Problem with Remote Access

[Basharat Javaid]

Hi, Folks;

After spending two days and two sleepless nights trying to establish
connection between my office & home computers by referring to 3 Windows XP
Pro books (Mastering Windows XP Pro, XP Pro Inside Out and XP Pro Networking
Inside Out!) without success, I come to you folks for help.

Here is the background: both computers are Pentium 4 and have Windows XP
Pro. The office computer uses DSL line and the home computer uses Cable to
connect to the Internet. Both computers are on separate LANs created
through Routers) - i.e. the office has its own LAN and the home has its own
LAN.

Both the DSL & Cable ISPs do not have fixed IP addresses and obtain them
automatically. Since an IP address is required to establish a remote
connection via the Internet, I obtained the IP address of the Host computer
by going to: Start => Settings (or Control Panel) => Network Connections =>
Local Area Connection => Support tab which has the TCP/IP settings with IP
address of the 192.168.xxx.yyy.

When trying to establish a connection, I get the error message:

Error 800: Unable to establish VPN connection. The VPN server may be
unreachable or Security parameters may not be configured properly for this
connection.

Where and What could I have configured incorrectly!?

When I look at the Options tab under "Properties" of the Connection dialog
box, I see dialing and redialing etc - but I don't have the dial up
connection and I selected the create "VPN" connection!

Is there any concise write up on how to establish a connection for my setup?

Thank you for your help.

 

[Sooner Al]

If your trying this with the XP PPTP VPN then a couple of things are needed.

1. You need to forward/open TCP Port 1723 through the router to the private IP on the target PC.
Also, GRE Protocol 47 has to be opened/forwarded. Some routers call that "PPTP Pass Through".
Consult the router documentation and/or contact the network administrators for help with this.

2. Look at using one of the dynamic DNS services that map a fully qualified domain name to the DHCP
assigned IP address. Typically a small program runs on the PC and contacts the dynamic DNS services
server on a periodic basis. The IP is mapped to the name and that information is propagated over the
public internet. Call using the fully qualified domain name. I use a *FREE* service from No-IP.com

http://www.no-ip.com

Others, some free some $$$$, are listed here...

http://www.remotenetworktechnology.com/ow.asp?Remote_Network_Home/Connections

For help setting up both the XP VPN server and client look at these pages...

http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm

 

[Jeff]

You need to setup a VPN between your computer at home and
the router at work. The IP address on your computer at
work is not a public IP address. It is used to setup LANs
and it is not visible from outside your office. You need
to get the IP address of the router, then setup a VPN with
the router.

 

[Basharat Javaid]

Hi, Al.

As to your suggestions in #1 - that is all foreign to me but I will work on
learning it. Also, I am the network administrator as well as being the
janitor, coffee maker, filing clerk and the CEO. I am all I've got.

I tried the no-ip.com's free software, created two different hostnames - one
each for the home & office computer but could not access either computer
from either location!? I sent a question to the no-ip.com's tech support
and see what they say.

An observation & a question:
My home network has two computers connected via a router - although LAN IP
addresses on the two computers are different, the WAN IP addresses the two
computers are the same (WAN IPs obtained by connecting to the router's url
192.xxx.y.z and clicking on Status tab).

The situation is the same with the three network computers at the office.

Question:
If and when I do connect to one of my networks remotely how would the
"remote access" setting will allow me to connect to computer A vs computer
B - since both have the same WAN IPs?

There is a simple solution to this dilemma - pay someone to configure for
this. But I have this masochistic need to learn "how things work" and try
to make them work myself.



Basharat.

If your trying this with the XP PPTP VPN then a couple of things are needed.

1. You need to forward/open TCP Port 1723 through the router to the private IP on the target PC.
Also, GRE Protocol 47 has to be opened/forwarded. Some routers call that "PPTP Pass Through".
Consult the router documentation and/or contact the network administrators for help with this.

