Most Popular Tutorials • Microsoft Vista Home Networking Setup and Options The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden. • Do It Yourself: Roll Your Own Network Cables It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy. • Tips for Securing Your Home Router Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
	Most Popular Reviews • Microsoft Windows Home Server If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server. • Iomega StorCenter Network Hard Drive Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price. • MikroTik's The Dude This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.

• Setup / Basic Functionality
• Firmware upgrades (including MacOs issues)
• Security, VPN/PPTP, PPPoE [This Page]
• Port Forwarding / Special Applications / Dynamic DNS / Logging

Security warning! Please follow the User Guide's instructions and change the admin pages' password during your intitial setup. The admin HTTP server is accessible via the WAN side of the router by default.  If you don't change the admin password to a strong password, you may find uninvited "guests" in your LAN's computers.

To fix the above security problem, download and install the firmware update, if your router has firmware earlier than V1.22.  Upgrade instructions are in a ReadME doc that comes with the update.  

If you are trying to use either PPTP or IPsec tunnels over a PPPoE connection, you may have problems establishing a connection.  In some firmware versions there is a problem with the router's ability to properly adjust the packet size for a connection that uses BOTH PPPoE and one of the VPN protocols.

Upgrading to version 1.39 or higher firmware will fix the packet size problem.  You then may need to forward ports to your VPN client, based on the type of VPN connection you are using.

If you are having problems maintaining a PPPoE connection, try V1.35 or higher firmware.  See more firmware info on this page.

There's also a Windows application you can try. Go here for more info.

Also see the PPPoE help information on this page.

NOTE: If you are using a PPPoE client like WinPOET or other similar programs supplied by your ISP, do the following:

1. Upgrade to the V1.22 or higher firmware.

2. Enable PPPoE on the router Setup page and enter your Username and Login information into the boxes provided on the router Setup page.

3. Disable or remove any PPPoE client applications (WinPOET, Enternet, Access Manager) from your Client computers.

You now should be able to connect to the Internet and the router will take care of managing the PPPoE login.

NOTE: If you are using V1.30.5 or higher firmware, make sure you enable PPTP pass-through on the Filters Admin page.

PPTP is Microsoft's protocol for Virtual Private Networks (VPN). If you have PPTP Clients on your LAN, you just need to enable PPTP pass-thru as noted above.  You also need to properly configure a VPN connection profile in each of your PPTP clients.

NOTE: Although multiple PPTP clients can be passed thru, only one PPTP client can connect per PPTP server.  (This is a common limitation for inexpensive NAT routers.)

Many users have reported problems accessing a PPTP server on the LAN side of the router from the Internet.  This problem was fixed as of the V1.23 firmware update, so just upgrade to the latest firmware if your firmware revision is lower than 1.23.

NOTE: No matter which version firmware you use, you will need to set the PPTP server computer as the DMZ computer and remove any Port 1723 forwarding.

You can find more general PPTP information on this page, and general VPN help on this page.

NOTE: If you are using V1.30.5 or higher firmware, make sure you enable IPsec pass-through on the Filters Admin page.

IPSec support was added in 1.30.  We've received successful reports of the following IPSec clients working with the new firmware:

• Checkpoint VPN-1 (see this link if you have problems)

• Bay Networks Extranet

• Redcreek Ravilin (with 1.23.4 firmware)

• Cisco Altiga
  [no port forwarding. Set "allow NAT passthru" in Altiga client]

• Cisco 3000 (use 1.39 firmware)

• Netscreen-5e  VPN/Firewall appliance (Thnx Mike Johnson!)
  [Netscreen-Remote 5.02 client was able to use both manual keys (IPSEC) and preshared keying (IPSEC and IKE) to successfully negotiate a connection to a Netscreen-5e VPN appliance]

• Symantec RaptorMobile VPN client 6.5.2

NOTE: We've also received a negative report for Redcreek RavlinSoft 3.40 NT and firmware versions 1.30 and 1.33 BETA. The symptom is that RavlinSoft fails to establish a SA; it looks like it does not receive the Radius response after the UserID and Password are entered.

Compatible Systems (now a part of Cisco) IntraPort VPN client, which is IPSec based, will work, even without IPsec forwarding turned on.

NOTE: The IntraPort client must be used with an IntraPort server. You can download at the IntraPort Client Reference Guide here (in PDF format), or find out more about the IntraPort product line here.

5/22/00 Try this if you're having problems getting the IntraPort VPN working: 

At first I couldn't get VPN to work. I tried all sorts of things and no luck. I was able to watch packets go out through the router to the VPN server at our site, but no packets made it back through the router.

I actually started up a tech support call with Linksys when I decided to check the VPN client code to see if there was some sort of configuration switch that was obvious. Lucky me, there was exactly such a switch. It was labled "Use NAT Transparency Mode". Since the router does NAT, it seemed like the thing to try. Turned it on, VPN circuit came up and runs fine.

8/2/00 Still having problems getting IPsec to work? Check this. General VPN help can be found on this page, including a link to a very complete Checkpoint Firewall-1 FAQ page.

The Linksys responds to a port probe by replying with an "open" or "closed" status.  This reply (vs. not replying at all) keeps you from getting a "stealth" result from the ShieldsUp port probe test.

Although "stealth" isn't a important as you might think (especially if you then are opening ports or using the DMZ mode for special applications... read this for more info), you can get a "stealth" report by using the DMZ feature and entering an IP address for a computer that doesn't exist.  If you are using the built-in DHCP server, then use an address between 192.168.1.2 and 192.168.1.99 so that you don't accidently collide with a DHCP served address.

Updated 4/6/00 The V1.22 firmware update adds a "Block WAN Request" Enable/Disable option. This is found on the bottom of the Filters page of the Router Admin pages (access it via the "Advanced" tab).  Here's what the Help button description says:

This feature is designed to prevent users from attacking through the Internet. While enabled, the router will drop both the unaccepted TCP request and ICMP packets from the WAN side.  The hacker will not find the router by pinging the WAN IP address.

Info on ssh clients can be found on this page.

Here's one reader's report on using SSH with the router:

Flashed the latest firmware (1.22). It was shipped with 1.21.1. SSH connected through the router first time, no sweat. Using the F-Secure SSH 1 implementation. 3 key DES encryption.

Earlier versions (1.36 for example) of Linksys router firmware embed the router admin password and PPPoE account information in plain text in the HTML code for the admin and password pages.  Access to the router's LAN and a network "sniffer" are required for the vulnerability to be seen.  The vulnerability can be fixed by upgrading to the latest firmware.  See this SecurityFocus article for details.

Update 8/9/01- 1.39.3 BETA firmware fix available.