VPN through router problems!

[lenny109]

I am trying to set up a VPN at work but have hit a brick wall and am totally stuck, hopefully someone might be able to point me in the right direction. I am using an XP Pro desktop machine as the server, following Bob Cerelli's instructions. (onecomputerguy.com) So I am reasonably sure that the server is set up correct.

My problem is setting up the router. I am using a Zoom X4 router between the LAN and the ADSL line (the VPN server is also on the LAN) I have a static IP for the internet access. Should I be changing the settings in the NAT configuration, Virtual Server, DMZ, DNS, all, some or just one. What about WAN? I have changed the Virtual server configuration to open two ports, 1723 and 47. I have give both Public and Private ports the same numbers, Port type TCP and the host IP address, Should it be the static IP address, the router 10.0.0.2 or the LAN ip eg 10.0.0.5?

When I try to log in from a client computer I get an error 800. If I ping the static IP address though i get a reply. Any thoughts that I might be able to understand would be most appreciated.

Cheers

 

[ChicagoTechNet]

make sure you open ip protocol 47 GRE but tcp 47. quoted form

http://www.chicagotech.net

Which ports need to be opened for running VPN

A: PPTP VPN uses TCP Port 1723, IP Protocol 47 (GRE); L2TP: UDP Port 1701; IPSec: Pass protocol 50 and 51. Note: 47 is a protocol number and not TCP port. The protocol name is GRE. It'll make a big difference when configuring your firewall or router.


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network and How to at

http://www.ChicagoTech.net

 

[lenny109]

Thanks for the information I have spotted the advice around the forums but am afraid that I don't quite understand it. It is this section that stumps me..A: PPTP VPN uses TCP Port 1723, IP Protocol 47 (GRE); L2TP: UDP Port 1701; IPSec: Pass protocol 50 and 51. Note: 47 is a protocol number and not TCP port. The protocol name is GRE.... In the router instructions (Zoom X4) I don't see the option to use PPTP or any other protocol. Also there is nothing in the instructions that might point me in the right direction regarding IP Protocol 47 (GRE) Where in the advanced set up would I find the option to change to PPTP, IP Protocol etc.
Thanks again for the reply and appologies for my ignorance.

 

[John Lewis]

GRE is often labeled PPTP passthrough in a router configuration dialog. Other times, it is always enabled and you don't have to do anything other than forward TCP on 1723 as you have. From the little bit of info I can find, looks like you fall into that class, so you should be set.

1723 should be forwarded to the LAN IP of the machine you have set as a VPN server.

Generally the 800 error indicates a forwarding problem. Could be misconfigured or a firmware problem. Make sure that is current and try again.

Remember, the virtual server on your router will need the address of the computer acting as a VPN server. Your client machine will need to direct the connection to the Public IP of the router.

 

[lenny109]

thanks for the advice. I have set the server machine an IP of 10.0.0.15 and from within the virtual server settings directed the port 1723, TCP, and both Public and Private the same port, to 10.0.0.15.

Nothing!

So I have now gone to the DMZ and opened the same ports again and still nothing (error 800) I can ping the static IP though.

Do you think that it might be a firmware problem in the router? That would be unlucky as it is already the second one. The first connected to the net but wouldn't allow any info through either way.

Cheers

 

[lenny109]

I have changed the router but am having the same problem as before (error 800)

I have also changed the server to another machine within the IP range of the router 10.0.0.3 and still nothing. I have also enabled the router to be seen via the net on port 82 so i can type in the static IP then :82 This worked for one connection and has now stopped working completly too.

What else is there to try. I have opened the DMZ to the server machine IP address and still there is error 800. I thought with the DMZ open the computer would be open to anyone on the internet. Well all i get is error 800.

Please, what else can i try!!

 

[lenny109]

eeeeeeeerrrrrrrrrr, what about Zone Alarm on the client!

Job done. How stupid do i feel now. But I am suprised no one mentioned this (for the client computer). Thats not a complaint though, just a thought. Keep it simple.

Thanks for the replies. Everything was helpful.

New post now regarding mapping a network drive via the VPN but i am sure that is a minor problem now!

 

[pbw002]

I always check for the latest firmware update when I run into strange router problems.

 

[huubh]

Look foor the NAT traversal patches from Microsoft, which are available now. Make sure to first install SP1 (XP) and SP4 (win2000), otherwise you will not see the patches when searching for updates at windowsupdate. After installation traversal through routers wont be a ptoblem anymore. Some ports must be opened in firewalls (50 and 51 TCP for PPP) and (UDP-ports 500, 1701 and 4500 for IPSEC/L2TP).

Ciao, Huub

 

[lenny109]

thanks for the help, I will get the patch but.......I think this calls for another post........

 

[lenny109]

.....and here it is...Still the same problem though...

Both the server and the client computers connect to the internet via BT Openworld Broadband.
Both of the computers are XP and i am using the built in VPN programme.
I can connect to the server through the VPN OK but cann't see the folders on the server. It is very intermittent but more often that not I am unable to view any files. 5 minutes in 5 hours of trying so far.

This only seems to be happening in that office. At other offices I am able to connect and view files with no problem. I have also connected a laptop at one office where it works fine, then moved it to the problem office and I am unable to connect.

I have changed the router and called their help line (where they said that the router allows VPN pass through as standard)

I moved the router to another input on the telephone line (the main one on the wall) and got a connection (could view the files) straight away but when I tried again it didn't work.

I can always get connected to the server but just cann't view any of the files.

I have also copied all the settings from the office that works onto the computers in the office that doesn't but still nothing. I think I can safely say that it isn't the client computer (or can I?)
What else could this be?

As I am using the PPTP protocol and it doesn't seem to work should I try something else? Maybe some other third party software, or IPsec. Your thoughts would be most appreciated. I am getting desperate.

Cheers

Help me on this one and I promise to always eat my greens from now on!

Could anyone tell me why this might be?

I have also checked to make sure that all the network settings are exactly
the same on both machines but still only one can connect.

Please help!

 

[lenny109]

just one other thing, In the problem office even though I am able to connect, or at least the icon at the bottom right of the screen says that I am connected I cann't ping the static IP anymore.