Linksys BEFSX41 Problem

[TeddyTed]

YOSC, you may be able to answer this one since you've got a couple of these out in the field.


I've been experiencing some connection problems with a Linksys BEFSX41 router i've got set up at someone's house.
Every so often, the router seems to loose the IP address and she is unable to get out to the internet.

I've got one setup in her office as well and it's fine! The only difference is that the office has a DSL connection with Static IP.

I've double checked to settings on the setup interface and everyting seems fine.

To resolve the problem I usually just reset everything (the cable modem, the router and restart the machine) and that works. I just want to get it permanently resoslved because she monitors her office from home and can't continue to loose connection all the time.

I've spoken to Tech support and I can't seem to get the problem permanently resolved.


Facts:
Dell Laptop running WinXP Pro
Linksy BEFSX41
Toshiba Cable Modem (2250 i think)
ISP Earthlink
Cable provider Timewarner

Thanks for any suggestions

- TB

[monty]

I suggest simply replacing it with another one. The first one I bought seemed "dead" within a few minutes of use. When I returned it to Best Buy, I brought my laptop to make sure that the replacement worked OK before I left the store (I don't like 45-minute drives to return stuff).

I use a Motorola Surfboard 4200 with mine (using DHCP). Everything seems to work fine [knocks wood].

[YeOldeStonecat]

Only thing I can think of, is latest firmware. Cable doesn't have that "keep alive" function on the routers first setup page like a DSL setup has.

I'm curious if the drop is on the WAN side or the LAN side. Try going with a static IP setup on the LAN side.

http://www.speedguide.net/read_articles.php?id=177

[twwabw]

This has been a habitual problem with the VP41 and SX41 since they were introduced. Generally though- it happens when a VPN is setup between the 2 devices. You said "she monitors her office from home". Have you set up VPN's?

The problems with the Linky's happens when one or both use dynamic IP addresses. If you have tunnels set up between 2 fixed IP's- you don't have a problem (usually).

My problems were with 2 VP41's- exact same setup as yours- office static- remote home office dynamic. Every night, the units (both of them) would lose their WAN link. I scoured every forum and tried every firmware release, but after reading dozens and dozens of posts from users at DSL reports with the exact same problems- I gave up. The only "cure" was to deactivate the VPN tunnels. Now both devices, functioning as just N AT gateways are doing fine. These little $ 89.00 blue boxes are OK for soho NAT protection, but they have some real problems with VPN.

[TeddyTed]

YOSC,
I'm alomst 100% sure it's on the WAN side becasue when this hapens and I look at the setup interface on the router, the WAN IP would say 0.0.0.0.


twwabw,

I think you're right on this. I've got a Tunnel going from her home to the office.
The video surveillance connection to the office does not use the VPN tunnel. The tunnel is just for some other office stuff (like Peachtree etc).

Twwabw, so did you change your dynamic to static? Did that resolve your problem?
I'd rather doing that, than have to purchase new routers with better VPN capability.

Let me know...

Thanks Fellas !


- TB

[monty]

I see someone finally uploaded the 1.44.8 firmware: http://www.dslreports.com/forum/remark, ... ~mode=flat . It isn't on Linksys' site, as the latest one there is 1.44; my router came loaded with 1.44.3. That makes a lot of sense, huh? Anyway, the DDNS function supposedly works with 1.44.8. I'll try it when I get home.

[twwabw]

Originally posted by TeddyTed
Twwabw, so did you change your dynamic to static? Did that resolve your problem?

I'd rather doing that, than have to purchase new routers with better VPN capability.

- TB

No- nothing resolved it. Again, if you read others posts about these units- nothing fixes it, and Linksys backpedals and denies it. They blame it on everything in the world except their product. I simply reached a point of no return with them, and the client is no longer using VPN. As conventional NAT gateways with VPN disabled, they work fine.

Well... sort of. I just installed (2) more SOHO3 Sonic Walls last week, and both places reported how much faster and snappier even web browsing was. It truly is noticable.

