Reply
dkim514
Posts: 3
Registered: ‎04-26-2008

Remote access to BEFVP41

Just purchased BEFVP41 ver 2.1 and I cant figure out how to set up remote access to BEFVP41. The router has a static IP.
 
Just to keep things simple, I went into the VPN tab, and enabled all connections. Then from my laptop using an aircard, I ran the XP VPN wizard, and tried to connect but with no success.
 
I can ping the router but just cant access it.
 
Thanks for the help in advance.
 
great_white
Posts: 2,324
Registered: ‎09-07-2006

Re: Remote access to BEFVP41

Hi, try this link, it would be helpful
Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: Remote access to BEFVP41

[ Edited ]
You have to configure the VPN tunnel end on the BEF. The passthrough options are something else. You have to define the local and remote security group.

Moreover, the BEF only supports IPSec tunnels. The standard VPN clients in windows which are supported by the wizards are only PPTP and L2TP. The BEF does not have a PPTP or L2TP server. Manually configuring IPSec on Windows is a pain. You may consider getting some IPSec based VPN client.

Remote access to the router itself, i.e. the management interface, is on the Administration tab. It has nothing to do with VPN.

Message Edited by gv on 04-28-2008 11:45 AM
dkim514
Posts: 3
Registered: ‎04-26-2008

Re: Remote access to BEFVP41

[ Edited ]

Thank you, Great White. Unfortunately and which I was afraid of, I agree with gv. I don't think BEFVP41 "works as advertised."



gv, any recommendation on a reasonably priced VPN router that will accomplish the following:



I have:



  • Windows Server 2003 Small Business Ed with 5 CAL
  • Server side authentication
  • DSL with static IP
  • Linksys router
  • Netgear 16-port switch
  • 10 XP Home comps on the network


  • I'm trying to setup the environment so up to 10 users can connect to the Server simultaneously and access the files from remote locations.



    Thank you in advance once again!



    Message Edited by dkim514 on 04-27-2008 09:18 PM
    Expert
    Expert
    Posts: 12,649
    Registered: ‎07-16-2006

    Re: Remote access to BEFVP41

    The BEFVP41 works as advertised. At least they say
    • Full IPSec Virtual Private Network (VPN) Capability Supports DES and 3DES Encryption Algorithms Supports MD5 and SHA Authentications Algorithms Supports IKE Key Management Virtual Private Network Capacity
    • No IPSec VPN Client Software Needed


    and both things are true. You have IPSec capabilities and your don't need a special IPSec VPN client software. They just don't say that it is really complicated in Windows to configure it.

    I can't really give recommendations. For serious VPN networking I have got myself a Cisco router. A PIX, SonicWall, or similar should do their job. In respect to reliability and stability they are far superior to the Linksys devices. But of course, the price is higher and it is more complicated to setup on the server end.

    I don't know how complicated it is to setup a VPN server on the Windows Server itself. This may be an option to connect directly to the server. However, I guess you have to use NAT which can make it impossible: if VPN clients and the VPN server are both behind NAT you'll have a hard time getting it to work. If you are able to get a public IP address for the Windows Server it should work fine.

    Otherwise, I guess you want something with an PPTP or L2TP server. I know the Linksys RV series routers have a PPTP server. Others may have, too. Many Linksys VPN routers support the Linksys QuickVPN client which does IPSec tunnels. But I cannot tell how reliably QuickVPN is. Moreover, I am not sure what the limits are. Could be 5 or 10. You have to check the data sheets.

    Sorry, but I guess I am not much of help with recommendations...
    dkim514
    Posts: 3
    Registered: ‎04-26-2008

    Re: Remote access to BEFVP41

    gv, thank you for the prompt feedback. Before I purchase another router, just want to confirm that I'm looking at the right one
     
    1. Linksys BEFSX41 - says it supports IPSec and PPTP Pass-Through
     
    2. Linksys RVS4000 - 5 QuickVPN (does this mean that it comes with 5 licenses?), 5 IPSec, and VPN Passthrough of PPTP, L2TP, IPSec
     
    3. Linksys RVL200 - 5 SSL, 1 IPSec, and VPN Passthrough of PPTP, L2TP, IPSec

    Will all 3 routers achieve the simple client-to-gateway VPN using Windows VPN connection wizard?
    Expert
    Expert
    Posts: 12,649
    Registered: ‎07-16-2006

    Re: Remote access to BEFVP41

    I post again to clarify a few things which I know about. I hope someone who knows about the routers and how many concurrent VPN connections you have will answer...

