

  138. jim, i have a problem with my VPN router (BEFSX41). id already configure two BEFSX41, the one is my office and the other one is on my house. I was completely configured base from the manual given. But my problem is, the status option is still “disconnected” id tried everything and nothing happened still disconnected. did i missed to configured? please help with my problem.. Thanks

    Comment by Ricardo Maloloy-on — 4/3/2007 @ 12:26 am

  139. Wow. Great info from everyone. Thanks guys! Much appreciated!

    Justin

    Comment by Riverbed — 1/20/2008 @ 8:42 pm

  140. wow, you’re famous =) i’m not here to ask questions, but I am happy to say I have gotten vpn working on cisco 1841 router and i guess i’ll try my hand at a linksys next week.

    Comment by systek — 3/6/2008 @ 10:03 am

  141. Hi, I look for a router which is able to connect two nets over the internet usung VPN Ipsec but is also able to forward NetBIOS Broadcasting, so I can see machines on both nets as usual in winXP, including NAS boxes. I found some older enties talking about problems, maybe this problems are solved now. I dont have a server on one of the nets, so I dont have a WINS available.
    Thanks for helping
    Gerhard

    Comment by Gerhard Kreuzer — 4/12/2008 @ 4:01 am

  142. Hello,

    I have two BEFSX41 Linksys routers set up and have established the VPN connection. Both routers are in two different sites. Even though the VPN page says that the connection is CONNECTED. I am unable to ping the remote router through the diagnositc tool on the Linksys admin page and vise-versa. Both sites are two different subnets and I have RIP turned on. Am I missing something? Why can’t I ping the remote router from the other router when it says the VPN connection is established?

    Comment by Jeff — 7/17/2008 @ 6:52 pm

  143. Hi jim,

    one question..I have configured a vpn connection from office to all the other branches but the ip on the other branch are on DHCP and I am trying out the dynamic ip+domain and dynamic ip +email but it does not seem to be connecting…!!!I am using on the main office and the other branch the RV042 router..!!!pliz help…

    Comment by usa — 8/17/2009 @ 11:02 pm

  144. Is Linksys BEFVP41 applicable in windows framework. I tried to connect it with my laptop but failed to do so. I don’t know weather there is a link between DHCP and Linksys BEFVP41. Do I need to change anything in subnet mask? Can it be used in case of remote access?

    Comment by remote access — 11/3/2009 @ 3:57 am

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>


Powered by WordPress