VPN pass-through Linksys Router

[Kevin]

Hi,

would anyone be able to help me with VPN through a Linksys
adsl router/firewall. It's a Linksys WAG54G. I have
allowed pptp + ipsec pass-through and enabled port
forwarding to my W2K VPN server for port 1723 and 500
which I understand are the ports required for VPN using
PPTP.
The client gets authenticating status message, then
registering on the network, then I get an error saying
server did not respond in a timely manner. (not exact
error message).

In the log on the router I get an error ICMP dropped from
the server ip the the client ip.

Any ideas?

 

[Robert L [MS-MVP]]

assuming you get error 721, this may help. quoted from
http://www.ChicagoTech.net

Error 721: Remote PPP peer or computer is not responding. If you have tried
many thing other people suggest like rebooting, reloading hardware and
re-installing the VPN or dial in connection, you still get the same problem.
I will suggest to check the router settings and make sure TCP Port 1723, IP
Protocol 47 (GRE) are opened. Also make sure that the router has the PPTP
enabled and not firewall block the traffic. On the RAS server, check the
DHCP settings.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

 

[Toby Shirk]

Another thing that i had issues on my Linksys router is
that it was using the same DHCP scheme as my work...

I changed the linksys from its default of 192.168.1.XXX to
192.168.XXX.XXX Then it started to work just fine.

Toby
IS Admin

 

[Laurence]

Hi,

would anyone be able to help me with VPN through a Linksys
adsl router/firewall. It's a Linksys WAG54G. I have
allowed pptp + ipsec pass-through and enabled port
forwarding to my W2K VPN server for port 1723 and 500
which I understand are the ports required for VPN using
PPTP.
The client gets authenticating status message, then
registering on the network, then I get an error saying
server did not respond in a timely manner. (not exact
error message).

In the log on the router I get an error ICMP dropped from
the server ip the the client ip.

Any ideas?

Kevin,

I have exactly the same problem. I have found that if you disable SPI
(the firewall) in Security/Firewall, the VPN is created OK. I am in
contact will Linksys over this, but they have not been too helpful. I
have tried a firmware upgrade to 1.01.6, but it has made no
difference. I am concerned about running the router with the SPI
disabled, but there appears to be no option at the moment.

Good luck

Laurence

 

[Bob T Bunny]

I received the same router today, on the latest firmware (1.01.9,
doesn't seem to be available from the Linksys web site yet), and have
found the following:

Using "Single port forwarding" seems to be problematic when creating
pinholes for web server, smtp, pop etc. More often than not, the
packets just don't get through. If you go into the "Port range
forwarding" and create individual ports (eg port 80 to port 80),
things works fine.

To set up the VPN, I went into Port range forwarding, created a range
for port 1723-1723, both TCP and UDP, pointing to the address of our
Windows 2000 advanced server, and another range for port 47-47, again
both TCP and UDP and pointing to the W2k server. I know that it is
supposed to be Protocol 47, not Port 47, but hey, it works, so I ain't
complaining. I don't have port 500 open at all.

I haven't tried narrowing it down to just TCP 1723, but I may do that
tonight or tomorrow if I can be bothered.

I still have the Firewall Protection enabled in the Security section,
but I have unticked "Block Anonymous Internet Requests". Not sure
what this does, again I'll look into it tomorrow.

After doing that, everything worked as well as it did on our old Nokia
MW1122.

Hope that helps.

Bob T.

 

[Bob T Bunny]

After doing a bit more investigation, I have now reticked (sorry if
that's not a real word) Block Anonymous Internet Requests, as it stops
things like ping replies, connections on port 0, etc. We're now
looking much more secure on good old grc.com.

I have disabled port 47 on the Port Range Forwarding, and taken port
range 1723-1723 back to just TCP. Our VPN is still going fine, and
accepting multiple connections. So it looks like the Linksys does
some sort of magic, and whatever address you forward port 1723 to,
gets the GRE protocol as well. Cool. Obviously I have PPTP
pass-through enabled as well.

Another thing to watch out for is that whenever you change pretty much
any configuration setting, it will disable all traffic for about 15
seconds. A minor annoyance, since the router itself seems to be
stable enough after 1 day of testing. I guess we'll see after another
week or two.

Regards,

Bob T.