Dear all, A month ago, we discovered a bug in the VPN Server module of the Linksys EtherFast BEFVP41 Cable/DSL VPN Router. Here's the detailed email we sent to Linksys Tech Support: **** Begin Email **** Dear Support @ Linksys, We recently heard about your BEFVP41 and thought we'd try it out as we liked the BEFSR41. Our corporate office uses a SonicWALL Pro 200 on a T-1 line. Anyway, I tried setting up a manual key entry on both the Pro 200 and the BEFVP41, but the key lengths on the BEFVP41 appear to be WAY off. Just to give you an idea, the SonicWALL approved the following 3DES/MD5 keys: Encryption: 80C4DAFD9AFC3D7AB57079E19DEBFFF43538A62 039768D74 Authentication: 32EA72F58D7F1E063E14A3FF78131172 But the BEFVP41 truncates the keys to: Encryption: 80C4DAFD9AFC3D7AB57079E Authentication: 32EA72F58D7F1E063E1 This happens even when I've selected 3DES encryption and MD5 authentication on the BEFVP41. SonicWALL's manual for configuring the VPN clearly states: "The DES and ARCFour Keys must be exactly 16 characters long and are comprised of hexadecimal characters. Triple DES Keys are 48 characters long."..."The AH key must be exactly 32 characters long, if MD5 is used, and is comprised of hexadecimal characters" whereas your manual states on page 22, "up to 23 alphanumeric characters are allowed to create this key", yet as you'll see above, the authentication string actually is restricted to 19 characters. What's going on? Do you expect people to convert between base 16 (hexadecimal) and base 36 (alphanumeric)? *** End Email *** BTW, the end question re: base 36 (alphanumeric was because their GUI and manual didn't explain whether the information has to be entered in base 2, base 10, base 16, or base 36 - the VPN Server configuration screen seems to use both base 10 and base 36. Documentation for the product is rather utilitarian... Anyway, I received an email shortly thereafter stating that they were escalating the problem to level 2 support. On 2/11, I received the following message from a Senior Product Support Representative at Linksys (I've chosen to withhold his name to prevent Loshen Hora): **** Begin Email **** Dear Valued Linksys Customer: Thank you for contacting Linksys Customer Support. We will attempt to address this in the next firmware release. If you have further questions, please contact us at (800) 326-7114 or reply to this e-mail so that we may further assist you **** End Email *** My reply to the Senior Product Support Representative at Linksys: **** Begin Email **** You're kidding, right? Are you telling me that Linksys didn't use the proper IPSec keying methods in the design of the BEFVP41 when it says right on the box "Full IPSec Virtual Private Network (VPN) Capability" and that it is compatible with the SonicWALL Tele2 (which uses the same keying scheme)? When is this firmware update coming? PS - Out of curiosity, will I be receiving credit for finding this flaw? (Poster's note: okay, okay...so my interest in fame got the better of me...) **** End Email **** The reply from the Senior Product Support Representative at Linksys: **** Begin Email **** Thank you for contacting Linksys Customer Support. Well sir it does work when you use IKE, which is much more secure than manual keying. Unfortunately sir bugs do happen in a product that hasn't been out on the market for more than a couple of months. I apologize for any inconvenience that this has caused you, but Linksys does not issue credit. If you have further questions, please contact us at (800) 326-7114 or reply to this e-mail so that we may further assist you **** End Email **** That last email was sent to my on 2/12. It's now about a month later and there has not been a new firmware update for the BEFVP41 yet on the web site. Just a FYI for y'all. - Phil