PDA

View Full Version : Configuring router for VPN passthrough



daveh551
04-03-08, 02:31 PM
It seems like this should be a fairly common topic, and probably
addressed elsewhere, but searching this and other groups as well as
googling has failed to yield anything useful.

My home network is on a FiOS internet connection, which runs through a
Verizon (ActionTec) wireless router/switch.(WI1524WR or something like
that) I have 3 machines, a Windows 2000 server acting as domain
controller, a Compaq desktop running Windows XP Pro (SP2), and a Dell
laptop running Windows 2000 Pro (SP4). I am trying to configure the
router to pass VPN requests through to the XP machine so I can access
it with the laptop from outside. I have Windows configured to respond
to VPN requests, and have the laptop configured to connect as a VPN
client. The connection made from inside the firewall (directly to the
local hostname) works fine. I also have a second connection configured
to go through the external IP, and connecting to it always fails with
an Error 678: There was no answer. This is true whether I am
connecting inside the house, or from a WiFi hot spot. The two VPN
connections (local and remote) are configured identically except for
the hostname, so I believe the VPN client and server setups are
correct. I think it has to be the router configuration for VPN
passthrough. (The FiOS IP is dynamic, but I've got it set up to route
through dyndns.org).

The "Port Forwarding" screen on the router is showing setup to pass
the following protocols through to the XP desktop:
(I'm not sure exactly what all of these mean, I just configured from
bits and pieces I found in different articles, using the configuration
menus available on the router)
GRE
L2TP-UDP Any ->1701
IPSec - UDP 500-> 500
ESP
AH
TCP Any -> 1723

When I attempted to connect over the VPN connection from a WiFi
hotspot, this is what appeared in the router security log (newest is
on top, so read from the bottom)


Apr 3 10:00:54 2008 Inbound Traffic Connection closed TCP
192.168.1.152 1723 <--> 71.170.239.192 1723 [71.97.118.241 45717]
CLOSED/SYN_SENT clink0 Incoming STATIC

Apr 3 10:00:54 2008 Outbound Traffic Connection closed TCP
71.97.118.241 45717<--> 71.97.118.241 45717[192.168.1.152 1723 ]
SYN_SENT/CLOSED br0 Outgoing

Apr 3 10:00:53 2008 Outbound Traffic Connection opened TCP
71.97.118.241 45734<--> 71.97.118.241 45734[192.168.1.152 1723 ]
CLOSED/CLOSED br0 Outgoing

Apr 3 10:00:53 2008 Inbound Traffic Accepted - Service TCP
71.97.118.241:45734->192.168.1.152:1723 on clink0

Apr 3 10:00:53 2008 Inbound Traffic Connection opened TCP
192.168.1.152 1723 <--> 71.170.239.192 1723 [71.97.118.241 45734]
CLOSED/SYN_SENT clink0 Incoming STATIC

(192.168.1.152 is the local IP of the XP desktop. 71.170.239.192 is
the external (FiOS) IP of the router, 71.97.118.241 is the IP of the
hotspot where I was sending from.)

Can anyone tell me what I am doing wrong and what to do to fix it?

Thanks.

Mr. Arnold
04-03-08, 05:38 PM
"daveh551" <geekdh@gmail.com> wrote in message
news:1f72009d-e393-42d5-ae5a-a277c545991e@t54g2000hsg.googlegroups.com...
> It seems like this should be a fairly common topic, and probably
> addressed elsewhere, but searching this and other groups as well as
> googling has failed to yield anything useful.
>

>
> Can anyone tell me what I am doing wrong and what to do to fix it?
>

What's wrong with tech support for the router? Maybe, you should call them.

daveh551
04-03-08, 06:02 PM
On Apr 3, 4:38 pm, "Mr. Arnold" <MR. Arn...@Arnold.com> wrote:
> "daveh551" <gee...@gmail.com> wrote in message
>
> news:1f72009d-e393-42d5-ae5a-a277c545991e@t54g2000hsg.googlegroups.com...
>
> > It seems like this should be a fairly common topic, and probably
> > addressed elsewhere, but searching this and other groups as well as
> > googling has failed to yield anything useful.
>
> > Can anyone tell me what I am doing wrong and what to do to fix it?
>
> What's wrong with tech support for the router? Maybe, you should call them.

I called Verizon TechSupport, and they said "We don't provide support
for VPN. That's up to you"

Mr. Arnold
04-03-08, 07:18 PM
"daveh551" <geekdh@gmail.com> wrote in message
news:d898360a-f060-4a4b-b50a-937140489ad2@d1g2000hsg.googlegroups.com...
> On Apr 3, 4:38 pm, "Mr. Arnold" <MR. Arn...@Arnold.com> wrote:
>> "daveh551" <gee...@gmail.com> wrote in message
>>
>> news:1f72009d-e393-42d5-ae5a-a277c545991e@t54g2000hsg.googlegroups.com...
>>
>> > It seems like this should be a fairly common topic, and probably
>> > addressed elsewhere, but searching this and other groups as well as
>> > googling has failed to yield anything useful.
>>
>> > Can anyone tell me what I am doing wrong and what to do to fix it?
>>
>> What's wrong with tech support for the router? Maybe, you should call
>> them.
>
> I called Verizon TechSupport, and they said "We don't provide support
> for VPN. That's up to you"

I doubt that Verizon made the router.

http://www.actiontec.com/products/index.php

Gary
04-04-08, 04:27 PM
What kind of VPN are you trying to use? PPTP, L2TP, IPsec, SSL? The ports
and protocls will vary depending on what you're using.

-Gary

daveh551
04-05-08, 07:57 AM
On Apr 4, 4:27 pm, Gary <ga...@efn.org.spamsux> wrote:
> What kind of VPN are you trying to use? PPTP, L2TP, IPsec, SSL? The ports
> and protocls will vary depending on what you're using.
>
> -Gary

Gary, I'm too much of a naive user to know the answer to that one. I'm
trying to use what comes with Windows. The XP server is set up using
the Windows Network Connections>Make a New Connection Wizard>Setup an
Advanced Connection>Accept Incoming Connections>Allow Virtual Private
Connections. The Laptop is set up using the Windows Network
Connections>Make A New Connection Wizard>Connect to my Workplace.

I think I've seen some documentation mention L2TP, but I'm not sure.

Thanks.

Dennis
04-05-08, 07:57 PM
I'm also having problems getting my router to port forward properly
for my VPN which I believe is using PPTP.

When I set this computer as the DMZ I have no problems.

But when its off DMZ, with just ports 1723 (both) and 500 (both)
forwarded then people cant connect to me. My firewall is off, etc.

Am I missing something? What other ports need to be forwarded?

I'm using a DLink DGL4300 Wireless Gaming Router.

Dennis
04-05-08, 08:23 PM
On Apr 5, 8:57*pm, Dennis <dennispub...@hotmail.com> wrote:
> I'm also having problems getting my router to port forward properly
> for my VPN which I believe is using PPTP.
>
> When I set this computer as the DMZ I have no problems.
>
> But when its off DMZ, with just ports 1723 (both) and 500 (both)
> forwarded then people cant connect to me. My firewall is off, etc.
>
> Am I missing something? What other ports need to be forwarded?
>
> I'm using a DLink DGL4300 Wireless Gaming Router.


Nevermind.... I just solved my problem by upgrading the router's
firmware from v1.4 to v1.7