VPN server on XP sp2 issue

[see.cher]

is this suppose to work???????

I can get to my "server" from my laptop but it won't connect.

I have a DNS translation at dynup.net.
my laptop (LT) (XP SP2) is configured to connect to home VPN desktop
(DT)
my username and PW when connecting is the same as configured in my
(DT)
My DT (XP SP2) is configured to accept VPN (= server)
My routers are configured to pass port 1723 (PPTP) and 47 protocol
When I try to connect my firewall (software) responds with a request
to allow incoming PPTP - I do allow.
But there is no connection made. (never any request by firewall to
allow outgoing). Laptop times out and issues error.

I am missing a piece?

I DO NOT have any other VPN software installed - do I need this?
If so, what?

my objective is to use this connection as a file server for a DB file
for an application.

thanks

 

[Sooner Al [MVP]]

If this is through a consumer grade router from a remote location then its
possible GRE Protocol 47 traffic is not being passed. This can be
problematic on some consumer grade routers. I suggest you run the "VPN
Traffic" test detailed near the end of this page...

http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx

The required tools...

http://www.microsoft.com/downloads/...76-9bb9-4126-9761-ba8011fabf38&displaylang=en

If the GRE portion of the test fails then look at upgrading, if possible,
the firmware in the router. Note that even with a firmware upgrade it may
still fail. That is my experience with my current Buffalo WBR-G54. With my
old Linksys BEFSR41 some firmware versions worked and some did not.

An alternative may be a SSL-VPN solution or a SSH solution...Both free for
personal use...

http://3sp.com/showSslExplorer.do

http://sshwindows.sourceforge.net/
http://www.bitvise.com/tunnelier.html

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[see.cher]

Thanks you - I am a step closer....
with the firewall disabled the client displays "verifying user name
and password" when trying to log on, but that is as far as it goes.
What do you have to do with a firewall to get it to be transparent?
Outpost 2.5 -=- it responded to the incoming PPTP which I allowed, but
until I disabled it nothing came out. It never asked to let anything
out. is it a protocol issue rather than a port thing?? If so how do I
configure protocols??

I tried using the tools pptpsrv and pptpclnt.
pptpclnt appeared to talk to the host, but I got nothing on pptpsrv.
Am I suppose to see the text I type on the client on the host??
If so, where??
when pptpclnt tried sending GRE packets I saw nothing on pptpsrv - it
was waiting for GRE packets.

Biggest problem is I don't know what to expect. Do I have to be logged
off to be able to logon remotely.

thanks.

 

[Sooner Al [MVP]]

Direct quotes from the procedure...

*******************
"If PPTP traffic can be successfully exchanged between the VPN server and
VPN client computers, Pptpsrv.exe on the VPN server computer will display
the text that was sent by the VPN client computer and an exchange of five
GRE messages. If not, Pptpsrv.exe will indicate what types of PPTP traffic
were unsuccessful."

"To use PPTP Ping to test for PPTP-based VPN traffic, do the following:

1. On the VPN server computer:

If needed, stop the Routing and Remote Access service using the
Routing and Remote Access or Services snap-ins. This step ensures that
Pptpsrv.exe can use TCP port 1723 and IP protocol 47.

Run Pptpsrv.exe.

2. On the VPN client computer:

Run Pptpclnt.exe with the following syntax:

pptpclnt.exe servername_or_IP_Address

When prompted, type some text to send to the VPN server computer and
then press ENTER."

*****************

Make sure the RRAS service is stopped prior to running the test. Run
"Start -> Run" and type services.msc at the command line to do that.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[see.cher]

OK, ALL RIGHT ---
There is some light at the end of the tunnel!!!!
pptpsrv & pptpclnt are communicating - RRAS was the cause!!!!

this doesn't communicate all the time, in fact it seldom does.
but it does sometimes so the path and pptp programs are working.

most of the time the server never sees anything and the client times
out.

my client is going thru a neighbors wireless connection.
pptpclnt gets the dns address and asks for data
it xmits the data and waits till it times out. sometimes it gets a
response but I have never rcvd GRE data at the srvr even when it sees
the data and responds. and the clnt does see the response.

when trying to login I now get a 678 error - server didn't respond.
the pptp comm went thru the dns translator so now the question is how
do I get the server to talk??

the loggin and password that I use on the client is a user on the
server. I am logged into the server as a different user. It doesn't
matter if the firewall is on or off I get the same error.

but this may be the same issue as the first. if i try it enough times
it might work.

any more good ideas.

 

[Sooner Al [MVP]]

It has to work every time, not just once in the while.

If you never get GRE traffic passed the link will never work.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[see.cher]

OK I agree.

BUT what does it mean if it doesn't work everytime (where should I
look)?

AND why when it does work does it not pass GRE packets??

I am only going thru ONE router now. It must be set right if it works
at all (PPTP port (1723) open - protocol 47 allowed to ip
192.168.123.90). It doesn't have a simple "pass PPTP" or "pass IPSEC"
setting. The VOIP router does but it is currently connected to a port
on the main router.
I also have port 500 and protocol 50-51 for IPSEC allowed, but that
should be irrelevent.
I have the computer IP set at 192.168.123.90 and not obtaining
automatically from the router. The router is the only device on the
cable modem so its address doesn't change. My cable IP address has not
changed since I started all this.