VPN with 2 XP Home

[Guest]

I am trying to vpn to my work computer running XP home with my Home computer running XP Home
At work we have a peer to peer network (4 computers hooked to a router with a static IP Address assigned to the Router). On the router I have forwarded 500,50-51,1723,47,3389 ports to my Work Computer IP address. Also I have the DMZ set to the Work Computer IP. I also set up the incomming connection to use the ip address with in my work lan. I have called Linksys and they say it is not the router that is in the VPN configurations

On the client, I have unchecked "use default gateway on remote network" When I try to connect I get as far as verifying user id/password, then an Error 721. I have tried using a dial-up connection to the internet and my home broadband to connect to my Work Computer but both give me 721 error

When I look at the router logs, I see my Home Computer's IP address with port 1214 'to' my Work Computer's IP Address port 1723

I would appreciate if someone would please help me. I feel like I am running in circles. Thanks in Advance! Kath

 

[JRC]

If you are using VPN, why are you forwarding ports? Also, you shouldn't be
messing with DMZ to do what you are talking about (if you want to keep your
machine safe).

I am trying to vpn to my work computer running XP home with my Home computer running XP Home.
At work we have a peer to peer network (4 computers hooked to a router

with a static IP Address assigned to the Router). On the router I have
forwarded 500,50-51,1723,47,3389 ports to my Work Computer IP address. Also
I have the DMZ set to the Work Computer IP. I also set up the incomming
connection to use the ip address with in my work lan. I have called Linksys
and they say it is not the router that is in the VPN configurations.

On the client, I have unchecked "use default gateway on remote network"

When I try to connect I get as far as verifying user id/password, then an
Error 721. I have tried using a dial-up connection to the internet and my
home broadband to connect to my Work Computer but both give me 721 error.

When I look at the router logs, I see my Home Computer's IP address with

port 1214 'to' my Work Computer's IP Address port 1723.

I would appreciate if someone would please help me. I feel like I am

running in circles. Thanks in Advance! Kathi

 

[Guest]

I am using the default VPN that came with Windows XP Home. As for the ports, everything I read said I needed to forward the port 1723. Then I would read some more and there were recommendations of forwarding other ports. As for the DMZ, that was the only way I could actually get the connection else it would say server was not responding.
Any ideas?

 

[Guest]

Ok so I went back and modified the router settings to only forward port 1723 and disabled DMZ. I am still getting the 721 error?

 

[Bob]

I am trying to vpn to my work computer running XP home with my Home computer running XP Home.
At work we have a peer to peer network (4 computers hooked to a router with a static IP Address assigned to the Router). On the router I have forwarded 500,50-51,1723,47,3389 ports to my Work Computer IP address.

Why did you forward port 47?

If you want to run PPTP VPN, then you need to pass PROTOCOL 47 packets
(GRE). If the router supports this, it is usually known as "PPTP
Passsthru".

And if you want to use PPTP VPN, why all those other ports? All you
need to forward for PPTP is port 1723.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

If you are using VPN, why are you forwarding ports?

PPTP requires that port 1723 be forwarded. It also requires that
Protocol 47 packets be passed thru.

--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

I am using the default VPN that came with Windows XP Home. As for the ports, everything I read said I needed to forward the port 1723. Then I would read some more and there were recommendations of forwarding other ports. As for the DMZ, that was the only way I could actually get the connection else it would say server was not responding.
Any ideas?

Yes, learn how PPTP VPN works - admittedly a confusing task.

http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

Ok so I went back and modified the router settings to only forward port 1723

On both machines? You must forward port 1723 on both machines.
Although the terms VPN Server and VPN Client are used, packets can
originate from either machine, and therefore the receiving machine
must be allowed to pass packets thru port 1723.

and disabled DMZ. I am still getting the 721 error?

PPTP VPN also requires that protocol 47 (GRE) packets be allowed to
pass thru both routers. Usually this is called "PPTP Passthru".

If you have any firewalls in the PC, disable them to see if they are
interferring. Don't just turn off the GUI - you must Disable the
firewall engine using the GUI.

If you are running that known virus called "Zone Alarm", throw it away
and get a decent firewall like Kerio (free to the home user).

"msconfig" is helpful in finding hidden startups.

--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

I have setup everything like it shows (on the url links). But I have one question...what do you mean by port 1723 forward on both machines?

Do you understand how NAT works? An incoming packet is not allowed to
penetrate the NAT firewall unless:

1) The incoming packet is a Response to an outgoing Request packet,
which NAT keeps track of with port translation.

2) The router is instructed to ignore the NAT firewall for one or more
particular ports for one particular machine. For example, let's say
you have a web server like Apache running on a particular machine. You
have to forward all incoming port 80 packets to that machine,
otherwise no one on the Internet can access the webserver.

I have the router forward port 1723.

From that it would appear you understand the concept of forwarding a
port. Are you sure port 1723 is being forwarded to the VPN machine?

What about "PPTP Passthru"? You must allow protocol 47 (GRE) packets
to pass thru the router too. Most NAT implementations block all
protocols except the most commonly used ones. GRE is uncommon so it is
default blocked - you therefore have to unblock it.

How do I set up my client (home) or the work computer?

I do not understand your question. You have to follow those
instructions for each machine.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Guest]

Ok, on the router I have port 1723 forwarding to my VPN machine (work). I have all of the VPN Passthrough items enabled which includes the port 47 GRE that was mentioned. Which are: IPSEC, PPPoE, and PPTP.
No Firewal on WORK Computer

You mentioned I had to have the port forwarding onboth machines...so I was confused on what was meant by BOTH machines.
All i have is at WORK: XP Home hooked up to a router and HOME: XP HOME hooked up to a route
Both have different local LAN ip address WORK 192.168.1 and HOME 192.168.
My WORK as static IP Address of 192.168.1.100 and my router has a static IP from my IS
So, I have followed everything from the url links....rebooted machine/router/modem.........still no luck. Someone said it was my VPN...but I am using Microsoft VPN Connection which is with XP Home & has the setup info you provided
The Router has DHCP enabled.

 

[Guest]

I went to the router logs and see my Home Machine IP Address in the Incoming with port 172
In the Outgoing, I see my Work Lan IP & Destination IP (Home) using Service/Port# 397
So do I need to open something up on my home computer to access port#3974 when I get a reply back from my Work

 

[JRC]

Sorry folks, but I'm still confused about the forwarding anything if VPN is
truely in use. I'll admit I don't mess with MS VPN much, but to date I've
never had to forward ports to get any VPN functionality using any VPN.

I went to the router logs and see my Home Machine IP Address in the Incoming with port 1723
In the Outgoing, I see my Work Lan IP & Destination IP (Home) using Service/Port# 3974
So do I need to open something up on my home computer to access port#3974

when I get a reply back from my Work?

 

[Jeffrey Randow (MVP)]

FYI - UDP 500 & 4500 and IP Protocols 50 & 51 are for L2TP/IPSEC
VPNs...

Jeffrey Randow (Windows Net. & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[Jeffrey Randow (MVP)]

You still must forward or allow TCP Port 1723 in to get the VPN to
work (as the VPN passes traffic over this port)... Otherwise, the VPN
client will keep hitting the NAT firewall of the router..

Jeffrey Randow (Windows Net. & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[Bob]

Ok, on the router I have port 1723 forwarding to my VPN machine (work).

You are not being explicit enough. Is that machine the VPN Server? I
will assume it is for now.

You are aware that port forwarding requires that you give the machine
a static LAN IP address. Otherwise the router won't know which machine
to forward the packets to.

I have all of the VPN Passthrough items enabled which includes the port 47 GRE that was mentioned.
OK

Which are: IPSEC, PPPoE, and PPTP.

Which VPN are you going to use? I assume since you forwarded port 1723
and passed protocol 47 packets, that you are setting up a PPTP VPN.
Don't confuse an already confusing subject by dragging in a lot of
extraneous buzzwords. You are not setting up IPSec or PPPoE.

No Firewal on WORK Computer.

I hope you made absolutely sure, because it's usually a firewall
hidden in background that causes lack of connection.

You mentioned I had to have the port forwarding on both machines...so I was confused on what was meant by BOTH machines.

I think you would benefit by taking the time to learn how a VPN works.

There are two machines: the VPN Server and the VPN Client.

All i have is at WORK: XP Home hooked up to a router and HOME: XP HOME hooked up to a router

That sounds like 2 machines to me. You need to forward port 1723 and
protocol 47 on each of those 2 machines.

Both have different local LAN ip address WORK 192.168.1 and HOME 192.168.0

This is wrong. What you mean to say is that the subnet at WORK is
192.168.1.X and the subnet at HOME is 192.168.0.X.

My WORK as static IP Address of 192.168.1.100 and my router has a static IP from my ISP

I assume that the static IP address 192.168.1.100 is the LAN IP
address. The VPN Server address can be different. The reason is simple
to understand. Microsoft treats the VPN as an "adapter" in the same
way it treats your actual Ethernet adapter. Therefore the address of
the VPN Adapter is different from the IP address of the Ethernet
Adapter.

So, I have followed everything from the url links....rebooted machine/router/modem.........still no luck. Someone said it was my VPN...but I am using Microsoft VPN Connection which is with XP Home & has the setup info you provided.
The Router has DHCP enabled.

I would change the LAN IP address to something below 192.168.1.100 -
for example, make it 192.168.1.10.

Next you need to tell us what the range of VPN IP addresses you told
the VPN Server to allow. Then you need to tell us if you are allowing
the VPN Client to specify its own address, and if so what is it.

You need to sit at one location with someone at the other location.
Have that person open the icon for the LAN Adapter - the one that is
in the tray. Open it to see the traffic passing back and forth. Then
you try to connect and see if the other person can see the hits. If
so, then you are making it thru the router, at least partially. If
not, then you have another problem.



--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

I went to the router logs and see my Home Machine IP Address in the Incoming with port 1723
In the Outgoing, I see my Work Lan IP & Destination IP (Home) using Service/Port# 3974
So do I need to open something up on my home computer to access port#3974 when I get a reply back from my Work?

That response is the NAT port translation. The router assigned port
3974 to the outgoing packet so it could translate the IP address for
routing on the Internet. When the reply comes back, the router will
know where to send it.

192.168.X.X is an unroutable subnet on the Internet.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

FYI - UDP 500 & 4500 and IP Protocols 50 & 51 are for L2TP/IPSEC
VPNs...

My question was rhetorical.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

I have all of the settings correct. I called Linksys (who has very bad tech support!)

Linksys is now owned by Cisco. Maybe things will change.

There are specific Linksys user forums. Try:

http://www.practicallynetworked.com/

and they said the Router has VPN Passthrough which allows GRE 47.

On the ever-popular Linksys BEFSR41 router there are two passthrus,
one for IPSec and one for PPTP.

Be sure to turn off SPI - it's broken.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Guest]

The 8 port which was model BEFSR81V3 did not work, i got a 4 port BEFSR41 and it worked great! But I needed 7 ports, so I had a switch and connected the router to the modem, and uplinked the router to the network switch and have 3 machines plugged into that. Then I went to VPN and noticed that it was very slow.....I have the computer (VPN) connected to the router but from home it is slow. I am using a wireless router with a Radio Frequency internet connection

So I am assuming I am setting up this router wrong but everything (settings) are set correctly and there is no firmware. Has anyone used this model before?

Thanks!!!!!!!!!

 

[Jeffrey Randow (MVP)]

Jeffrey Randow (Windows Net. & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone