Windows 2003 VPN Server behind broadband router - what would you suggest?
Posted on 2005-03-22
I am trying to set up our Windows 2003 Standard server as a PPTP VPN server on our small office network. We have a Linksys WRV54G router as our gateway to the internet, so the VPN server is on our network BEHIND the router. If I put the server in the DMZ, I can form a PPTP connection with no problems. Needless to say, DMZ is a totally unacceptable solution. When port 1723 is forwarded to the VPN server IP the connection does not work. I get the following INBOUND entries in the router log from the VPN client (with sensitive IPs masked of course!):
RGFW-IN: ACCEPT (TCP 131.xxx.xxx.xxx:1257->192.168.156.10:1723 on ixp1) [200,0]
RGFW-IN: BLOCK-RULES (GRE 131.xxx.xxx.xxx->69.xxx.xxx.xxx on ixp1) [0,0] <-- this line appears a total of 10 times for each connect attempt before client timeout
The 131 IP is the VPN client, the 192 IP the VPN server and the 69 IP the WAN IP on the router.
It would appear to me that the router is blocking the GRE (47) protocol and therefore preventing a VPN connection. I have PPTP passthrough enabled (although its my understanding that this only matters for outbound GRE traffic).
There is a wealth of information available on the internet about how Linksys routers simply DO NOT WORK with VPN servers behind them so I don't hold much hope for a solution that involves not purchasing another router. So that bring me to my two questions, the second of which think is more likely to be answered.
1) Has anyone made this setup work with this particular router? If so, do you have some suggestions for me?
2) Could you recommend another brand and model of router that you KNOW will work for me? I've seen some threads online stating that people do have such a setup working for them (i.e. VPN server behind router) but I haven't found much information as to which specific models and I don't want to do trial-and-error purchasing.
If someone can solve my problem by answering question 1, then you will be my hero and your cookie will be 500 points. Otherwise, I'll split the points amoung those who can provide some guidance in the purchase of a replacement router that will solve this problem. Thanks everyone, in advance.