VPN connection problems

[roydiculous]

Thanks in advance for the help.

I have a Belkin F5D7230-4 (Had a Linksys 54G but didn't work with VPN!) and have set up the ports at 47, 1723, and 500.

When I use

http://www.blackcode.com

> network tools to check which ports are open, I only come up wiht 1723 as open. When I try to connect to my VPN server (Windows XP Pro running XP Pro VPN barebones VPN server), I get the dreaded Error 721. When I DMZ my VPN server (192.168.1.100) I can log on fine.

After that, I run netstat and see that my VPN client is running in at 1434, 1243, 1243, 1444 randomly. I'm also using the Windows XP Pro version of VPN client. How do I make it so that it just tries to connect and stay at port 1723??? Or does anyone have any suggestions for free VPN software?

I'm about to pull my hair out, someone make me sane again!

 

[gacollier]

Roy,

Your client is using a farily random source port but is likely using only port 1723 as the destination port. I'll lay money on the fact that it's not port 1723 that's giving you less hair, it's actually forwarding GRE to your VPN server. Unfortunately GRE is a portless IP protocol who's type is 47, not port 47. So just forwarding UDP or TCP port 47 doesn't help you. You'll need to actually forward IP protocol 47. Does the Belkin F5D7230-4 interface allow you to create a forwarding rule where you can actually choose the protocol ID number instead of just TCP or UDP?

 

[roydiculous]

No i don't think it does. It has a very limited feature set. Seeing that this is for my office, I'd like to do this right the first time. Do you know of any Wireless-G routers that have confirmed done the job and done the job well?

When I connect to my "VPN server" when it's just my server running WinXP Pro connected to the DSL modem, everything works perfectly. I have a feeling that these wireless routers are really buggy. I might just use a regular router and get a wireless access point. On that note, do you know of any routers that can do the job?

As I said, I had the Linksys WRT54G v4. They are both sitting in my IT office. I'm about to drop another $80 on a Netgear one.

Any suggestions? When I had the WRT54G, I couldn't even get through with DMZ enabled. It seemed like alot of people had the same problem. So frustrating.

sorry for the long post

 

[gacollier]

Roy,

I'm not sure about the WRT54G but you can definately port forward the WRV54G to an internal VPN server. If you run through the link below you can see the details on that:

http://www.tek-tips.com/viewthread.cfm?SQID=799983&SPID=463&page=2

Or, you can follw this:

If you can export the configuration file from WRT54G, and it's readable if this format:
(rg_conf
(system
(serialno(DEZ003######))
(version(10007))
(release(Dec 2 2003))
(mac_cur(36:b8:##:##:##:##))
(distribution(DIST=IXDP425_NETKLASS))
(log
(login_success(1))
(login_fail(1))
(conf_change(1))
(system_errors(1))
)
(contact())
(location())
(name(RV082_00:0c:41:91:0f:b4))
(boot
(failure_boots(0))
)....

Then you can do this...

From the web interface, create a forwarding rule called GRE for port 47 using the TCP protocol. (Don't worry, we'll be changing this once inside the router)

In the config file look for this:

(-############
(name(GRE))
(description(GRE))
(trigger
(0
(protocol(17))
(src...

(-########## will be a service number) Replace (17) or (6) with (47).

Import the new config.

Try your VPN connection.

As I said, I know the WRV54G works.

Good luck man.

 

[CNS4us]

Wow....after a couple crazy days trying to figure out why VPN was not working through a Linksys Router and after talking to Linksys support for over an hour I have a solution!!

First, off only port 1723 needs to be forwarded. GRE 47 is referred to as PPTP passthrough on the routers....so just make sure that is ENABLED.

Here is the magic....get the right FIRMWARE. My problem was that I assumed newer firmware was better firmware....WRONG. Linksys has a major problem with this. For instance I was using a BEFSR41 v2 router and had v1.45.7 on it (NO GO)...downgraded to v1.43.3 and everything is working perfectly.

So my advice...find a firmware that works and upgrade at your own risk!!

Cheers

 

[roydiculous]

Thanks for the heads up CNS4us

I have since then realized that I did not want PPTP VPN, but rather a hardware VPN solution. I tried the Linksys WRV54G (Broadbrand Wireless G VPN Router) but that firmware is in its infancy, the IPSec doesn't even work (after hours with Linksys Techies).

I then went to the FVS318 - good router, but the IPSec was impossible to configure with dynamic IP clients (as it asked you for a remote IP addess and if you put a large range, would mess it up)

Now I finally decided to do my homework and got the BEFVP41 EtherFast Cable/DSL VPN Router with 4-Port (version 1) and SSH Sentinel. I am going to set it up today (with detailed instructions courtesy of the forums at Tek-Tips.

Who said new is better?

 

[bechemeko]

So fellas,

has there been any closure on using the Belkin F5D7230-4 ti get VPN access? I still have the same problems as Roy. Help!!!

 

[bechemeko]

On the Belkin router, you cannot forward port 0. A message is given that the port number is invalid !!!

 

[yobri]

I have a Linksys 54G connected to a Linksys B..41 and the connection always stays up and never has a problem. My problem was in the static routes on each side of the router. Make sure you set those up or you won't be able to ping anything from router to router because it doesn't know where the destination is. Make sure when you set up the static routes that you use the ISP Gateway address for the outgoing network...

Example....
Network 1
192.168.1.0
On internet IP ADDRESS xx.xx.xx.89 and internet IP gateway xx.xx.xx.94.

Network 2
192.168.2.0
On internet IP ADDRESS xx.xx.xx.200 and internet IP gateway xx.xx.xx.95.

if a PC on Network 1 wants to PING a PC on Network 2 a static route must exist on the router on Network 1 that has a Network address of 192.168.2.0 a subnet of 255.255.255.0 and a gateway of xx.xx.xx.89 (not the gateway of Network 2 but the OUTGOING gateway)

Then you would do the reverse on the router at Network 2. YOu can then ping network IP addresses (192.168.x.x) on both sides of your network.

If you want to see Netbios names then simply add the addresses and names to your LMHOSTS file in your ...system32\config\etc\ directory.

I spent like a week solid jacking around with this thing to finally get it going. IT CAN BE DONE!!!!