[nycbug-talk] Fwd: RE: need help asap, will pay, ms vpn client

George Georgalis george
Wed Mar 16 17:45:03 EST 2005 

Thanks much to George R's suggestion. Preliminary tests work: port
forwarding tcp 137,138,139,445 from gateway box to samba share box, on
private lan, works.

My preliminary was to do tcp only port forwarding of said ports to a box
behind it running samba. The client is not able to "browse" discover the
share, but if the (gateway) hostname, user and password (samba host)
is specified, the client can mount user homes from the samba server
through the firewall via tcp only (the protocol calls for tcp and udp
137,138,139).

This means, a roaming windows client can setup (putty) ssh -R tunnels to
a remote gateway which allows for smb connections from localhost to the
private smbserver. So the roaming client can specify, via "netuse" the
gateway as the location of their shares and mount the protected samba
share through the encrypted tunnel.

Details of that last paragraph no doubt need be revised... anyone with
ideas for the installation, please let me know, on or off list.

Below is the sum of an extended issue getting linksys vpn going...


----- Forwarded message from George Georgalis <george at galis.org> -----

Date: Tue, 15 Mar 2005 15:57:58 -0500
From: George Georgalis <george at galis.org>
To: members at list.nysa.org
Subject: RE: need help asap, will pay, ms vpn client


>Date: Thu, 3 Mar 2005 11:48:21 -0500
>From: "Cokorinos, Greg" <cokorgr at ffhsj.com>
>
>I know time is short but you want to might try using the Linksys QuickVPN client to connect to the RV042.
>ftp://ftp.linksys.com/pub/network/Linksys_QuickVPN_1028.exe
>
>QuickVPN setup is described in the RV082 user guide, the bigger sibling.
>ftp://ftp.linksys.com/pdf/rv082-ug-rev_C%20web.pdf
>
>I think QuickVPN will work on the RV042 too, since they run nearly the same imbedded linux firmware.


Greg, 

That was very good information. Prior to purchasing the RV042, I
researched the linksys website, various discussion lists and concluded
the RV042 provided the requirement (windows, et al remote vpn access)
and had no additional benefit than 8 lan ports vs 4.

The references to the Linksys_QuickVPN_1028.exe client has been elusive,
I've only seen it first in your email, and a search turned up discussion
postings where people where having (probably unrelated) trouble.  The
only place the vpn client is mentioned in linksys literature is the
RV082 user guide.

But the most valuable bit of information is page 54 (63 actual) of the
RV082 user guide pdf where it references the "VPN Client Access" sub tab
of the VPN tab settings options. In that setting screen is a "VPN Client
Users" dialog, where you can specify users/passwords etc for vpn access.


That subtle bit of instructions is the *only* place I've seen reference
to a major feature of the rv082 that sets it apart from the rv042 (aside
form the extra ports).


In all the product literature for the rv082 and rv042 they advertise
VPN capability, but nothing to differentiate the VPN features of
the two units. In a nutshell, roaming clients requiring vpn connect
to the rv042 must complete an extensive and difficult (error prone)
configuration. Which I was never able to successfully execute and you can
read here:

http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=207
Configuring IPSec between a Microsoft Windows 2000 or XP PC and a Linksys VPN Router

After asking many technical people about a solution, the answer has
always been you can use OpenVPN; but the rv042 should do fine for
dedicated hardware. Even when linksys technical support was contacted
by phone no indication that a client for (and only for) the rv082 was
available was made. The best information from linksys was, your VPN
appears setup correctly and we don't support the windows configuration.

Today, after studying the rv082 manual and determining it has a VPN
setting screen (VPN Client Users) not available with the rv042, which is
the solution to "idiot proof" vpn client setup (not that the clients are
idiots but they have better things to do than instructions above which I
could not complete successfully), I called technical support explained
the problem and posed the question why isn't this described in marketing
literature. I was then navigated to download the rv082 user guide to see
how the feature was described. :)

// George


>-----Original Message-----
>From: George Georgalis [mailto:george at galis.org]
>Sent: Tuesday, March 01, 2005 6:11 PM
>To: jobs at list.nysa.org
>Cc: members at list.nysa.org
>Subject: need help asap, will pay, ms vpn client
>
>
>I'm past urgency stage, an external audit is coming up and I must finish
>documentation in addition to other technical issues.
>
>...Connecting to the linksys rv042 vpn by ipsec has been
>elusive. Everybody consulted says it should work and/or be easy.
>
>I need help with determining the most simple, but reliable, documented
>procedure (for non techies) for configuring M$ clients to use the vpn
>tunnel to access a private lan. Bonus bucks for documenting the Linux
>procedure.
>
>The clients must access the private lan of the rv042 linksys router,
>from behind their standard isp nat firewall, on a dhcp ISP connection.
>(eg behind soho firewall on cablemodem).
>
>Already setup is some fancy routing to give privileged access to the lan
>side of the vpn device. So you can work from home and have both sides of
>the device at your disposal.
>
>You are free to use 3rd party software, such as this vpn client
>http://www.thegreenbow.com/vpn.html (trial license available) which we
>seem to be able to use to get 99% there, still having problems with
>finishing the tunnel.
>
>Needed it before last week. If you've done this before, and are
>interested in helping finish, please contact me off list with your
>terms.
>
>Thanks,
>// George
>

-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org

---------------------------------------------------------------------
To unsubscribe, e-mail: talk-unsubscribe at list.nysa.org
For additional commands, e-mail: talk-help at list.nysa.org


----- End forwarded message -----

-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org

More information about the talk mailing list