VPN with Flowpoint 2200

[jimmyd]

Hello,

I am trying to set up a PPTP VPN using a W2K machine as the server. The network is behind a Flowpoint 2200 router set up using NAT. My VPN server seems to work fime from within the network. From outside, using the WAN IP address of the router, I get the following error message (from a W98 client):


Error 645: Dial-Up Networking could not complete the connection to the server.
Check your configuration and try the connection again.


Everything looks like it is set up correctly. On my flowpoint, I have port 1723 being forwarded to the IP address of the server. I have tried various other ports/protocols as well. I tried GRE (proto 47) a couple of IPSec protocol numbers (50 and 51) and port 500 (I think that's another IPSec port). None of this works.

I have heard others who have had problems using Flowpoint 2200's. It looks like it is definitely something with the router because, as I said, the VPN works fine from within the network (which I try just for testing purposes).

Any ideas would be greatly appreciated.

Thank you,

James

 

[Guest_imported]

Hi James - i to have the flowpoint router 2200 and am setting up a new w2k server......i hope someone out there will have a solution soon.....

 

[RyanF]

I called Efficient Networks (bought out Flowpoint)and got an update for the modem. The only ports you need to forward for a basic VPN is, 1723, 47, 137,138,139(Netbeui), but you do have to upload the new config file for the modem to get the VPN to work. Also scan the modem to see if the ports are open after you configure the forward.

 

[jimmyd]

Ryan,

Thanks for the update, but what exactly do you mean by upload the config? Where and why should anything have to be uploaded? Also, 47 is not a port, it is a protocol (GRE). For instance, you would use protocol 47 in the following way:

sys addserver 192.168.1.1 47 all

This tells the router to forward all GRE packets coming in on any port. I have tried this and it didn't work. I don't recall if I enabled all of the the netbeui ports and it's worth a try, but I still don't see why it must be that way.

Thanks,

James

 

[RyanF]

Yes you are partly right. But 47 is an actual udp port. Check on MS support page. And what I mean by 'config file' is a Firmware upgrade. As soon as you telnet into your modem you will see the version. (vx.xx.xx) As for netbuei ports, use them if want to map a drive by name.

You can also use: sys addserver 192.168.1.1 udp 47

 

[RyanF]

Here is the link to the firmware upgrades:

http://support.efficient.com/drivers/kernels/fp.html

And here is the pdf:

http://support.efficient.com/KB/pdf/VPNwithIPFiltering.pdf

 

[jboshear]

I ran across this post when looking for a solution for the same problem. I found the solution:

system addserver <pptp server IP address> tcp 1723
system addserver <pptp server IP address> 47 0

It works like a charm. I tried a million other things first including things listed in this post.

HTH
Jerry

 

[Guest_imported]

This works perfectly:

system addserver <pptp server IP address> tcp 1723
system addserver <pptp server IP address> 47 0

MAKE SURE YOU REBOOT THE ROUTER WHEN YOU ARE DONE! I struggled for like 6 hours with this, and decided to reboot the router as a last resort, and it worked fine afterward.

-ET

 

[Guest_imported]

I just spoke with Efficient and was informed that once you perform a system addserver and open the port, if you NAT that address all ports are actually open. Doesn't sound right to me. She said the only way to block that is with filters. Yuk!

 

[Guest_imported]

I was suspicious about what I was told by Efficient tech support so I performed a port scan from outside my network. I found that only ports open via the system addserver line were open.

False information leads to wasted time and worry!

Dammit. Oh well better than being wide open I guess.