No more Linkies for me in client applications.

[TeddyTed]

Thanks twwabw !

Hmmm.....Looks like I may have to change routers....
So basically you would recomend the SOHO3 Sonic Walls as one of the better routers for this type of situation, right?


- TB

[twwabw]

Well, everyone who reads my posts knows I'm biased towards SonicWalls. But, it's with good reason. Of all the units I have at client locations (and my own) I have not had any problems- ever. Their setup is simple and straight forward, albeit a little different than what what you may be used to. The management interface is web based and graphical, so you don't have to be a command line junkie like Cisco. And the level of control on them is incredible. VPN setups are straight forward, once you get used to them. Rock stable, and fast. Their tunnels just don't crach- ever! Firmware revisions come only after they make sure they work- that's quite a switch from Linksys who throws them out like confetti. Don't get me wrong- Linky's are OK devices for home routers. But they've really gotten over their heads I think with some of the features they are trying to cram into these 100 dollar boxes. Older units without some of the features of the new ones seemed to work quite well.

If you're using a Linky VPN for Peachtree, it must be painfully slow! The Linksys tunnels just crawl compared to the SW's.

As far as models go, the Tele, SOHO3, and Pro 100 are essentially the same unit performance wise. Theey are all based on the same processor, have the same memory, etc. My guess is the Pro 200 & 300 will be gone soon, in favor of the newer 230 & 330 series. They support some different features than the 200/300, and the model designations would indicate to me that these are on the way out. But, these are enterprise class models, suitable for hundreds of users, and not necessary for smaller networks.

The SOHO3's are bundled in several configurations, with the differences being number of users (10/25/50/unlimited) ; and whether it has VPN support or not. Also bundled are support options. Lan IP addresses determine connected users to a SonicWall. This also includes other devices, like access points and printers. There are ways around having these devices count against the tally, but basically you need node support for every PC and server on the network, then add them up.

YOSC has used some of these recently too, and is impressed my them. It's hard not to be.

[YeOldeStonecat]

Originally posted by TeddyTed
[BTwwabw, so did you change your dynamic to static? Did that resolve your problem?
I'd rather doing that, than have to purchase new routers with better VPN capability.]

I have one client setup with the BEFSX routers with a VPN tunnel in between them, both ends are static IP DSL accounts. It doesn't have the dropping problem at all, they use it for file transfers and browsing of files kept at the main office server. It was just to test to see if a VPN would benefit them in any way (architect firm), after a year it has, and they are upgrading to higher speed DSL and Sonicwalls because now they feel they really use it and depend on it, and want higher performance. Only reason he's upgrading to Sonics is the higher performance/throughput of the tunnel...much faster CPU on the Sonic, and more RAM. The Linksys provide "OK" performance for browsing and file transfers, but not enough speed to run any application through...the guy has tried to run an Access database through the tunnel...no luck. Yet I recently setup a WAN of several satellite offices connected to a main office across DSL with 4 Sonicwall SOHO3's after TWW's suggestion. Those are so much quicker, it's unbelievable the difference. I have MS Outlook running from every satellite office through the VPN tunnel to the Exchange server at the main office. A dozen or so instances of Outlook connecting through the tunnels all at once? I wouldn't even attempt a single instance of Outlook connecting through a Linksys.

A coworker of mine has a client that's a little music shop, with two locations. Both ends also have fixed IP business grade DSL accounts. He's also using the BEFSX41's. Runs a point of sale software from the remote site to the main site, through Terminal Server. In that aspect, the little Linky's are doing well..as terminal server needs little bandwidth available.

So two locations I'm aware of, both instances have static PPPoE DSL accounts on both ends, and the SX routers do the job OK...not a ball of fire, from my experience the Sonics are far superior in their performance, and capabilities and features. But I have to say the Linky's are maintaining the connection.

If you're trying to run an application through the tunnel though (Peachtree)...wow....that must run pokey. Either find a way to terminal server that (if there's a 2K server at the office..there ya go...it's already there), kick up to Sonics and enjoy the throughput increase.

