SBS 2003 VPN Issue

That is done.  Sorry I forgot to mention it.

Apparently there is a bug in the current firmware version that doesn't allow GRE traffic through even if you check the "allow pptp passthrough" if Stateful Packet Inspection is also enabled.  So, unforthnately, you'll have to disable that to get it to work right now.

Jeff
TechSoEasy

I saw an article about that as well, but even with SPI disabled, I still can't connect.  Do I have to configure any of the Gateway to Gateway or Client to Gateway options under the VPN tab or are the passthrough options enough?

@TechSoEasy:
That's what I thought, I just wanted to make sure that I didn't miss something.
Yes, all of the IIP information is the same, only the router has changed.
Yes, I re-ran all of the wizards.
Yes, I just tested it and a PC at the office can connect via VPN to the server by using the internal hostname of the server, so I know that my SBS is configured correctly.

@sguinn100:
I called tech support last night and was on the phone with them for about 2 hours.  They had me trying all of the basic things - most recent firmware, reflashing, resetting, blah blah blah.  When I finally got escalated to the next level, they told me that it sounds like the router was bad and that I should return it and get a replacement.  As far as I'm concerned, that's a BS solution.  It was if I was the first person calling them about GRE being blocked.  Because I was so frustrated and didn't want to deal with them anymore, I thought I'd post here and see if I could get lucky.

If you search Google for RV042 and GRE, VPN, PPTP, etc, you'll find a lot of folks have problems with gettting this to work.  I've used RV042's for a number of BS installations and haven't yet experienced any issue with GRE... but it does seem as though the problem is with that router.

You might want to try reverting the firmware back to a previous version.  You can download the previous version from here:  ftp://ftp.linksys.com/pub/network/rv042-fw-1.3.1.zip

Jeff
TechSoEasy

rtedi222 ~ I don't use any Linksys routers on any of the systems I support just for the reason you stated. I have never found any consistancy on which of their routers support GRE passthrough and which don't. And I don't have the time to figure it out on a case by case basis.

The RV042 should have no problem forwarding GRE. It's a good unit. I have a few even using the latest firmware 1.3.82 and no problems there either.
-It is possible it is a bad router.
-Make sure under VPN | PPTP Server | the box "enable PPTP server is un-checked. That is for setting up the router, rather than the server to be the VPN endpoint and will block it from passing the PPTP traffic
-You say you added a VoIP system. Has this resulted in any equipment being placed between the modem and the RV042, between the RV042 and the server, or a  new modem installed? The RV042 must be assigned a true public IP and not have anything between it and the server, other than switches/hubs.

The PPTP server on the RV042 is not enabled, so that shouldn't isn't the issue.  As for the VOIP system, it's only an additional server and some IP phones - nothing in front of the router.  However, now that you mention it, the modem is new.  It's a Motorola unit that from what I remember has a built in 4-port hub/switch.  I will have to contact my cable provider's technical support just to rule this out as a possible issue.

>>"has a built in 4-port hub/switch"
If so it is likely a combined modem and router. It will need to be put in bridge mode. You will be able to tell by checking the WAN IP of the RV042. If the modem  is a combo unit (i.e. performing NAT) the RV042 will probably have a private IP; 192.168.x.x, 10.x.x.x, or 172.16-31.x.x

Which model modem is it?

The RV042 has a static public IP address (I've assigned it one of the 5 that we were given by our ISP), so that won't really give me any more information.  The modem is at the office, so I'll have to get the model number tomorrow.

So I used www.canyouseeme.org to test port 1723.  It was able to connect and I was also able to telnet from my work PC on 1723, so I know that the port is being forwarded.  However, I don't think I have any way of knowing if 1723 is going to the RV042 or the server but I'm going to go with the assumption that I am getting to the server and GRE is being blocked.

After calling my ISP's tech support, I found out that the modem is actually an Ambit U10C020 and they said that they do not do any blocking or filtering on this device.

The VOIP system does not use VPN, but I checked my forwarded ports anyway just to be sure that I didn't overlap anything.

The one thing that I might try next is to (temporarily) put my SBS box directly into the cable modem and see if I can VPN in then.  If that works, then I know with 100% certainty that the router is actually causing my issue.

>>" I don't think I have any way of knowing if 1723 is going to the RV042 or the server "
CanYouSeeMe should have confirmed that by testing from the server. Telnet basically just tells you it is not being blocked, but you don't know if it is forwarded.

Your Ambit U10C020 can be a VPN endpoint device. Make sure any PPTP related options for that are disabled, and see if there is a PPTP pass-through or enable GRE option within the unit. Can you access it to configure?

Correct me if I'm wrong, but don't they both just tell me if the port is being forwarded?  CanYouSeeMe said that it wasn't blocked and telnet didn't time out, but I don't really know if the router was accepting those calls or my SBS machine.

Unfortunately, I don't have access to the Ambit unit, which is why I'd like to hook the server up to it directly.  I've already determined that my SBS machine is properly configured, so that would be one way to rule out the router.  If it doesn't work connected right to the modem, then I've found my cause.

>>"Correct me if I'm wrong, but don't they both just tell me if the port is being forwarded? "
Well, I didn't think that was the case with Canyouseeme, but out of curiosity, I just tested it from a few PC's and you are quite right. Sorry about that.

Hooking the server directly to the Ambit, I agree is a good test. Careful, the windows firewall should be enabled, or if you could access the Ambit unit it appears it could be put in NAT mode.
On that note; I understand you bought the RV042 for QOS, but is this just for the LAN side? VoIP is best used with QOS, but as soon as the packet leaves your LAN you have no control over that. You might be better with a QOS switch for LAN use and bypass the RV042 altogether and configure the Ambit firewall. It is a combined router and modem unit, looking at the specs.

This ended up being an oversight on my part.  While I had all of the correct ports forwarded, the RV042 has a specific VPN service that has to be enabled and forwarded to the appropriate IP on the LAN side.

Sorry for such a delayed response.