2. Look at using one of the dynamic DNS services that map a fully

qualified domain name to the DHCP

assigned IP address. Typically a small program runs on the PC and contacts the dynamic DNS services
server on a periodic basis. The IP is mapped to the name and that

information is propagated over the

public internet. Call using the fully qualified domain name. I use a *FREE* service from No-IP.com

http://www.no-ip.com

Others, some free some $$$$, are listed here...

http://www.remotenetworktechnology.com/ow.asp?Remote_Network_Home/Conn
ections

For help setting up both the XP VPN server and client look at these pages...

http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm

 

[Basharat Javaid]

Jeff:

From what I have learned over the past few days is that the routers made by
a manufacturer have the same IP address - at least it is true for the
routers I have. At home I have an SMC's router and it's IP address is
192.168.x.z. At office, I have a Linksys' router and its IP address is
192.168.y.z. (the only difference between the two is number "x").

Are you referring to these 192.168... IPs or do you mean WAN IPs (which are
obtained by connecting to the router's url 192.168.x.z and clicking on
Status tab)?

Once I know which IPs to use, how do I set up a VPN? No doubt I will be
reading up on it.

Thanks for the help.



Basharat.

 

[Basharat Javaid]

Ok, I did some reading on VPN and configuring Win XP to act as VPN server.

When I got to the "Devices for Incoming Connection" screen, I only see
Direct Parallel (LPT1) as the only available device. Since I use a cable
modem to connect to internet, should I not see my Cable modem as one of the
devices available?

It looks like I am getting there, slowly but surely (no quite).


Basharat.

 

[Sooner Al]

Look at this page for help setting up the VPN server.

http://www.onecomputerguy.com/networking/xp_vpn_server.htm

You can see how I did this on my home LAN here. Ignore the parts about the PocketPC.

http://www.oecadvantage.net/ajarvi/PpcVPN.html

 

[Sooner Al]

You still need to forward/open TCP Port 1723 and GRE Protocol 47 (PPTP Pass Through) on the routers
in order to establish a PPTP VPN link. What routers are you using? With that information, perhaps
someone can help...

You would call the remote system using the alias created with your no-ip account, not the private
LAN IPs, ie. the IPs in the 192.168.X.X range.

--
Al

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...Unsolicited personal emails are *NOT* answered.

Hi, Al.

As to your suggestions in #1 - that is all foreign to me but I will work on
learning it. Also, I am the network administrator as well as being the
janitor, coffee maker, filing clerk and the CEO. I am all I've got.

I tried the no-ip.com's free software, created two different hostnames - one
each for the home & office computer but could not access either computer
from either location!? I sent a question to the no-ip.com's tech support
and see what they say.

An observation & a question:
My home network has two computers connected via a router - although LAN IP
addresses on the two computers are different, the WAN IP addresses the two
computers are the same (WAN IPs obtained by connecting to the router's url
192.xxx.y.z and clicking on Status tab).

The situation is the same with the three network computers at the office.

Question:
If and when I do connect to one of my networks remotely how would the
"remote access" setting will allow me to connect to computer A vs computer
B - since both have the same WAN IPs?

There is a simple solution to this dilemma - pay someone to configure for
this. But I have this masochistic need to learn "how things work" and try
to make them work myself.



Basharat.

If your trying this with the XP PPTP VPN then a couple of things are needed.

1. You need to forward/open TCP Port 1723 through the router to the private IP on the target PC.
Also, GRE Protocol 47 has to be opened/forwarded. Some routers call that "PPTP Pass Through".
Consult the router documentation and/or contact the network administrators for help with this.

2. Look at using one of the dynamic DNS services that map a fully

qualified domain name to the DHCP

assigned IP address. Typically a small program runs on the PC and contacts the dynamic DNS services
server on a periodic basis. The IP is mapped to the name and that

information is propagated over the

 

[Erik Englund]

That IP address is for YOUR computer. What you need is
the IP address of you cable modem. Go to your router
setting and look up the IP address of the WAN port. Also
set up to forward port 3389 to your computers IP address.

 

[Basharat A. Javaid]

I am using Linksys BEFSR81 (8 port) and SMC 7004ABR (4 port) routers .

