Can't get BEFSX41 VPN to work

Archived from groups: comp.dcom.vpn (More info?)

I replaced my Linksys BEFSR41 router with a BEFSX41 router. The router
is on the inside of my cable modem and I have a small network branched
off the router. I have the new one installed and everything seems to
work as expected - except the VPN.

I think I have the VPN stuff configured correctly but I can't connect
to it (from the WAN side). For testing/learning purposes, I'm trying
to connect using a Windows 2000 laptop, dialing out through a
separate phone connection (with the laptop disconnected from the LAN).

I'm getting error: "L2TP connection failed ... security layer
processing error..."

Question: do I have to use IPSec? The Linksys literature seems to
imply that this is required. They have a whole appendix on how to
create an IP Security policy but I'm not clear as to whether this
applies to the remote computer or to something else. And, when I
create the policy and apply it per their instructions, it screws up
the connection to my own LAN.

Another question: should I have "IPSec Passthrough", "PPTP
Passthrough" and "PPPOE Passthrough" enabled or disabled?

Help?
4 answers Last reply
More about befsx41 work
  1. Archived from groups: comp.dcom.vpn (More info?)

    Martin wrote:
    > I replaced my Linksys BEFSR41 router with a BEFSX41 router. The router
    > is on the inside of my cable modem and I have a small network branched
    > off the router. I have the new one installed and everything seems to
    > work as expected - except the VPN.
    >
    > I think I have the VPN stuff configured correctly but I can't connect
    > to it (from the WAN side). For testing/learning purposes, I'm trying
    > to connect using a Windows 2000 laptop, dialing out through a
    > separate phone connection (with the laptop disconnected from the LAN).
    >
    > I'm getting error: "L2TP connection failed ... security layer
    > processing error..."
    >
    > Question: do I have to use IPSec? The Linksys literature seems to
    > imply that this is required. They have a whole appendix on how to
    > create an IP Security policy but I'm not clear as to whether this
    > applies to the remote computer or to something else. And, when I
    > create the policy and apply it per their instructions, it screws up
    > the connection to my own LAN.
    >
    > Another question: should I have "IPSec Passthrough", "PPTP
    > Passthrough" and "PPPOE Passthrough" enabled or disabled?
    >
    > Help?
    >


    Well this is simple.

    BEFSX41 does not support L2TP.

    You imply that you read the instructions but it seems you did not
    comprehend them. Yes, with only Windows 2000 you need to create an
    IPSEC security policy to connect to this router remotely. You can also
    use a VPN client software product, there are a few different ones on the
    market and you will likely need to figure out the settings on your own
    since Linksys does not support that. Or you can get a second router and
    create a permanent connection between the two from one site to another.

    IPSec and PPTP passthrough are for using a client inside the router to
    make a connection to another separate router outside of your network.
    These options have nothing to do with connecting to your VPN router as a
    VPN endpoint, it only affects connections passing through the router
    where the router is not an endpoint in the VPN connection.

    --
    WARNING! Email address has been altered for spam resistance.
    Please remove the -deletethispart-. section before replying directly.
    Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
  2. Archived from groups: comp.dcom.vpn (More info?)

    Mike - Thanks for the response.
    >
    >BEFSX41 does not support L2TP.
    OK...

    >You imply that you read the instructions but it seems you did not
    >comprehend them.
    That is true.

    >Yes, with only Windows 2000 you need to create an
    >IPSEC security policy to connect to this router remotely.
    If I were to connect from an XP machine or one running NT would it be
    any different? Does the router "require" IPSec to be used? Could PPTP
    be used instead?

    > Or you can get a second router and
    >create a permanent connection between the two from one site to another.
    That is actually what I'm going to end up with. There are two small
    networks that I want to link together. But, right now, I'm just trying
    to get a connection established to test and learn from.

    >IPSec and PPTP passthrough are for using a client inside the router to
    >make a connection to another separate router outside of your network.
    >These options have nothing to do with connecting to your VPN router as a
    >VPN endpoint, it only affects connections passing through the router
    >where the router is not an endpoint in the VPN connection.
    Ok, I'm clear on that.

    FWIW, since I posted my original questions, I updated the firmware in
    the router. I didn't make a note of the old version number but now
    it's running version 1.50.18. The userinterface changed completely.
    After setting things up again (the update set everything back to
    factory defaults), the L2TP error went away only to be replaced by one
    telling me that the "domain couldn't accept a dial-up connection".
    Since there is no domain involved here, that has me kind of stumped.

    I guess I'll try activate the IPSec policy on the Win2K box and try
    things again.

    Any further advice you might be able to offer will be greatly
    appreciated.
  3. Archived from groups: comp.dcom.vpn (More info?)

