Solved

Setup VPN - HELP!

Posted on 2003-11-16
18
107,065 Views
Last Modified: 2011-08-18
Hi,
I been trying to set up my office VPN connection quite some time and till now, i still cannot make it. I need your help to guide me. thank you. My intention is to allow remote user access to my office network via dial-up internet access.
Here is my setup info:
I'm using Linksys befsx41 router (firmware: 1.45.3, Sep 26 2003). My server is Windows 2000 professional. The server is behind the linksys befsx41. Befsx41 is configured with a fixed IP address and the client is using dynamic IP. I already configured the router to forward the port 1723 to my server's IP address.
Then, when the client login to the VPN server, it verify the username and password. After that, a pop-up message said Error 628 the connection was closed.
I already refer to http://www.chicagotech.net to understand more about VPN setup.  
Can you pls help me to setup my VPN successfully?
thank you.

Newbie


0
Comment
Question by:william43
18 Comments
 
LVL 13

Expert Comment

by:td_miles
ID: 9761413
Did you also setup your router to forward IP protocol 47 (GRE) to your server ?

reading the page at:
http://www.chicagotech.net/vpnsetup.htm

It says this towards the bottom:

==================
Which ports need to be opened for running VPN

A: PPTP VPN uses TCP Port 1723, IP Protocol 47 (GRE); L2TP: UDP Port 1701; IPSec: Pass  IP protocol 50 and 51. Note: 47 is a protocol number and not TCP port. The protocol name is GRE. It'll make a big difference when configuring your firewall or router.
==================
0
 

Author Comment

by:william43
ID: 9761651
Hi,
Yes, i did setup my linksys router to forward IP protocol 47 to my server. I did it at Forwarding page. I enabled both application:
App   Ext. Port    protocol TCP UDP    IP Address  Enabled
VPN   47 - 47        Yes    Yes            192.168.0.x  Yes
VPNApp  1723 - 1723        Yes    Yes            192.168.0.x  Yes

pls advise.
Thanks.
0
 
LVL 13

Expert Comment

by:td_miles
ID: 9761757
The problem is that you are using TCP port 47. It is IP protocol 47 you need to forward, which is different to TCP port 47. This is different to TCP & UDP ports altogether.
0
 

Author Comment

by:william43
ID: 9761862
Sorry. i do not understand. can you pls explain a bit in details.
thanks.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9762812
Have you turned off DHCP server on the linksys? There is a one-liner in the user manual that states that if you are using port-forwarding, turn off dhcp.
Have you tried with the server IP as the DMZ host?

GRE has no concept of ports, so you can't use it as either a trigger, or forward it.

Microsoft's story:
PPTP traffic consists of a TCP connection for tunnel maintenance and GRE encapsulation for tunneled data. The TCP connection is NAT-translatable because the source TCP port numbers can be transparently translated. However, the GRE-encapsulated data is not NAT-translatable

http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/intwork/inbe_vpn_hidv.asp


0
 
LVL 13

Expert Comment

by:td_miles
ID: 9767980
GRE (Generic Routing Encapsulation) is at the same level as UDP & TCP, it is NOT a TCP or UDP port. A packet might be a TCP packet or it might be a GRE packet (or one of many other), but it can't be both a GRE AND TCP packet at the same time.

Some links for reading:
http://support.microsoft.com/?kbid=241251
http://www.techeez.com/linux_tips/protoexplained.htm

Essentially the header of every IP packet has a field in it to identify what type of packet it is. This is called the "protocol" field. This field will specify whether the packet is ICMP, TCP, UDP, GRE (amongst others).

It's a bit hard to explain without delving into a full explanation of the IP ptotocol and packet headers/etc, maybe someone else can better explain it...
0
 

Author Comment

by:william43
ID: 9768421
Hi,
I didn't set the DCHP. I'm using a static LAN IP. and also i have a static public IP. I have tried the DMZ to point to my server IP. it doens't work as well. By the way, do i need to setup a DMZ server? how?

I just found a message in my VPN server(W2k Pro):
Remote Access Event ID: 20049
The user connected to VPN3-1 has been disconnected because the authentication process did not completed within a required amount of time.

I feel that the client able to connect to VPN serverbut failt to verify their username and password.

Do you have any suggestion?
Thanks.
0
 
LVL 9

Expert Comment

by:drev001
ID: 9814225
Before you go any further, try to connect to the vpn server from WITHIN the network. Before troubleshooting external connectivity, make sure you're not barking up the wrong tree.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Expert Comment

by:rforneris
ID: 10181095
William43,

Did you ever get a solution to this problem.  I'm getting the same error.

Thanks
0
 

Author Comment

by:william43
ID: 10207352
Hi rforneris,
I still not yet get the solution.  still figure it out!
hmm.........
feel like want to give up!
0
 

Expert Comment

by:togatown
ID: 10244814
Simple fact of the matter is there is no solution. You cannot pass GRE traffic from the outside to your network so you cannot authenticate. Linksys removed this capability shortl after they were acquired by Cisco. If you want it to work, return the Linksys and get a Netgear. FYI, D-Link has the same issue.
0
 

Author Comment

by:william43
ID: 10269324
Hi All,
the Linksys is work actually. I just tested and found a solution to solve my problem!
Upgrade/degrade the linksys befsx41 firmware to Version 1.43.3.
ftp://ftp.linksys.com.sg/driver_firmware/

After that, i managed to VPN login via PPTP connection.
I also need to thank linksys technical support to assist me on this.
Try it now guys!
0
 

Expert Comment

by:originsone
ID: 10797816
Try this. It worked for me. Download the SSH Sentinel VPN Client from http://www.olin.wustl.edu/computing/reference/wireless/ipsec.cfm

Then use this forum download and follow it's instructions to the letter. I was up and running in a few minutes.
http://www.broadbandreports.com/r0/download/551029~f8306665a3cd7bf1adb19eff3963262c/VPN_Instruction2.zip
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 11137523
PAQed, with points refunded (500)

Computer101
E-E Admin
0
 
LVL 1

Expert Comment

by:mjalmassud
ID: 12469766
Have  you tried setting up the DMZ host your w2k and allow incoming connections to it from the internet?
0
 

Expert Comment

by:himistu22
ID: 13791843
I am having the exact same problem... but I Have tried everything on this page... and nothing... any ideas?
0
 

Expert Comment

by:vertex
ID: 13836616
Try different firmware for your linksys router: like alchemy

Most of them contain have protocol 47 (GRE) openend. and can even function as vpn router.

google search:

http://www.google.nl/search?hl=nl&q=alchemy+firmware+wrt54g&meta=
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now