Ben Scott wrote: > On Thu, Oct 1, 2009 at 4:59 PM, Alex Hewitt <hewitt_t...@comcast.net> wrote: >> If the router doesn't know the time .. then the VPN >> connection might not work. > > Quite possible. If it's using X.509 certificates (like SSL does), > one can specify effective and expiration dates in the certificate. If > they are set, and the LinkSys box is checking them, having the wrong > time will likely cause it to conclude its certificate is invalid. > > Any idea what protocols the LinkSys is using? IPsec? IKE? SSL/TLS? > X.509?
It's definitely using IKE. > >> Does anyone have any ideas? > > (1) Check for a firmware update. I downloaded and installed the most current firmware they had available. > > (2) Look for a way to set the clock manually (no time server). > Didn't see any way to do this. They only seem to allow the user to set the time zone. > (3) Set up a DHCP reservation on the WAN side for the LinkSys box, > and give an NTP server in the DHCP options, in the hope that time is > actually the problem, and the LinkSys box will listen. The Comcast cable modem can do NAT (turned off) and is currently using a static address which can be used on the Linksys router. I was thinking about calling Comcast and asking them if they would set up the cable modem to pass any incoming traffic to the DHCP supplied address that the Linksys router would get if it requests one via DHCP. In effect the Linksys router would then receive incoming connection requests but could still use a dynamically obtained IP addess since that seems to work. > > Beyond that, you're at the mercy of the vendor. Which leads me to: > > (4) I've never heard anything good about SOHO+VPN scenarios. > > Which in turn leads me to: > > (4)(a) Throw out the SOHO crap and buy a real VPN appliance. > > (4)(b) Grab a couple PCs, install Linux and OpenVPN, and use that. All of the above would be preferable. The off-shore support is weak to put it mildly. They desperately want to get you off the phone and will suggest things (like today - reset the router) which will break the chat session you have going with them and delay getting the thing working. I would love to put in a couple of Linux boxes (one at each end) and use OpenVPN. Their capabilities would be vastly improved. -Alex > > Again: SOHO stuff has its uses. I had a LinkSys router+WAP+switch > at home, and was happy with it. Their products are appropriate for > home use, and I recommend them for that. If you're running a real > business on them, you're crazy. :) > > -- Ben > _______________________________________________ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/