Host VPN on win2000 server

[darrenkelby]

I am trying to setup VPN at work. If I connect vpn to the server on the network using the server ip address it works fine.

But if I try to connect from outside I get an error message 800 saying the vpn server could not be reached.

The server is connected to the internet through a router, I have forwarded three ports 1723, 1701, 500. I did try to forwarding all ports to the server ip, but still the same error message.

The VPN client is win xp pro and I am using the wan address and not the interal ip address.

I ran the routing and remote access wizard on the server but I think I am missing something that accept incoming connections from the router.

The internet comes through the router on to the network switch and then to the server so all pc connect to the internet through the router not the win2000 server.

The win2000 server has just 1 network card for both network and internet.

Thanks Darren

 

[dearingkr]

If you're using pptp, then you'll have to forward protocol 47 (GRE).

 

[gacollier]

Darren,

What router are you using to connect the VPN server to the Internet?

Greg

 

[darrenkelby]

I am using a Netgear DG834 which surports VPN port forwarding. In the log it show that the packet was passed on to the server.

Thanks Darren

 

[gacollier]

Darren,

Not familiar with the DG834, but I'd be willing to bet it's not forwarding IP proto 47 (GRE). Can you post a copy of the log that shows packets passing through please.

 

[darrenkelby]

What is proto 47(GRE)? is that just a port number?

Thanks Darren

 

[gacollier]

Darren,

Protocol 47 is a portless IP protocol (typically referred to as Generic Routing Encapsulation or GRE) that is used to encapsulate data, (PPTP data in this scenerio), so that it is portable across an IP network (like the Internet). A very simple explanantion for strictly PPTP is that...

PPTP (TCP port 1723) is used up front for VPN connection call setup and the front end of link config.

Once this is completed GRE is used to encapsulate the balance of all PPTP/Data from here on out.

So you see, allowing/forwarding PPTP is only the first step of your VPN connection. Setting up GRE has to occurr as well.

Hope this helps.

 

[gensan]

How do you configure proto 47 (GRE)? On the VPN server or the client?

 

[darrenkelby]

Where can i find Protocol 47 and how do I set it up?

I have looked on the router and win2000 server but can not find it.

Thanks Darren

 

[gacollier]

Darren/Gensan,

You only need to setup port forwarding on the router for GRE, not the server or client.

I've not worked with the DG834, but is it possible to create a port forwarding rule for something other than UDP (IP Protocol 17) or TCP (IP Protocol 6)?

If so, create a port forward rule for protocol 47 with port 47.

Let me know what you come up with.

Greg

 

[derren]

Hi All

I have exactly the same set up and am interested if you have had any success with this? Greg, you seem to have the answers, but like Darren and Gensan I am unable to find a setting which matches that (and just a little scared of opening up a little too much to the outside world!)

Derren
[Mediocre talent - spread really thin]

 

[nokuntrol]

Also what if your router (some cases firewall) is blocking GRE, and you do not have access to add or change forwarding rules.

is there a way around this while still using PPTP?