Linksys routers can be such fun. Well, OK, maybe I'm a little
unfair: all routers can be "fun". But Linksys just has that "I'm
cheap and I'm going to mess up your day" smell.
So when I arrived to configure a new VPN connection for
a branch store yesterday, I was not overjoyed that I found a
box proudly announcing that its contents were a "Cisco Linksys RV042 10/100 4-Port VPN Router".
Oh well. My mood wasn't improved when the resident tech guy
told me that he didn't want any "cookies" to get on his machines.
Obviously I'd be dealing with a high tech wizard. Oh joy.
The "cookie" guy was there to physically install the router. Fine,
have at it, Tech Whiz. He showed me where he had mounted Verizon's
DSL router and started drilling mounting screws near it. I wandered
back to the front of the store to wait.
A few minutes later he poked his head out an announced that the
router was installed. I repaired the network connection on the front
PC and got a 192.168.1.x address. Good. I had the paperwork from
Verizon with the static IP info, so this part would be easy. Oh,
but Tech Whiz warned me that he needed to install a DSL filter for
the fax line. Why are you warning me, I wondered silently, that shouldn't
interrupt me. Oh well.. I programmed the router for the static IP and we
had Internet access. Great so far.
OK, next question. What's the ip for the router we're going to
have the VPN with? Tech Whiz pointed at the paperwork I had from
Verizon. No, I said, that's THIS router. He shook his head up
and down like a bobble doll. Yes, yes, it's the same address.
I had to take a deep breath. I've been warned that Tech Whiz is
related to the owner of the company. "It can't be the same address",
I said, as pleasantly as I could manage.
"Why not?", he asked.
Now there's a great question. I started to open my mouth and
then closed it again. I looked at him and considered my options.
These included saluting him smartly and walking out the door, never
to be seen again and throwing my arms in the air while screaming "Omigod-somebody-get-this-idiot-out-of-here". I instead went for the "I'm talking
to a child" approach.
"Each store needs to have a unique IP address". Daddy will give you
a lollipop later if you'll just go play quietly while I do this.
Fortunately at that moment the guy who had hired me for this called
from the main store. He was there for other reasons, but I could
get the router info from him. Tech Whiz headed back to install his
My guy set the main router to allow me remote access and moments later
I was in and able to start configuring that end of the VPN. Great, this
is almost done.
And then everything stopped.
No connection to the other router, no internet, all dead.
We rebooted the router and the modem. No luck. We powered it
all off. Nothing. We called Verizon.
"They say there's some problem in Boston". That from a recorded
announcement. Oh, great. Good timing. I twiddled my thumbs
and we waited. And waited.
I went back to the router. Tech Whiz showed me that the DSL
modem had lights. "Yes", I agreed, "but nothing on the Internet LED."
"I don't think that one ever goes on", he offered.
I sighed. He was still waiting for a Verizon tech. I went
back up front and waited.
Now really, I should have known what was coming. After all,
I'd had fair warning with the dangerous cookies and the ip addresses
being the same. Actually, he had even warned me himself..
He had come out and informed me that the line should be up
now. It was. I asked what was wrong, but I had guessed the
answer before I asked.
Yes, Tech Whiz had managed to insert the DSL filter right into
the main circuit. Don't ask why, because I certainly didn't. The Verizon tech
guy probably had a good laugh, but at least we were working again.
I finished up programming the VPN's and hit the "Connect" button.
Hmmm. No connection. I checked the log and found this:
Dynamic VPN client in Main Mode is only supported for Microsoft
VPN client, please use Aggressive mode instead.
That made no sense. This was a router to router VPN and both sides
were static IP's. But since they said "please", I changed to
Aggressive mode. This gave me a new error:
Initial Aggressive Mode message from 70.xyz.xyz.xyz but no (wildcard)
connection has been configured
OK, this is not working. I noticed that the routers were at different
firmware levels. Mine was v184.108.40.206, the one at the main store was
v220.127.116.11. We decided to upgrade. I asked the guy at the main store
to do his and I'd do mine. The Linksys site showed that the newest
available was 18.104.22.168-tm, so that's what we both used.
And that's where things got nasty.
After upgrading the firmware, I could no longer access the other
router. Everything was fine, it was enabled for remote access, but
no response. We tried it in the opposite direction too, but he
couldn't reach me. The VPN's still didn't work and gave the same
Tech Whiz was getting excited. "Isn't it time to call Linksys?",
Yeah, I guess so.. I HATE doing that because I know that I've
done nothing wrong - the routers are set correctly. I even know
what they are going to tell me to do, but I guess it's better
if they tell me because Tech Whiz isn't going to like it.
What they'll want to do is a hard reset. Stick the paper clip
in and hold it until the lights flash. Total wipeout and reset
of both routers. The reason Tech Whiz won't like that is that
there are already other VPN's programmed in the main router. We'll
lose them and they'll have to be redone. Probably the third router
will have to be redone also. This is drastic. I don't like it,
but I know that's what they'll say.
And of course I was right. I called Linksys and explained the
situation to date. I went over the configs with a pleasant tech
who confirmed that yes, I had everything programmed correctly.
Do a hard reset and reprogram, she said. Of course.
So we did. I did my side and I led my guy through the other
end. Instants later, we had a working VPN. I asked Tech Whiz
about the third store. Turns out that that wasn't working anyway..
so no real loss.
But this was not the end of my fun. The purpose of the VPN
was to access a Terminal Server. I tried the connection and was
refused. This wasn't the VPN's fault: I could ping the server and
even map shared drives from it, but I couldn't connect with RDP. I
asked if TS was enabled and licensed.
"I bought 10 CALS", Tech Whiz said. OK, but did you buy Terminal
Server licenses? Blank stare. I brought up the Microsoft
Licensing Terminal Server in Windows Server 2003 R2 page which
In addition to a server license, a Windows Server Client Access
License (CAL) is required. If you wish to conduct a Windows session,
an incremental Terminal Server Client Access License (TS CAL) is
required as well.
More blank stares. I got my guy on the phone and he said he'd take
it from here. I breathed a long sigh of relief and headed for my car.
I sure hope the poor guy doesn't get any cookies.
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Anthony Lawrence
Find me on Google+
© 2012-07-11 Anthony Lawrence