I have an existing network setup that I inherited from my predecessor.
Currently there are two sites, each with a Linksys RV042
VPN router running the 1.3.12.19-tm
firmware. They are currently set up with a Gateway to Gateway VPN. One site has a static IP, the other has a Dynamic IP with a hostname set up on no-ip.com.
My company is looking to set up another site so I purchased another RV042 only this one was Cisco branded and it is running the latest firmware. I had assumed that I would be able to configure a vpn from our main office (the dynamic ip) to the new site with this router quite easily. However when I set up a new VPN tunnel on either device, it stays on Waiting for Connection and the Remote Gateway shows an ip address of 0.0.0.0
rather than the remote ip address.
The other VPN tunnel is still working and I don't see any obvious misconfiguration on the new router. It seems that the router is not resolving the Dynamic DNS address and therefore not giving me the option to connect the VPN.
Does a Gateway to Gateway VPN work with Dynamic IP addresses on each end?
Are the firmware versions not compatible?
Is there something I've missed?
Best Answer
Short answers: yes, no, yes.
(dynamic on both ends is fine. versions are compatible, you missed something. I've lost a LOT of hair setting up these things, it's easy to miss something!!)
I have a few (10?) of the RV042's set up at various locations, most without static IP's. [delete]I'm really surprised at the stability of these devices.[/delete] VPN's are a bit tricky-- so much so that I made a script that sets up the tunnels for me. If you miss just ONE setting it can make the tunnel not work, and you can stare at it for days and not see the tiny missing character or box that wasn't checked right.
The trick for dynamic-to-dynamic:
First set up dynamic dns and make sure it works. I'm using DynDNS. (go to Setup - DDNS in firmware 1.3.x, Setup - Dynamic DNS in 4.x)
Here are the important parts:
Click VPN. Click Gateway to Gateway. Give the tunnel any name- don't use spaces (earlier versions would fail with a space, I don't know if 4 does or not) Make sure the interface is a working WAN interface. In Remote gateway Security Type select Dynamic IP+Domain Name (FQDN) Authentication, the page will refresh. Enter the DNS name you configured for this end into Domain Name The IP Address and Subnet Mask are automatically filled in from your running configuration. Don't change them Under Remote Group Setup, select "IP Only" (it should be selected already based on your dynamic selection above) and then the next drop down from "IP Address" to "IP by DNS Resolved" Enter the remote dynamic dns name in the box to the right of "IP by DNS Resolved"
Now for the settings. I don't know if all of the options available actually work, but I do know that you'd better have them exactly the same at both ends. These are the settings I've found to work:
Advanced:
As soon as you try to send a packet between locations the tunnels should build. Good luck!
Jeremy
THE SCRIPT
You'll probably have to modify this to suit your needs. It expects 192.168.x.x subnets, and you'll need to be on windows, with IE working, and cscript operating normally. Script assumes < 4.x firmware-- not tested on 4.x at all.
Footnote, 8-10-2012: "I'm really surprised at the stability of these devices."
As I said, I had 10 of these in operation. After about 4 years, some will start to have "issues". So much so that I am not deploying them any longer. I need devices that last, reliably, for more than 4 years. 3 of the ten are absolutely unusable, and I expect the other 7 to start failing in time.