Mike Drechsler - SPAM PROTECTED EMAIL
Guest
Re: Configuring VerizonFiOS for VPN passthrough
daveh551 wrote:
> It seems like this should be a fairly common topic, and probably
> addressed elsewhere, but searching this and other groups as well as
> googling has failed to yield anything useful. I posted this in
> comp.security.firewalls, but maybe this is a more appropriate group
>
> My home network is on a FiOS internet connection, which runs through a
> Verizon (ActionTec) wireless router/switch.(WI1524WR or something like
> that) I have 3 machines, a Windows 2000 server acting as domain
> controller, a Compaq desktop running Windows XP Pro (SP2), and a Dell
> laptop running Windows 2000 Pro (SP4). I am trying to configure the
> router to pass VPN requests through to the XP machine so I can access
> it with the laptop from outside. I have Windows configured to respond
> to VPN requests, and have the laptop configured to connect as a VPN
> client. The connection made from inside the firewall (directly to the
> local hostname) works fine. I also have a second connection configured
> to go through the external IP, and connecting to it always fails with
> an Error 678: There was no answer. This is true whether I am
> connecting inside the house, or from a WiFi hot spot. The two VPN
> connections (local and remote) are configured identically except for
> the hostname, so I believe the VPN client and server setups are
> correct. I think it has to be the router configuration for VPN
> passthrough. (The FiOS IP is dynamic, but I've got it set up to route
> through dyndns.org).
>
> The "Port Forwarding" screen on the router is showing setup to pass
> the following protocols through to the XP desktop:
> (I'm not sure exactly what all of these mean, I just configured from
> bits and pieces I found in different articles, using the configuration
> menus available on the router)
> GRE
> L2TP-UDP Any ->1701
> IPSec - UDP 500-> 500
> ESP
> AH
> TCP Any -> 1723
>
> When I attempted to connect over the VPN connection from a WiFi
> hotspot, this is what appeared in the router security log (newest is
> on top, so read from the bottom)
>
> Apr 3 10:00:54 2008 Inbound Traffic Connection closed TCP
> 192.168.1.152 1723 <--> 71.170.239.192 1723 [71.97.118.241 45717]
> CLOSED/SYN_SENT clink0 Incoming STATIC
>
> Apr 3 10:00:54 2008 Outbound Traffic Connection
> closed TCP
> 71.97.118.241 45717<--> 71.97.118.241 45717[192.168.1.152 1723 ]
> SYN_SENT/CLOSED br0 Outgoing
>
> Apr 3 10:00:53 2008 Outbound Traffic Connection
> opened TCP
> 71.97.118.241 45734<--> 71.97.118.241 45734[192.168.1.152 1723 ]
> CLOSED/CLOSED br0 Outgoing
>
> Apr 3 10:00:53 2008 Inbound Traffic Accepted - Service TCP
> 71.97.118.241:45734->192.168.1.152:1723 on clink0
>
> Apr 3 10:00:53 2008 Inbound Traffic Connection opened TCP
> 192.168.1.152 1723 <--> 71.170.239.192 1723 [71.97.118.241 45734]
> CLOSED/SYN_SENT clink0 Incoming STATIC
>
> (192.168.1.152 is the local IP of the XP desktop. 71.170.239.192 is
> the external (FiOS) IP of the router, 71.97.118.241 is the IP of the
> hotspot where I was sending from.)
>
> Can anyone tell me what I am doing wrong and what to do to fix it?
>
> Thanks.
I assume the hotspot was also running on some kind of router.
Your IP address on the hotspot may have also been in the 192.168.1.xxx
range.
I would change the range of internal IP addresses that you are using at
home because it will frequently collide with the range of IP's on other
peoples routers.
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup2008@-deletethispart-.upcraft.com)
Bookmarks