    1. Passthrough means the router is able to pass through VPN traffic, in particular the specific IP protocols for IPSec (ESP) or PPTP (GRE). That's all. It means you can run a VPN through the router but it won't terminate the tunnel. Moreover, the passthrough options become someone useless if you use NAT, i.e. you have a private IP subnet (e.g. 192.168.1.1) in your LAN which is the default setup. NAT and passthrough won't really work together as the VPN traffic guarantees unmodified packets while NAT has to modify them.

    2. QuickVPN is a Linksys client for IPSec tunnels. The router itself runs pure IPSec.

    3. SSL VPN is still another way to tunnel a VPN using an SSL connection between a client and a server.

    4. None of the three routers mentioned can be used with standard Windows PPTP or L2TP VPNs which are the only ones supported by the Windows VPN wizards.

    5. If you want wizard support you'll need a VPN router which has a PPTP or L2TP server. Passthrough is something different. As far as I know Linksys only has some routers with PPTP servers, e.g. the RV series.
    suncoastclaims
    Posts: 1
    Registered: ‎02-22-2010

    Remote VPN access to BEFVP41

    [ Edited ]

    I also have a Linksys BEFVP41 (2.1) and I'm trying to set up VPN access for mobile users on both Mac and Windows 7 laptops.

     

    I'm using it on a business DSL service and I've configured the DSL modem as pass-through and the Router as PPPoE receiving a static WAN IP address from my ISP. I can ping the public WAN IP Address from 3rd party internet connections, so I know it is visible.  Nomatter what permutation of settings I try with my VPN though, I am never able to establish a connection. There is close to ZERO documentation on doing PC->Router VPN links... it's all Router->Router so I have been very frustrated and unsure if what I'm wanting to do is even supported.  This is the first place I've been able to find substantive replies about what exactly the Router supports.

     

    I have tried to make IPSec connections to the BEF with a Mac OS computer, an iPhone, and Shrewsoft VPN Client on Windows 7.  None of them were able to connect to the Router.  I've carefully ensured all encryption and key life settings were the same on both ends of the VPN, to no avail.  What I wish I could find is documentation showing how to configure the BEF to receive even basic IPSec VPN connections, because not all of the VPN software clients I've seen offer encryption and key life settings like the router does.  Mac OS X's built in IPSec VPN Client for example, only allows you to enter a user name, password, and PSK.

     

    It sounds like Cisco's QuickVPN would make this really easy to solve.  However...

    • QuickVPN does not say it works with BEFVP41
    • Without a Cisco SMARTnet account there doesn't appear to be any way to obtain QuickVPN
    • If I have to buy a VPN client because there is no native OS support, I need to make sure that what I want to do is supported by the BEFVP41 and I don't need to be running additional network services or purchase more hardware.  Can I tunnel in directly to this router from a laptop running a cheap VPN software suite, and be "on the network?"

     

    -Chad

    Message Edited by suncoastclaims on 02-22-2010 09:34 AM
    Expert
    Expert
    Posts: 12,649
    Registered: ‎07-16-2006

    Re: Remote VPN access to BEFVP41

    1. Without knowing the exact VPN settings you have tried it's hard to say if they were correct or not.

    2. The BEFVP41 only supports native IPSec tunnels. So that's basically what you call "router-router". You can use a native IPSec client to connect.

    3. On Mac, I think people use IPSecuritas or simliar. You cannot use standard OSX for that (unless you really want to hack some configuration files with textedit).

    4. iPhone: not possible. Does not support plain, native IPSec connections.

    5. Shrewsoft VPN on Windows should work if I understand the web site correctly.

    6. Don't confuse L2TP/IPSec aka L2TP over IPSec with IPSec. You cannot use L2TP/IPSec to connect to the BEFVP41.

    7. The BEFVP41 does not support QuickVPN. You must use native IPSec clients.

    8. All OS support native IPSec. Just with OSX or WIndows it is not easy to configure. OSX requires text files to edit. WIndows has some well hidden MMC plugins to configure plain IPSec. (iPhone does not give you access to that anyway) Use of an additional software like IPSecuritas or Shrewsoft to configure IPSec tunnels is thus highly recommended.


    t_h_smith
    Posts: 1
    Registered: ‎01-07-2010

    Re: Remote VPN access to BEFVP41

    Hi,

     

    I have Windows XP Pro sp3 and BEFVP41 routers.  I have no problem with router-to-router VPN but want XP to BEFVP41 connections.  I have set up XP security policies using SECPOL.MSC and can establish a connection OK.  I can ping router, I can get into router webserver config, etc.  Everything works OK except the tunnel only lives 60 to 90 seconds.  I can UN-ASSIGN the secpol and immediately re-assign it and re-negotiate the tunnel which lives for another 60-90 seconds.

     

    I've tried with & without KEEP ALIVE on the BEFVP41, etc.

     

    Anyone know how to keep this alive?