    When you say you want to connect two networks, do you mean through two
    separate routers? Although I have not done it, I understand that connecting
    two BEFSX41s together is not too difficult. What I have done is to connect
    a remote computer to a network through a VPN using client software: SSH
    Sentinel v. 1.3.

    This website has instructions for configuring the client for the BEFVP41
    (which is pretty much the same as for the BEFSX41--I've done both):
    http://www.homenethelp.com/vpn/router-client-v13.asp. Here is a link to get
    a free, personal use version of the client:
    http://nts.wustl.edu/wireless/SSHSentinel1.3.2.2.exe. SSH no longer makes
    the software, so it is pretty much an orphan product.

    The only problem I had with the SSH Sentinel client was that it interfered
    with the wireless driver on one of my notebooks (a Sony with a Lan-Express
    internal wireless card). I have since disguarded the Linksys box in favor
    of a more expensive, heavier-duty Netgear one (the Linksys routers seemed to
    each give out after a year). At the same time, I have switched to the
    Netgear client, which is fairly cheap (it came with my router, or can be
    bought for about $40 for one license or $120 or so for 5).

    My understanding is that the built-in VPN capability of Windows 2000 and
    Windows XP is annoyingly difficult to set up, and only works with a static
    IP address--not too useful if you travel or have a dynamic IP.

    Paul


    "Martin" <martinvalley@comcast.net> wrote in message
    news:58n8t05v7m6jf94t5pjg8ut4egfe5l9sul@4ax.com...
    > Mike - Thanks for the response.
    >>
    >>BEFSX41 does not support L2TP.
    > OK...
    >
    >>You imply that you read the instructions but it seems you did not
    >>comprehend them.
    > That is true.
    >
    >>Yes, with only Windows 2000 you need to create an
    >>IPSEC security policy to connect to this router remotely.
    > If I were to connect from an XP machine or one running NT would it be
    > any different? Does the router "require" IPSec to be used? Could PPTP
    > be used instead?
    >
    >> Or you can get a second router and
    >>create a permanent connection between the two from one site to another.
    > That is actually what I'm going to end up with. There are two small
    > networks that I want to link together. But, right now, I'm just trying
    > to get a connection established to test and learn from.
    >
    >>IPSec and PPTP passthrough are for using a client inside the router to
    >>make a connection to another separate router outside of your network.
    >>These options have nothing to do with connecting to your VPN router as a
    >>VPN endpoint, it only affects connections passing through the router
    >>where the router is not an endpoint in the VPN connection.
    > Ok, I'm clear on that.
    >
    > FWIW, since I posted my original questions, I updated the firmware in
    > the router. I didn't make a note of the old version number but now
    > it's running version 1.50.18. The userinterface changed completely.
    > After setting things up again (the update set everything back to
    > factory defaults), the L2TP error went away only to be replaced by one
    > telling me that the "domain couldn't accept a dial-up connection".
    > Since there is no domain involved here, that has me kind of stumped.
    >
    > I guess I'll try activate the IPSec policy on the Win2K box and try
    > things again.
    >
    > Any further advice you might be able to offer will be greatly
    > appreciated.
  4. Archived from groups: comp.dcom.vpn (More info?)

    Hi Paul,

    >When you say you want to connect two networks, do you mean through two
    >separate routers? Although I have not done it, I understand that connecting
    >two BEFSX41s together is not too difficult. What I have done is to connect
    >a remote computer to a network through a VPN using client software: SSH
    >Sentinel v. 1.3.

    Do you need any special RAS server on LAN Windows computer? Or it is
    enough to open a bidirectional tunnel between BEFSX41 and a dedicated
    Windows XP? I have only one static address (the router's), all my
    local computers are DHCP-ed on 192.168.0.x. I'm aware I need at least
    to fix IP address on the dedicated server (unfortunately, BEF doesn't
    allow for it. Earlier I used IAS 690 for HIS and it allowed to assign
    IP addresses to MAC addresses centrally).


    >
    >This website has instructions for configuring the client for the BEFVP41
    >(which is pretty much the same as for the BEFSX41--I've done both):
    >http://www.homenethelp.com/vpn/router-client-v13.asp. Here is a link to get
    >a free, personal use version of the client:
    >http://nts.wustl.edu/wireless/SSHSentinel1.3.2.2.exe. SSH no longer makes
    >the software, so it is pretty much an orphan product.
    >
    How it is working? Is that something analogous to Dial-Up server in
    Windows 95 (would be perfect)? How many simultanous VPN connections
    can be established?

    Is it enough to pass-through only PPPoE via BEFSX and to disable IPSec
    and PPTP (I don't need to configure router-to-router networking)?

    Thanks a lot. If you are so pleased, just answer privately to
    leksem@leksem.com.pl (double "l" in my visible address is for
    anti-spaming).

    Cheers
    Tomek
Ask a new question

Read More

VPN Routers Connection Networking