Results 1 to 2 of 2

Thread: Configuring VerizonFiOS for VPN passthrough

  1. #1
    daveh551
    Guest

    Configuring VerizonFiOS for VPN passthrough

    It seems like this should be a fairly common topic, and probably
    addressed elsewhere, but searching this and other groups as well as
    googling has failed to yield anything useful. I posted this in
    comp.security.firewalls, but maybe this is a more appropriate group

    My home network is on a FiOS internet connection, which runs through a
    Verizon (ActionTec) wireless router/switch.(WI1524WR or something like
    that) I have 3 machines, a Windows 2000 server acting as domain
    controller, a Compaq desktop running Windows XP Pro (SP2), and a Dell
    laptop running Windows 2000 Pro (SP4). I am trying to configure the
    router to pass VPN requests through to the XP machine so I can access
    it with the laptop from outside. I have Windows configured to respond
    to VPN requests, and have the laptop configured to connect as a VPN
    client. The connection made from inside the firewall (directly to the
    local hostname) works fine. I also have a second connection configured
    to go through the external IP, and connecting to it always fails with
    an Error 678: There was no answer. This is true whether I am
    connecting inside the house, or from a WiFi hot spot. The two VPN
    connections (local and remote) are configured identically except for
    the hostname, so I believe the VPN client and server setups are
    correct. I think it has to be the router configuration for VPN
    passthrough. (The FiOS IP is dynamic, but I've got it set up to route
    through dyndns.org).

    The "Port Forwarding" screen on the router is showing setup to pass
    the following protocols through to the XP desktop:
    (I'm not sure exactly what all of these mean, I just configured from
    bits and pieces I found in different articles, using the configuration
    menus available on the router)
    GRE
    L2TP-UDP Any ->1701
    IPSec - UDP 500-> 500
    ESP
    AH
    TCP Any -> 1723

    When I attempted to connect over the VPN connection from a WiFi
    hotspot, this is what appeared in the router security log (newest is
    on top, so read from the bottom)

    Apr 3 10:00:54 2008 Inbound Traffic Connection closed TCP
    192.168.1.152 1723 <--> 71.170.239.192 1723 [71.97.118.241 45717]
    CLOSED/SYN_SENT clink0 Incoming STATIC

    Apr 3 10:00:54 2008 Outbound Traffic Connection
    closed TCP
    71.97.118.241 45717<--> 71.97.118.241 45717[192.168.1.152 1723 ]
    SYN_SENT/CLOSED br0 Outgoing

    Apr 3 10:00:53 2008 Outbound Traffic Connection
    opened TCP
    71.97.118.241 45734<--> 71.97.118.241 45734[192.168.1.152 1723 ]
    CLOSED/CLOSED br0 Outgoing

    Apr 3 10:00:53 2008 Inbound Traffic Accepted - Service TCP
    71.97.118.241:45734->192.168.1.152:1723 on clink0

    Apr 3 10:00:53 2008 Inbound Traffic Connection opened TCP
    192.168.1.152 1723 <--> 71.170.239.192 1723 [71.97.118.241 45734]
    CLOSED/SYN_SENT clink0 Incoming STATIC

    (192.168.1.152 is the local IP of the XP desktop. 71.170.239.192 is
    the external (FiOS) IP of the router, 71.97.118.241 is the IP of the
    hotspot where I was sending from.)

    Can anyone tell me what I am doing wrong and what to do to fix it?

    Thanks.

  2. #2
    Mike Drechsler - SPAM PROTECTED EMAIL
    Guest

    Re: Configuring VerizonFiOS for VPN passthrough

    daveh551 wrote:
    > It seems like this should be a fairly common topic, and probably
    > addressed elsewhere, but searching this and other groups as well as
    > googling has failed to yield anything useful. I posted this in
    > comp.security.firewalls, but maybe this is a more appropriate group
    >
    > My home network is on a FiOS internet connection, which runs through a
    > Verizon (ActionTec) wireless router/switch.(WI1524WR or something like
    > that) I have 3 machines, a Windows 2000 server acting as domain
    > controller, a Compaq desktop running Windows XP Pro (SP2), and a Dell
    > laptop running Windows 2000 Pro (SP4). I am trying to configure the
    > router to pass VPN requests through to the XP machine so I can access
    > it with the laptop from outside. I have Windows configured to respond
    > to VPN requests, and have the laptop configured to connect as a VPN
    > client. The connection made from inside the firewall (directly to the
    > local hostname) works fine. I also have a second connection configured
    > to go through the external IP, and connecting to it always fails with
    > an Error 678: There was no answer. This is true whether I am
    > connecting inside the house, or from a WiFi hot spot. The two VPN
    > connections (local and remote) are configured identically except for
    > the hostname, so I believe the VPN client and server setups are
    > correct. I think it has to be the router configuration for VPN
    > passthrough. (The FiOS IP is dynamic, but I've got it set up to route
    > through dyndns.org).
    >
    > The "Port Forwarding" screen on the router is showing setup to pass
    > the following protocols through to the XP desktop:
    > (I'm not sure exactly what all of these mean, I just configured from
    > bits and pieces I found in different articles, using the configuration
    > menus available on the router)
    > GRE
    > L2TP-UDP Any ->1701
    > IPSec - UDP 500-> 500
    > ESP
    > AH
    > TCP Any -> 1723
    >
    > When I attempted to connect over the VPN connection from a WiFi
    > hotspot, this is what appeared in the router security log (newest is
    > on top, so read from the bottom)
    >
    > Apr 3 10:00:54 2008 Inbound Traffic Connection closed TCP
    > 192.168.1.152 1723 <--> 71.170.239.192 1723 [71.97.118.241 45717]
    > CLOSED/SYN_SENT clink0 Incoming STATIC
    >
    > Apr 3 10:00:54 2008 Outbound Traffic Connection
    > closed TCP
    > 71.97.118.241 45717<--> 71.97.118.241 45717[192.168.1.152 1723 ]
    > SYN_SENT/CLOSED br0 Outgoing
    >
    > Apr 3 10:00:53 2008 Outbound Traffic Connection
    > opened TCP
    > 71.97.118.241 45734<--> 71.97.118.241 45734[192.168.1.152 1723 ]
    > CLOSED/CLOSED br0 Outgoing
    >
    > Apr 3 10:00:53 2008 Inbound Traffic Accepted - Service TCP
    > 71.97.118.241:45734->192.168.1.152:1723 on clink0
    >
    > Apr 3 10:00:53 2008 Inbound Traffic Connection opened TCP
    > 192.168.1.152 1723 <--> 71.170.239.192 1723 [71.97.118.241 45734]
    > CLOSED/SYN_SENT clink0 Incoming STATIC
    >
    > (192.168.1.152 is the local IP of the XP desktop. 71.170.239.192 is
    > the external (FiOS) IP of the router, 71.97.118.241 is the IP of the
    > hotspot where I was sending from.)
    >
    > Can anyone tell me what I am doing wrong and what to do to fix it?
    >
    > Thanks.


    I assume the hotspot was also running on some kind of router.

    Your IP address on the hotspot may have also been in the 192.168.1.xxx
    range.

    I would change the range of internal IP addresses that you are using at
    home because it will frequently collide with the range of IP's on other
    peoples routers.



    --
    WARNING! Email address has been altered for spam resistance.
    Please remove the -deletethispart-. section before replying directly.
    Mike Drechsler (mike-newsgroup2008@-deletethispart-.upcraft.com)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •