Windows 2000 Pro VPN Host behind Router

[Guest]

I am trying to set up a PPTP VPN host on my Windows 2000 Pro Home computer
which accesses the internet through a router and a modem. When I try to
connect to the host over the internet, I get an Error 678 message. I have
found article 271731 on the MS knowledge base which says I need to "configure
the firewall or the router so that the source of the PPTP reply packets is
the same IP address that the PPTP clients use. PPTP communication is made up
of TCP port 1723 and of the Generic Routing Encapsulation (GRE) protocol (IP
protocol 47)."

It also suggests that I "make sure that the PPTP clients establish the
connection to the first IP address that is bound to the PPTP server's public
network interface. Also make sure that you configure the default gateway on
the server to the interface that receives the connection attempt. Typically,
the public network interface receives the connection attempt in this
scenario."

Don't have the foggiest idea of how to do this. My ISP assigns the router
IP dynamically, so, I think it is impossible to link the VPN host IP or
default gateway to the router IP or default gateway. Any suggestions on how
to do this?

 

[Robert L [MS-MVP]]

have you forwarded the port 1723 to the host computer?or use telnet to test it. to do that, run command line: telnet public IP of the host 1723.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I am trying to set up a PPTP VPN host on my Windows 2000 Pro Home computer
which accesses the internet through a router and a modem. When I try to
connect to the host over the internet, I get an Error 678 message. I have
found article 271731 on the MS knowledge base which says I need to "configure
the firewall or the router so that the source of the PPTP reply packets is
the same IP address that the PPTP clients use. PPTP communication is made up
of TCP port 1723 and of the Generic Routing Encapsulation (GRE) protocol (IP
protocol 47)."

It also suggests that I "make sure that the PPTP clients establish the
connection to the first IP address that is bound to the PPTP server's public
network interface. Also make sure that you configure the default gateway on
the server to the interface that receives the connection attempt. Typically,
the public network interface receives the connection attempt in this
scenario."

Don't have the foggiest idea of how to do this. My ISP assigns the router
IP dynamically, so, I think it is impossible to link the VPN host IP or
default gateway to the router IP or default gateway. Any suggestions on how
to do this?

 

[Guest]

I believe I have forwarded properly. The setup for the virtual server in the
DI-524 router indicates that port 1723 has been forwarded to the host
computer. I accessed the internet from outside the router and used telnet as
instructed. It appeared that telnet connected in that there was a connecting
message and then the title bar on the command prompt screen changed from
"c:\" to "telnet IPaddress" although I had no idea what to do with telnet
once it connected.

It appears this problem is very similar to thread to which you responded
back in September entitled "Subject: VPN on Windows Server 2003 behind a
D-Link DI-524 Router" from (e-mail address removed) that was unresolved. Hope to do
better on this one.

 

[Robert L [MS-MVP]]

you should add port 1723 after the IP or name, for example, telnet x.x.x.x 1723. If it is black screen that is good. Actually, you may want to use PPTPsrv and PPTPclnt to test it. This web page provides the how to.

VPN troubleshooting tools PPTPclnt and PPTPsrv to test GRE and PPTP. 2. IPCONFIG to troubleshooting connection and name resolution issues. 3. PING and TRACERT to check the connection ...
www.chicagotech.net/vpnissues/vpntools.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I believe I have forwarded properly. The setup for the virtual server in the
DI-524 router indicates that port 1723 has been forwarded to the host
computer. I accessed the internet from outside the router and used telnet as
instructed. It appeared that telnet connected in that there was a connecting
message and then the title bar on the command prompt screen changed from
"c:\" to "telnet IPaddress" although I had no idea what to do with telnet
once it connected.

It appears this problem is very similar to thread to which you responded
back in September entitled "Subject: VPN on Windows Server 2003 behind a
D-Link DI-524 Router" from (e-mail address removed) that was unresolved. Hope to do
better on this one.

 

[Guest]

Robert -- Found the problem. You may want to file this for future reference.
It was not a Windows problem at all. I use dyndns.org to track the dynamic IP
assigned to the router by my ISP. The DLink DI-524 router I am using has a
configuration for automatically updating new public IPs to my dyndns host,
and I was relying on that. However, the automatic update was not working.
So, I downloaded a free utility, DynDNS Updater, from the dyndns site, and it
now keeps the IP in the dyndns database synchronized with the public IP for
my router. All is fine and I now have VPN access to my home network from the
outside through the internet. Thanks for your attention.
wrnoof

 

[Robert L [MS-MVP]]

Thank you for the update. We need that.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Robert -- Found the problem. You may want to file this for future reference.
It was not a Windows problem at all. I use dyndns.org to track the dynamic IP
assigned to the router by my ISP. The DLink DI-524 router I am using has a
configuration for automatically updating new public IPs to my dyndns host,
and I was relying on that. However, the automatic update was not working.
So, I downloaded a free utility, DynDNS Updater, from the dyndns site, and it
now keeps the IP in the dyndns database synchronized with the public IP for
my router. All is fine and I now have VPN access to my home network from the
outside through the internet. Thanks for your attention.
wrnoof