You have a Linksys Etherfast Cable / DSL router and are having problems with:



You can also try the Linksys Support page and Tech Helper for the router, or contact Linksys support via one of the following methods:

 

Customer Support Phone:800-326-7114
949-261-1288
Fax:949-261-8868
Email:support@linksys.com

 


Open ports on WAN side (security issues)

Security warning! Please follow the User Guide’s instructions and change the admin pages’ password during your intitial setupThe admin HTTP server is accessible via the WAN side of the router by default.  If you don’t change the admin password to a strong password, you may find uninvited “guests” in your LAN’s computers.

To fix the above security problem, download and install the firmware update, if your router has firmware earlier than V1.22.  Upgrade instructions are in a ReadME doc that comes with the update.


Updated 9/3/01 Problems using PPPoE AND VPN

If you are trying to use either PPTP or IPsec tunnels over a PPPoE connection, you may have problems establishing a connection.  In some firmware versions there is a problem with the router’s ability to properly adjust the packet size for a connection that uses BOTH PPPoE and one of the VPN protocols.

Upgrading to version 1.39 or higher firmware will fix the packet size problem.  You then may need to forward ports to your VPN client, based on the type of VPN connection you are using.



Updated 9/23/00 
Using PPPoE


If you are having problems maintaining a PPPoE connection, try V1.35 or higher firmware.  See more firmware info on this page.

There’s also a Windows application you can try. Go here for more info.

Also see the PPPoE help information on this page.


NOTE: If you are using a PPPoE client like WinPOET or other similar programs supplied by your ISP, do the following:

  1. Upgrade to the V1.22 or higher firmware.

  2. Enable PPPoE on the router Setup page and enter your Username and Login information into the boxes provided on the router Setup page.

  3. Disable or remove any PPPoE client applications (WinPOET, Enternet, Access Manager) from your Client computers.

You now should be able to connect to the Internet and the router will take care of managing the PPPoE login.


Updated 2/24/01
Using PPTP (MS VPN)

NOTE: If you are using V1.30.5 or higher firmware, make sure you enable PPTP pass-through on the Filters Admin page.

PPTP is Microsoft’s protocol for Virtual Private Networks (VPN). If you have PPTP Clients on your LAN, you just need to enable PPTP pass-thru as noted above.  You also need to properly configure a VPN connection profile in each of your PPTP clients.

NOTE: Although multiple PPTP clients can be passed thru, only one PPTP client can connect per PPTP server.  (This is a common limitation for inexpensive NAT routers.)

Many users have reported problems accessing a PPTP server on the LAN side of the router from the Internet.  This problem was fixed as of the V1.23 firmware update, so just upgrade to the latest firmware if your firmware revision is lower than 1.23.

NOTE: No matter which version firmware you use, you will need to set the PPTP server computer as the DMZ computer and remove any Port 1723 forwarding.

You can find more general PPTP information on this page, and general VPN help on this page.



9/8/01 Using IPsec

NOTE: If you are using V1.30.5 or higher firmware, make sure you enable IPsec pass-through on the Filters Admin page.

IPSec support was added in 1.30.  We’ve received successful reports of the following IPSec clients working with the new firmware:

  • Checkpoint VPN-1 (see this link if you have problems)

  • Bay Networks Extranet

  • Redcreek Ravilin (with 1.23.4 firmware)

  • Cisco Altiga
    [no port forwarding. Set “allow NAT passthru” in Altiga client]

  • Cisco 3000 (use 1.39 firmware)

  • Netscreen-5e  VPN/Firewall appliance (Thnx Mike Johnson!)
    [Netscreen-Remote 5.02 client was able to use both manual keys (IPSEC) and preshared keying (IPSEC and IKE) to successfully negotiate a connection to a Netscreen-5e VPN appliance]

  • Symantec RaptorMobile VPN client 6.5.2


NOTE: We’ve also received a negative report for Redcreek RavlinSoft 3.40 NT and firmware versions 1.30 and 1.33 BETA. The symptom is that RavlinSoft fails to establish a SA; it looks like it does not receive the Radius response after the UserID and Password are entered.


Compatible Systems (now a part of Cisco) IntraPort VPN client, which is IPSec based, will work, even without IPsec forwarding turned on.

NOTE: The IntraPort client must be used with an IntraPort server. You can download at the IntraPort Client Reference Guide here (in PDF format), or find out more about the IntraPort product line here.

5/22/00 Try this if you’re having problems getting the IntraPort VPN working:

At first I couldn’t get VPN to work. I tried all sorts of things and no luck. I was able to watch packets go out through the router to the VPN server at our site, but no packets made it back through the router.

I actually started up a tech support call with Linksys when I decided to check the VPN client code to see if there was some sort of configuration switch that was obvious. Lucky me, there was exactly such a switch. It was labled “Use NAT Transparency Mode”. Since the router does NAT, it seemed like the thing to try. Turned it on, VPN circuit came up and runs fine.

8/2/00 Still having problems getting IPsec to work? Check this. General VPN help can be found on this page, including a link to a very complete Checkpoint Firewall-1 FAQ page.


Getting a stealth ShieldsUP report.

The Linksys responds to a port probe by replying with an “open” or “closed” status.  This reply (vs. not replying at all) keeps you from getting a “stealth” result from the ShieldsUp port probe test.

Although “stealth” isn’t a important as you might think (especially if you then are opening ports or using the DMZ mode for special applications… read this for more info), you can get a “stealth” report by using the DMZ feature and entering an IP address for a computer that doesn’t exist.  If you are using the built-in DHCP server, then use an address between 192.168.1.2 and 192.168.1.99 so that you don’t accidently collide with a DHCP served address.

Updated 4/6/00 The V1.22 firmware update adds a “Block WAN Request” Enable/Disable option. This is found on the bottom of the Filters page of the Router Admin pages (access it via the “Advanced” tab).  Here’s what the Help button description says:

This feature is designed to prevent users from attacking through the Internet. While enabled, the router will drop both the unaccepted TCP request and ICMP packets from the WAN side.  The hacker will not find the router by pinging the WAN IP address.


Using SSH

Info on ssh clients can be found on this page.

Here’s one reader’s report on using SSH with the router:

Flashed the latest firmware (1.22). It was shipped with 1.21.1. SSH connected through the router first time, no sweat. Using the F-Secure SSH 1 implementation. 3 key DES encryption.


Password visible in admin page source code security vulnerability

Earlier versions (1.36 for example) of Linksys router firmware embed the router admin password and PPPoE account information in plain text in the HTML code for the admin and password pages.  Access to the router’s LAN and a network “sniffer” are required for the vulnerability to be seen.  The vulnerability can be fixed by upgrading to the latest firmware.  See this SecurityFocus article for details.

Update 8/9/01- 1.39.3 BETA firmware fix available.