asked on

Forwarding PPTP through a DI-604 traffic to a Win XP pro vpn server

Has anyone tried it, and got it to work successfully? Note: talking about a DI-604 broadband-router.
How? How do you permit or enable ip 47 GRE on this broadband router?
Any other comments you think is relevant?

neteducation

Dont do PPTP by opening ports. You'll have to enable the so-called PPTP-Pass-Through-Mode.

See here :

http://support.dlink.com/emulators/di604/tools_misc.html

TorgN

ASKER

Done that. But it has not solved the problem

neteducation

Ok, and on that page

http://support.dlink.com/emulators/di604/adv_virtual.html

you also configured at what internal address is your PPTP-Server ?

TorgN

ASKER

Yes

ASKER CERTIFIED SOLUTION

neteducation

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

TorgN

ASKER

1. Yes, I can connect from the inside
2. Yes
3 Yes (all though there`s no text in the windows, just the cursor blinking

neteducation

well then it should work....

hmm.... even though I did not have to do this in my setup, you may try to open "port 47/both"...

TorgN

ASKER

47......Hmm...it isn`t protocoll nr 47 (GRE) you are thinking of? If so I do not think Protocoll number and Port number is not the same. So what good would opening port 47 do?
When thinking of it, could it just be that the negotiation of authentication type fails? Which authentication types should be activated? And how do I enable the different ? PAP, SPAP, MD5CHAP, MSCHAP, MSCHAPV2, EAP from the serverside (and client)?

neteducation

Yeah I know it's protocol 47, not port 47, but I once had a firewall (dont remember it's brand though) where is the protocol was unknown (anything else that tcp, udp or ICMP) you could actually open up protocols by opening up apropriate ports.

However found something else.... it looks like XP since a certain patchlevel uses IP-Sec also for PPTP.. so can you try opening up IPSEC (port 500/both)

TorgN

ASKER

For some reason it seems as if I can connect to the server(So neteducation will get the points, but first: ..). However now the client receive error message 733: TCP/IP CP reported error 733: Your computer and the remote computer could not agree on PPP control protocols. As far as I know I have enabled the following protocols: PAP, SPAP, MD5CHAP, MSCHAP, MSCHAPV2, EAP by using the command; netsh ras>add authtype type = 'authtype' therefore I find it strange that the client receives this errormessage. The client uses a win xp home edition. One or more of these authentication types should be enabled by default? Any thoughts about this?

as a matter of form, here`s the settings in the DI-604

MTU size = 1492

Virtual server list
--------------------------------------------
IPSec 192.168.0.153 UDP 500 / 500 always
PPTP 192.168.0.153 TCP 1723 / 1723 always
GRE Protocol 192.168.0.153 Both 47 / 47 always

Firewall rules list (Some or all of these rules are probably unnecessary, but nevertheless...)
--------------------------------------------------------
Allow IPSec NAT Traversal WAN,* LAN,192.168.0.153 UDP,4500
Allow L2TP WAN,* LAN,192.168.0.153 UDP,1701
Allow PPTP WAN,* LAN,192.168.0.153 TCP,1723
Allow IPSec WAN,* LAN,192.168.0.153 UDP,500

neteducation

The 733 error message could have something to do with the IP's you assign...

Check out the following document. there is a nice sample

TorgN

ASKER

What document ?

neteducation

uups, forgot to put the url ... here we go

http://www.dslreports.com/forum/remark,12866372

TorgN

ASKER

Ok, thank you for your help.