VPN connections

[Guest]

I am trying to set up a vpn connection between my home (laptop dynamic IP)
and my office (pc static IP). Both machines are running windows xp pro sp2.
The office machine is behind a Linksys router and has port forwarding to the
if address of the PC enabled. Windows firewall is configured to allow VPN
and rdc and indeed I can connect no problem using RDC. When I try to
establish a vpn I get as far as logon name and password veryfication and then
everything stops. I have a feeling it may be something to do with
authentication prorocols but I don't know enough about how to configure
IPsec/certificates/MS-Chaps v2 blah blah blah. Any ideas anybody

 

[Robin Walker]

I am trying to set up a vpn connection between my home (laptop
dynamic IP) and my office (pc static IP).

Are you trying to make a VPN with PPTP or with L2TP?

Both machines are running
windows xp pro sp2. The office machine is behind a Linksys router and
has port forwarding to the if address of the PC enabled.

Which ports are forwarded? The required ports are different depending on
whether you are trying PPTP or L2TP. For PPTP you need to forward TCP port
1723, plus IP protocol number 47 (known as GRE). On a Linksys, forwarding
GRE is usually enabled by enabling "PPTP pass-through". However, depending
on which model of Linksys router you have, PPTP pass-though is broken on
certain firmware versions, and incoming PPTP connections cannot be made.

With L2TP/IPSec, you need to forward UDP ports 1701, 500, and 4500, and
enable "L2TP pass-through". But setting up an L2TP server is non-trivial on
the IPSec side.

Windows
firewall is configured to allow VPN and rdc and indeed I can connect
no problem using RDC. When I try to establish a vpn I get as far as
logon name and password veryfication and then everything stops. I
have a feeling it may be something to do with authentication
prorocols but I don't know enough about how to configure
IPsec/certificates/MS-Chaps v2 blah blah blah.

If you are trying L2TP/IPSec, then see
http://support.microsoft.com/default.aspx?scid=kb;en-us;885407 because your
L2TP server is behind a NAT router.

 

[Guest]

Hi Robin,

Thanks for your response.

These are the ports that I have forwarded in the linksys router:

PPTP 1723 TCP protocol
RDC 3389 Both (TCP/UDP) protocol
GRE 47 Both (TCP/UDP) protocol
IPsec 50 Both (TCP/UDP) protocol
L2TP 500 Both (TCP/UDP) protocol

All these ports are listed as exceptions within the Windows Firewall setup.

If you want you could have a look at the setup for yourself through RDC.

Hope this makes sense to you.

Kind regards

John Marzano

 

[Guest]

What error message are you getting?
Are you using a dynamic dns service?

Jack

 

[Guest]

Hi Jack,
I'm not using a dynamic dns service on the vpn server, it has a static IP
but the client computer (laptop) is dynamic.

Also I'm not getting an error message as such, what happens is I get a
message saying "veryfying user name and password" which just sits there until
I get frustrated with it and click cancel.

I use the same username and password to connect using RDC without any
problem at all.

John

 

[Guest]

John,
I just setup a vpn with 2 xp pro boxes on dsl, can't get the drives, folders
to share yet though. Are you using dynamic dns or no-ip type client to keep
your dynamic address constant? I had the same problem of the window just
saying "connecting" before time out. After I connected it is quick. Got can
youseeme.org though RDC and check to make sure the ports can be seen. Check
the other computer too. Make sure in the Connection that it is pointing to
the right ip or server name. Mine is working with the box 'Use remote
gateway' checked in tcp/ip. You might try turning off encryption just to get
it connected. On the "Incoming Connection" make sure tunneling is checked.

Hope that helps. Maybe I'll figure out the share problem too.

Jack

Hope that helps

 

[Guest]

Hi Jack,
My client ip is dynamically asigned behind a D-link broadband router. Is
that likely to be a problem.

I logged into the server machine with RDC and remotely ran your suggested
canyouseeme.org. Interestingly enough, It could see port PPTP 1723 but
couldn't see GRE port 47. When I tested GRE 47 i got a message that said
something along the lines of could not see your port 47 because the
connection was refused. The port is forwarded in the linksys router and is
listed as an exception in the windows firewall. Anything else I might be
doing wrong?

John

 

[Guest]

John,

It can't see my 47 either, but both sides can see 1723.
I have both boxes configured with dynamic dns client. The dns is provided
free by no-ip.com. So when I try to connect to the box, I don't type in an
ip address I type in name.no-ip.com. Also I use that name when 'making a
connection'. Since you have a pixed ip on one end yours is a little
different. Email me and I'll give you the address of my test box I have
setup and see if you can connect to it to see which side has a problem. The
email is my user name at softhome dot net. Then maybe we can figure out how
to share folders.

Jack

 

[Robin Walker]

I logged into the server machine with RDC and remotely ran your
suggested canyouseeme.org. Interestingly enough, It could see port
PPTP 1723 but couldn't see GRE port 47. When I tested GRE 47 i got a
message that said something along the lines of could not see your
port 47 because the connection was refused. The port is forwarded in
the linksys router and is listed as an exception in the windows
firewall.

GRE (IP Protocol number 47) is not "TCP port 47". Therefore when you tested
port 47, it was correctly refused. You cannot forward GRE by forwarding
port 47 in a router configuration.

The only way to forward GRE in a Linksys is by enabling "PPTP pass-thuough".
Even then, protocol 47 might be only forwarded when traffic has been
recognised on port 1723.

"PPTP pass-though" for incoming calls is broken on some firmware versions of
some models of Linksys router.

 

[Guest]

Hi Robin,

Thanks for that. I have updated the firmware in my Linksys router to the
latest that they have and pptp passthrough is enabled. I have removed the
forwarding of GRE 47 from the application and gaming forwarding page in the
Linksys router but still nothing doing.

John

 

[Guest]

Hi Jack,

Sorry I didn't get back to you sooner but I've been a bit tied up with home
stuff and haven't been able to get back to this for a couple of days.

I've just had a look at what Robin posted last and am trying a couple of
things including trying to make sense of the link he sent about L2TP/IPsec.

I'll be back, as he said in the movie....

John

 

[Robin Walker]

I have updated the firmware in my Linksys router to
the latest that they have and pptp passthrough is enabled.

But that might be the problem: PPTP pass-through is broken on recent
versions of firmware of certain Linksys models. Which model of Linksys do
you have?