Showing results for 
Search instead for 
Do you mean 
Reply
Posts: 9
Registered: ‎09-13-2006

RV082 Firewall blocks Quick VPN

I got quickVPN up and working with a number of our users, however, I ran into an issue where a few of them were not able to connect to the router at all.

Upon further testing, I found that by disabling the firewall for the RV082, they could connect.

Checking the logs (with wallwatcher) I was able to find that the RV082 was denying connections from these clients because it mistakenly believed that the QuickVPN client was a syn flood....

--------------------------------------------------
ratelimit: 1 messages of type block-synflood reported 1 second(s) ago
gate syslog_nk-(vpn log)encrypted informational exchange message is invalid because it is for incomplete isakmp sa
ratelimit: 1 messages of type block-synflood reported 9 second(s) ago
ratelimit: 1 messages of type block-synflood reported 1 second(s) ago
--------------------------------------------------

If I turn off the firewall, these messages dissapear, and the client can connect.

Why does QuickVPN cause a situation where the firewall thinks it is under a synflood?
Posts: 9
Registered: ‎09-13-2006

Re: RV082 Firewall blocks Quick VPN

What is also confusing the hell out of me is that these clients can't connect with the firewall up, but they can with the firewall down as I mentioned above. However, all other clients can connect, and the QuickVPN log on each of their machines shows nothing of any note:


wget_error.txt:
----------------------------------------------------------
-11:02:16-- https://USERNAME_OBSCURED:*password*@IP_OBSCURED/StartConnection.htm?version=1?IP=10.0.0.4?USER=OBSCURED
=> `C://Program Files//Linksys//Linksys VPN Client//vpnserver.conf'
Connecting to IP_OBSCURED:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

0K 132.81 KB/s

11:02:22 (132.81 KB/s) - `C://Program Files//Linksys//Linksys VPN Client//vpnserver.conf' saved [136]
----------------------------------------------------------


wget_stop_error.txt:
----------------------------------------------------------
--10:07:13-- https://USERNAME_OBSCURED:*password*@IP_OBSCURED/StopConnection.htm?version=1?status=disable?IP=10.0.0.4?USER=OBSCURED
=> `C://Program Files//Linksys//Linksys VPN Client//stopconn.conf'
Connecting to IP_OBSCURED:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

0K 97.66 KB/s

10:07:14 (97.66 KB/s) - `C://Program Files//Linksys//Linksys VPN Client//stopconn.conf' saved [100]
----------------------------------------------------------





What I don't understand about the above is that the client seems to be trying a network of 10.0.0.4 which is not on the remote or local network at all. however, as you can see, there is nothing in the logs. The client just hangs at "verifying network connection" and then times out after exactly 7 min. Turning off the firewall allows these 3 users who are having this problem to connect nearly instantly. All other VPN users have no problems connecting regardless of the firewall state.

I am totally confused, and finding almost no logs that explain this issue.
granth
Posts: 3
Registered: ‎10-31-2006

Re: RV082 Firewall blocks Quick VPN

[ Edited ]
Have you checked the System Log of your RV082?

I have been having trouble connecting to a RV082 via QuickVPN. QuickVPN hangs on "verifying network" but I noticed the following errors on the RV082 system log that may have something to do with the issue:


Oct 31 20:55:30 2006 VPN Log Ignoring Vendor ID payload Type = [FRAGMENTATION]

Oct 31 20:55:30 2006 VPN Log We require peer to have ID '72.49.x.x', but peer declares '192.168.1.130'

Oct 31 20:55:41 2006 VPN Log Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA

Oct 31 21:39:34 2006 Connection Accepted TCP 72.49.x.x:1477->10.x.0.11:443 on ixp1

Oct 31 21:39:49 2006 Connection Accepted UDP 72.49.x.x:500->10.x.0.96:500 on ixp1

Oct 31 21:42:30 2006 Connection Accepted UDP 10.x.0.10:2585->72.49.x.x:1494 on ixp1


My PC is behind a gateway, so the IP address is not a real-world IP. This is what you see in the second error above. I plugged my PC directly into my DSL modem and got an external IP but I still couldn't get the VPN working.

The first error is most likely due to my MTU being the wrong size. Setting it to 1492 might eliminate that error. The third error might also be due to a wrong MTU size.

The last three messages aren't really errors but they state that VPN related packets were forwarded to hosts inside the LAN. I'm going to remove any forwarding rules this weekend to do more testing.

I'm not sure all of the information above is 100% correct, but it's a start. Also, see the sticky post on the top of this forum. It provides links to aid in the setup of QuickVPN.


granth

Message Edited by granth on 10-31-200607:25 PM

Message Edited by granth on 10-31-200607:28 PM

Posts: 26
Registered: ‎07-09-2006

Re: RV082 Firewall blocks Quick VPN

Can you provide the following info?

What is the firmware version of your router?
Is the VPN clients having problems when Firewall is enabled also behind a router?
psdamiani
Posts: 3
Registered: ‎12-24-2006

Re: RV082 Firewall blocks Quick VPN

I'am having the same problem with a RV042 Fw 1.3.7.4 - Client 1.28
It was working fine and suddenly stopped.-
With no firewall works ok.-
 
With wget I see It can't create vpnserver.conf.-
When I disable the firewall the log says the same you posted.-
 
 
Could you solve the problem?,.
Please tell me how.-
Thanks
 
Peter
 
Swiftnets
Posts: 17
Registered: ‎05-01-2007

Re: RV082 Firewall blocks Quick VPN

I'm having the same issue as well

Has anything come of it?

Michael
psdamiani
Posts: 3
Registered: ‎12-24-2006

Re: RV082 Firewall blocks Quick VPN

Somethings gets corrupted.-
to solve:
Reset to factory.-
Then reconfigure de router.-
 
Hope this helps.-
Psdamiani
 
 
PhillyIdol
Posts: 5
Registered: ‎05-11-2007

Re: RV082 Firewall blocks Quick VPN

Is there another way to fix this without resetting to factory settings?
 
Kind of not an option for me.
 
I'm sure there's a firewall setting, or gateway setting, that can be 'tweaked', to correct the issue.
 
For some issues, all we've had to do was unplug the router, and plug it back in (like for the log emailing errors), but this didn't help with this issue.
 
Have the RV082 - v1.3.5
descalante2007
Posts: 3
Registered: ‎08-14-2007

Re: RV082 Firewall blocks Quick VPN

I'm having a very similar problem. In my case I have a WRV200 (1.0.32.2) and QuickVPN (1.2.5). The process finish with a "Verifyng Network" and exactly after one minute "The remote gateway is not responding". I had monitor my PC interface with Ethereal software and I saw a ping request to Router's LAN IP address is send several times but no response is coming back. When I check the VPN Client status in the router it indicates Online. Did you find the solution for RV082? Could it be the same for WRV200? Thanks in advance.
g8wcn
Posts: 3
Registered: ‎11-24-2007

Re: RV082 Firewall blocks Quick VPN

This is clearly a bug here, what I think is happening is the QuickVPN client is sending out a bunch of pings to the router, the router then blocks that address and the client can no longer connect. If I disable the firewal option "Block WAN request" the VPN client works, the down side is everyone and the world now knows my IP is active!!!!
 
Doesn't anyone test this Quick VPN software for god sake!!!