[TeddyTed]

If you're using a Linky VPN for Peachtree, it must be painfully slow! The Linksys tunnels just crawl compared to the SW's.

Actually...., it is kinda slow but, it's not thaat bad...
But then again, I can't be much of a judge since the only tunnels I've setup is with this type of router.

I have one client setup with the BEFSX routers with a VPN tunnel in between them, both ends are static IP DSL accounts. It doesn't have the dropping problem at all, they use it for file transfers and browsing of files kept at the main office server.

I'm tempted to use a static IP at her house and see if i get the result YOSC got with the above client.

A coworker of mine has a client that's a little music shop, with two locations. Both ends also have fixed IP business grade DSL accounts. He's also using the BEFSX41's. Runs a point of sale software from the remote site to the main site, through Terminal Server. In that aspect, the little Linky's are doing well..as terminal server needs little bandwidth available.

I will run a test with Terminal Server and see how that works out.

I'd love to just upgrade to the Sonicwall SOHO3's but, I'm not sure how happy the client would be about the price. She probably won't mind but i just feel bad when i have to cause her to spend a lot of money.

Oh well....



Anyway, thanks a whole lot fellas !!!
You guys are terrific.. keep up the good work !

[YeOldeStonecat]

Originally posted by TeddyTed
I'd love to just upgrade to the Sonicwall SOHO3's but, I'm not sure how happy the client would be about the price. She probably won't mind but i just feel bad when i have to cause her to spend a lot of money.

Well, propose it to her. I say this all the time with computers, as well as everything in life..."You get what you pay for!". The little blue Linkies are entry level routers for the average home user. Two of those routers doing a VPN is a 120 dollar solution that performs like a 120 dollar solution. A pair of Sonicwalls is a 1200 dollar solution, and performs accordingly so.

Which one is better for you depends on:
1) What you intend to do with your VPN/How use
2) What you expect from your VPN performance and stability wise.

Do you want to go elephant hunting with a BB gun?

I can say the setup I did with the SX models....was pretty much a trial run, they wanted to test the waters with a VPN to see if it would end up working for them, plus they needed Windows Messenger to work (UPnP). So it was minimum investment to "try it out". Now that they like it (the VPN), they're gonna move to Sonicwalls, which don't support UPnP , so "by by" messenger, but the VPN is more important to them.

My co-worked that also ran the SX VPN for his client, a DOS applictation ran painfully slow through the VPN. He tried running the DOS point of sale app using PcAnywhere through the VPN...still, too slow. He said they were coming out with a Windows version, which they did, so they upgraded to that. Wouldn't even run through the VPN...took like a half hour to launch. I said to try the Sonicwalls, it would most likely run it...but they wouldn't spend the $. So he launched TS on their server, it runs fine there. So that ended up resolving his problem.

[TeddyTed]

Another quick question .... this is unrelated ,

What do you guys think about PC Anywhere - in terms of security?
I use PC Anywhere to access the server and i'm always nervous about security. The host is always running.
I've got encryption turned on etc.. but I'm just always nervous about security in general.


Thanks,

-TB

[YeOldeStonecat]

Well, the best way is to use PcA through a VPN...since that leaves nothing open, and a VPN is quite secure.

But there are many instances where have clients that have just plain NAT routers, no VPN, and I leave PcA host running all the time. Less secure? Yes. But...you can take measures to tighten it up.

1) Use a good PcAnywhere username and password account...don't let it just accept "anyone", but only from "Users" you add to the user list. And choose a decent username and password...good strong password with characters and numbers as well as letters. Also have PCAnywhere Encryption set to reject remotes not set to it.

2) Hopefully run the host on "NT" based only systems, not Win9X systems. Reason...have the workstations always locked, and have PcA "lock workstation" after session, or abnormal end of session. This way, once you log into PcA...you're faced with an NT workstation logon...and make that workstation account good, NOT something like "Administrator" with a blank password. But rather a good username and once again a good strong password.