Indeed, I am using the alias I created with the no-ip.com (and not
192.168...) and my alias hostname shows up under the Hosts part of the
no-ip.com's DNS update software screen when I click on the no-ip icon in my
notification(system) tray in the Taskbar.

I guess I need to work on "....need to forward/open TCP Port 1723 and GRE
Protocol 47 (PPTP Pass Through) on the routers ....".

Thanks for help.

Basharat.

 

[Sooner Al]

Yep...according to the SMC manual, that I downloaded from...

http://www.smc.com/index.cfm?sec=Support&pg=Download-Details&prod=67&site=c

and the KB articles...

http://www.smc.com/index.cfm?sec=Support&pg=FAQ-Section&faq_cat=5&site=c

SMC claims they support PPTP VPN. Its possible by installing the latest firmware and forwarding TCP
Port 1723, that GRE Protocol 47 is automagically enabled also. I don't know and the manual is not
clear on that. You may need to contact SMC technical support for a clarification on that...

The BEFSR81 is similar to my old BEFSR41. You need to both forward TCP Port 1723 and enable "PPTP
Pass Through" on the "Filters" configuration page. Its detailed on page 41 of the manual.

ftp://ftp.linksys.com/pdf/befsr81ug.pdf

Make sure your running the latest firmware in the router...

 

[Jeffrey Randow (MVP)]

The 192.168.x.x. series of addresses are private and are not
routable...

Jeffrey Randow (Windows MVP - Networking & Smart Display)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Wiki -
http://www.remotenetworktechnology.com
Smart Display Support - http://www.smartdisplays.us
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[Basharat Javaid]

Thanks Al.

The books make it sound so simple!

Yep...according to the SMC manual, that I downloaded from...

http://www.smc.com/index.cfm?sec=Support&pg=Download-Details&prod=67&site=c

and the KB articles...

http://www.smc.com/index.cfm?sec=Support&pg=FAQ-Section&faq_cat=5&site=c

SMC claims they support PPTP VPN. Its possible by installing the latest firmware and forwarding TCP
Port 1723, that GRE Protocol 47 is automagically enabled also. I don't know and the manual is not
clear on that. You may need to contact SMC technical support for a clarification on that...

The BEFSR81 is similar to my old BEFSR41. You need to both forward TCP Port 1723 and enable "PPTP
Pass Through" on the "Filters" configuration page. Its detailed on page 41 of the manual.

ftp://ftp.linksys.com/pdf/befsr81ug.pdf

Make sure your running the latest firmware in the router...

--
Al

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...Unsolicited personal emails are *NOT* answered.

 

[Basharat Javaid]

Hi, Al:

With the help of SMC Tech Support I managed to configure my Router to
forward/open TCP Port 1723.
They were unable to help me with GRE Protocol 47's opening/forwarding.

I searched for GRE Protocol 47 on SMC's site & on onecomputerguy.com but
nothing turned up! What does GRE stand for?

I will try to access my computer from my office and see what happens.



Basharat.

 

[Jeffrey Randow (MVP)]

The following page describes what the GRE is used for:
http://support.microsoft.com/?kbid=241251

Jeffrey Randow (Windows MVP - Networking & Smart Display)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Wiki -
http://www.remotenetworktechnology.com
Smart Display Support - http://www.smartdisplays.us
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

Hi, Al:

With the help of SMC Tech Support I managed to configure my Router to
forward/open TCP Port 1723.
They were unable to help me with GRE Protocol 47's opening/forwarding.

I searched for GRE Protocol 47 on SMC's site & on onecomputerguy.com but
nothing turned up! What does GRE stand for?

I will try to access my computer from my office and see what happens.



Basharat.

 

[Basharat Javaid]

Thanks Jeffrey.

After I posted my message, my curiosity got the best of me and I did a
search on Google and read about GRE which made me none the wiser about how
to configure my router to open/forward GRE Protocol 47? I asked the SMC's
Tech about GRE but she did not know anything about it.

So I remain stuck at the last one or two steps away from being able to
access my computer remotely.

Search continues.

 

[Lucky One]

GRE Protocol 47=PPTP Point to Point Tunneling Protocol