Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Win2K and WinXp VPN: Error 678

Status
Not open for further replies.
DrivesMeCrazy

DrivesMeCrazy

Technical User
Aug 11, 2003
26
SG
Hi guys,

I have setup Win2K VPN server at my workplace and at my home I have WinXP as the VPN client.
When I tried to connect from home to the office, i get the following message: "Error 678: The remote computer did not respond."
Seems to me that the client setup is ok, and the problem lies with the server side.

I have a VPN router at my office side but its not issuing any ip address, all is done within Win2K DHCP server.
In addition, the ip addresses or the scope are all non-routable ip addresses which will be issued to VPN clients.
Is this right? or should i assign VPN client static routable ip addresses?

Win2K Server:
hostname: static routable IP address
DHCP: uses win2k server own dhcp (non-routable Ip address)
Type of VPN: PPTP VPN
firewall: none
router: DLink DI-804V

WinXP client config:
hostname: static routable IP address
includes windows logon domain
Type of VPN: PPTP VPN
 
Sort by date Sort by votes
So you are trying to connect to the VPN server and not the router, correct? Have you forwarded port 1723 to your VPN server? Do you have a firewall running on the XP box?

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
Upvote 0 Downvote
yap, i am trying to connect to my vpn server through the router.
But I don't get what u mean by forward the port 1723 to VPN server? Where can I set this?
Nope I am not running any kind of firewall on the XP box.

 
Upvote 0 Downvote
Let me first clarify, your VPN server has static private IPs, correct?
If so, somewhere in your router there will be a configuration to forward ports. Here is a link with how to do it with a D-Link router, Your client should point to the router and the router will forward to the server...

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
Upvote 0 Downvote
Alrite, I get what u mean but there are still some doubts.
Anyway, I think my explanation earlier was not clear enough.

My Server IP and Router are all static private IPs,
only the RRAS is configure as static public IP for VPN.
The static public IP will be used by the client to connect to the server through internet at another location.

Thus, if I were to use the forward port method.
Then my client going to use which ip address to connect to the VPN server?

Thanks.


Note: The server here is a stand-alone server, DHCP, WINS, DNS, AD, DC, VPN, etc...
 
Upvote 0 Downvote
I don't understand what you are saying.
When you say your RRAS has a public IP, that doesn't make sense. RRAS is a service, not an interface. Is your server multi-homed? If it is and you mean that you have 2 interfaces, one private and one public, does your router support bridging?
If not, then I think you are going about it wrong, but I need clarification of the above questions.
Tell me the flow from the Internet, as if you are a packet heading in.
Example, my site:
Internet-> Cisco 1600-> Cisco Catalyst-> Servers and LAN. That is basic, but I don't understand the layout you're describing....

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
Upvote 0 Downvote
nope the server is not multihomed.
Router support bridging? Am I correct to say that you are asking about Virtual Servers or NAT services which can map a public IP to a private IP?
If the above is what you mean, it is a YES.

My Layout is as below:
Internet -> ISP router/modem -> DLink 804V -> Servers and LAN
 
Upvote 0 Downvote
The ISP Router/Modem. Is it a Router/Modem or just a modem? Is it running NAT?
I still don't know what you meant above,My Server IP and Router are all static private IPs,
only the RRAS is configure as static public IP for VPN
RRAS runs on your server, so does your server have a public or private IP?

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
Upvote 0 Downvote
The ISP is using a ADSL router on our side, which in turns connect to our DLink DI-804V router, then to the Win2K server.
The Server and DLink router are configured with IP addresses 192.168.0.111 and 192.168.0.1.
Thus its a private IP address

As for the RRAS, I place a static public IP address(e.g. 203.116.235.100) for the WAN Miniport (PPTP)'s "phone number for this device" textbox

Sorry for my poor English, hope this is clear
 
Upvote 0 Downvote
Ok, I have not tried it that way. First, you need to verify that your VPN is set up correctly. Can you VPN internally from another workstation?
If so, you will need access to the ISP router. In it, you will need to configure the port-forwarding. What type of router is it?

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
Upvote 0 Downvote
Hi mattwray,

no problem now.
My VPN has been setup properly, I can now access internally or externally provided I disactivate the firewall.

However, I am face with 2 new problems now.

1) The browse list is not able to list the shared folders on the VPN server.
I need to use the command "net use \\servername\sharedfolders", followed by mapping the network drive in order to access the resource.
Is there anywhere I can enable the browse list to list all the shared resources on the VPN client machine?

2) What are the port numbers i need to enable on my firewall. So far, I have only enable port 1723 for PPTP.

In addition, the network throughput is still not ideal enough. Its still slow even though both the side are on ADSL or Cable.
Any good network tool to recommend for analysing the throughput of the network?

Thanks alot for the help.
 
Upvote 0 Downvote
It will be slow. Remeber the LAN is probably running at 100mbps and a fast DSL/Cable at 800kbps.

Different firewalls need different configs. You need to forward IP Protocol 47 (GRE) and PPTP port 1723. When you say you disable the firewall, which are you talking about, the D-Link or the ISP router?

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
Upvote 0 Downvote
I disabled the software firewall on the server, and forward the port 1723 on D-Link router.
The ISP router is out of my control.
 
Upvote 0 Downvote
I don't think you should run a software firewall on your server anyways. If you have 2 routers, there is no need to have a software firewall on your server...
So with the software firewall disabled, you can connect? Sounds like you should be good to go.

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
435
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
323
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
268
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
230
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
304
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top