3) Run PcAnywhere on non-default ports. PcA "out of the box" will run on ports 5631 and 5632. I always change those to non-standard ports. 5641/5642, or 5652/5652, can go up from there...notice the increments of "10". You know how easy it is to sit on broadband, and have PcA scan your entire neighborhood/node for PcA hosts just waiting there? Naturally you have to specify the "remote" part to use the matching ports.

Those are some of my tips....Cyberskye and TWW are also big time PcA users, and will surely add some good points.

[twwabw]

pcAnywhere is great- as far as security, it is relatively secure as long as

a- you force encryption, and deny lower level

b- set bad login attempts to a reasonable number (3 or 4) and tell it to not accept connections for a period of time when the bad login no. is exceeded.

c- use lengthy login names and passwords, forcing case sensitivity, and make them both VERY difficult. (can be construed as a joke if someone REALLY wants in, as I believe they are transmitted clear text )

d- change default port numbers- don't use standard 5631,32. Assign something like 45330,31. Security by obsucirity is not anything to bet the farm on, but it will deter port scanners from seeing it on a quick scan. PCA is usually on most scanners default lists, and set up as 5631,32.

The BEST way to run pcAnywhere is through a VPN tunnel. Leave no WAN port service running. You can then initiate the tunnel, and browse for ALL waiting lan hosts. Yes- they will ALL appear! You can have an entire LAN running the host behind a firewall, and all waiting hosts will appear in your pick list. It's really the best way. I love PCA, and make 80% of my living using it. But, you are correct in being concerned about setting it up correctly.

[YeOldeStonecat]

LOL...we both posted at the same time!

[twwabw]

Originally posted by YeOldeStonecat
Well, the best way is to use PcA through a VPN...since that leaves nothing open, and a VPN is quite secure.

There must be an echo in here! We posted at the same exact minute.

[twwabw]

Originally posted by YeOldeStonecat
LOL...we both posted at the same time!

did it again!!!!

[TeddyTed]

Thanks again for the advice Fellas !!!!

I've got a tremendous amount of faith in you guys...

- TB

[TeddyTed]

Hey Fellas,

I'm almost set with purchasing the Sonicwall SOHO3's. Howevever, I'm curious if my bandwith should be taken into consideration - compared to what you guys have setup for your clients.

Here are the current connection speeds:


Office Connection:
Verizon DSL w/ static IP
768Kbps / 768Kbps

Home Connection:
Earthlink cable (which I will change to DSL w/ staic IP)
2Mbps down/ 384 up


I'm consdering using the same type connection in her home as in the office.
What would you guys consider optimal ?


Oh ! What do you guys think about this little guy? http://www.cdw.com/shop/products/default.asp?EDC=340638

A bit more info:
http://www.cdw.com/shop/tools/compare/r ... EDC=422847


Thanks,

- TB

[YeOldeStonecat]

What you want to focus on, is the weakest link in the chain. That's your bottleneck...doesn't matter what your download is, the main office can only upload as fast as it's upload. In this case, it's your 384 up...which IMHO is pretty good. That's what I have my DSL VPN setup on in the setup I have for my client. Main office has a 6,000/384 DSL account. All others satellite offices are the standard 1500/128. 4x satellite offices connected to that main office...all with static IP's...performing quite well. That 384 upload is adequate to split to the 4x satellites.

[TeddyTed]

Cool......

So what's your opinion on the little Cisco box??
http://www.cdw.com/shop/products/default.asp?EDC=340638

My partner just purchased one to setup at his client's office but the hasn't installed it as yet.
Any experience with this device?



Thanks,
- TB

[qball15j]

Thanks to twwabw and YeOldeStonecat for their great information in this thread. I've been working on setting up a few test VPN servers for remote administration and some file sharing. Your posts are much appreciated.

[TeddyTed]

Yeah! these guys are definitely very resourceful !!!