• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 938
  • Last Modified:

Forwarding PPTP through a DI-604 traffic to a Win XP pro vpn server

Has anyone tried it, and got it to work successfully? Note: talking about a DI-604 broadband-router.
How?  How do you permit or enable ip 47 GRE on this broadband router?
Any other comments you think is relevant?
0
TorgN
Asked:
TorgN
  • 7
  • 7
1 Solution
 
neteducationCommented:
Dont do PPTP by opening ports. You'll have to enable the so-called PPTP-Pass-Through-Mode.

See here :

http://support.dlink.com/emulators/di604/tools_misc.html
0
 
TorgNAuthor Commented:
Done that. But it has not solved the problem
0
 
neteducationCommented:
Ok, and on that page

http://support.dlink.com/emulators/di604/adv_virtual.html

you also configured at what internal address is your PPTP-Server ?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
TorgNAuthor Commented:
Yes
0
 
neteducationCommented:
well, then this looks like you did everything right (done the same setup by myself some time ago and it worked... well it was W2K, not XP... but that should not make a difference.).

Few things to try: If you try to connect to your PPTP-Server from inside the Firewall... can you connect ?
Does our server get to the outside world ?
If you try from the outside world  
telnet <yourip> 1723
do you get a conect ?
0
 
TorgNAuthor Commented:
1. Yes, I can connect from the inside
2. Yes
3 Yes (all though there`s no text in the windows, just the cursor blinking
0
 
neteducationCommented:
well then it should work....

hmm.... even though I did not have to do this in my setup, you may try to open "port 47/both"...
0
 
TorgNAuthor Commented:
47......Hmm...it isn`t protocoll nr 47 (GRE) you are thinking of? If so I do not think Protocoll number and Port number is not the same. So what good would opening port 47 do?
When thinking of it,  could it just be that the negotiation of authentication  type fails? Which authentication types should be activated? And how do I enable the different ? PAP, SPAP, MD5CHAP, MSCHAP, MSCHAPV2, EAP  from the serverside (and client)?
0
 
neteducationCommented:
Yeah I know it's protocol 47, not port 47, but I once had a firewall (dont remember it's brand though) where is the protocol was unknown (anything else that tcp, udp or ICMP) you could actually open up protocols by opening up apropriate ports.

However found something else.... it looks like XP since a certain patchlevel uses IP-Sec also for PPTP.. so can you try opening up IPSEC (port 500/both)

0
 
TorgNAuthor Commented:
For some reason it seems as if I can connect to the server(So neteducation will get the points, but first: ..). However now the client receive error message 733:  TCP/IP CP reported error 733: Your computer and the remote computer could not agree on PPP control protocols. As far as I know I have enabled the following protocols: PAP, SPAP, MD5CHAP, MSCHAP, MSCHAPV2, EAP by using the command; netsh ras>add authtype type = 'authtype'  therefore I find it strange that the client receives this errormessage. The client uses a win xp home edition. One or more of these authentication types should be enabled by default? Any thoughts about this?

as a matter of form, here`s the settings in the DI-604

MTU size = 1492

Virtual server list
--------------------------------------------
IPSec 192.168.0.153 UDP 500 / 500 always  
 PPTP 192.168.0.153 TCP 1723 / 1723 always  
 GRE Protocol 192.168.0.153 Both 47 / 47 always

Firewall rules list (Some or all of these rules are probably unnecessary, but nevertheless...)
--------------------------------------------------------
 Allow IPSec NAT Traversal WAN,* LAN,192.168.0.153 UDP,4500  
 Allow L2TP WAN,* LAN,192.168.0.153 UDP,1701  
 Allow PPTP WAN,* LAN,192.168.0.153 TCP,1723  
 Allow IPSec WAN,* LAN,192.168.0.153 UDP,500
0
 
neteducationCommented:
The 733 error message could have something to  do with the IP's you assign...

Check out the following document. there is a nice sample
0
 
TorgNAuthor Commented:
What document ?
0
 
neteducationCommented:
uups, forgot to put the url ... here we go

http://www.dslreports.com/forum/remark,12866372
0
 
TorgNAuthor Commented:
Ok, thank you for your help.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 7
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now