Using VPN in XP through NAT or SSH using MS PPTP

Posted on 2004-11-26
Medium Priority
Last Modified: 2010-04-12
Hello there...

I'm currently trying to connect to my office by vpn, but are having som trouble...
Here is the situation:
  - I'm trying to use windows XP's build in vpn client to connect to the office (recommeded by their IT-department).
    The office is running af VPN server on a windows NT mashine, properly the build in one from ms.
  - I'm behind a router, on a 192.168.2.x network (this can't be changed).
    The office network is also 192.168.2.x
    So, I can actually connect to the office VPN, but every time I'm trying to connect to a server, my own router relays the message back into my own network (due to 192.168.2.x on both sides)
    I need to get by this!!!

So there are some possible solutions, but haven't any idea of getting any of them to work...
-  Somehow it must to possible to get by my own router directly, though NAT or something!
-  I have the possiblility to connect with ssh to my school, and with putty portforward the ms PPTP ports... But the ms PPTP (or windows xp VPN client) also uses other protocols I don't know if I'm able to forward... like GRE!
With this last solution I actually came to verifiring password... But never never got any answer! With Ethereal is saa this may to to do with a "PPP LC" protocol message, which is not forwarded to the office... why??

If anybody can help me I would be very greatfull... Maybe u can help me with the above solutions... Maybe u have another idea!!

Question by:smoller_

Author Comment

ID: 12683339
Oh... in my ssh solution I'm allready forwarding the following ports 47, 137, 500, 1701, 1723, 4500... Don't ask why (different tries)!!!

LVL 79

Accepted Solution

lrmoore earned 1600 total points
ID: 12683654
Your ssh solution won't work as you have determined - due to the requirement for GRE which is protocol #47, not port 47. GRE has no concept of ports, so you can't use any type of port forwarding.
You have hit upon one of the problems with VPN's and IT departments not thinking things through when they setup their LAN IP address schema. If they won't change theirs, and you can't change yours, there is not a lot that can be done.
Since you can't change your local LAN, perhaps you can put something else between your PC and your local LAN, like another broadband router. Plug its WAN port into your local LAN, plug your PC into the LAN port on the router. You can now make your new local LAN subnet anything you want. With PPTP passthrough enabled on the routers, even though you would essentially be going through two nat devices, it should work.

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question