• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 475
  • Last Modified:

XP VPN Server has issues with my router and SP2 Firewall.

I have 2 problems with the same issue, and I hope you guys can help.

I have an XP service pack 2 machine as a VPN server. Without the XP firewall and whilst in the DMZ of my router all works as I would expect, file and print sharing, access to the LAN etc.

Switching the firewall on or moving the machine back onto the LAN both stop the VPN from working, and I was hopeing you'd explain why, and how I stop it.

Switching on the Firewall
I get a connection, the machine gets on the network, but only 331 bytes are transfered. I have an IP address, but nothing comes back for things like file sharing (the network icon shows data going up, but nothing received) I have checked the firewall settings on the server and 1723/TCP is enabled on the firewall, PPTP and L2TP are enabled in the advanded options of the firewall for the LAN card, What am I missing? (note file and print sharing are enabled and did work previously)

In the firewall logs I can see that there is quite a bit of dropped traffic to the VPN server IP (not the LAN IP, but the base of the VPN connection pool, this is not the connected IP either) I cannot see the adapter in the firewall configuration, so cannot change this?????

I have seen an article about service pack 2 and negotioation issues, but this fix does not work in either scenario (installed on both machines).

Moving the machine out of the DMZ
I have a DLink DSL-G604T with the latest firmware (PPTP passthrough enabled on the box). I have port 1723 virtual servered to th VPN machine and UPnP enabled on the router. Connecting now, with or without the XP firewall, I don't get past the verifying username/password, then Error 721.

Can anyone please help me with this.

Please help.
Thanks
Nigel.
0
nigel5
Asked:
nigel5
1 Solution
 
Technicon-SGCommented:
VPN uses more port than just 1723...including some protocols that the Dlink cannot forward.  My recommendation...get a VPN router and use that to make the VPN (not the XP box).  Try a Linksys WRV54G (if you need wireless), a Linksys BEFVP41, Dlink DFL-200, or a Dlink DI-824VUP (if you need wireless).

This solution will be much cleaner.
0
 
nigel5Author Commented:
My dlink does specifically say it supports VPN Passthough, and it also categorically mentions PPTP and L2TP. so, what does this refer to if not the the ability to tunnel through it.

Telnetting onto the box allows me to check out the iptables in place, and all protocols are enabled to all hosts for established and related connections.

Man this sucks since I gotta shell out over 100 quid.

I'll look into it though,

Thanks
Nigel.
0
 
Technicon-SGCommented:
I would think that the VPN passthrough that it mentions are VPN client sessions...not server to server...but I will check it out more in the morning
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
nigel5Author Commented:
These routers do not support PPTP but IPSEC VPN's are these set-up-able in XP natively... I'll have more of a hunt around.

Thanks
N.
0
 
Technicon-SGCommented:
you wont make the connection to the XP box you will make it directly to the router
0
 
nigel5Author Commented:
I had the credit card out ready... but... looking though the quick install guides for nbot the linksys and D-Link wireless products, these devices are not in themselves broadband routers (they connect to a modem, not directly to the telephone socket in my wall.

I am now in totally uncharted waters. I got my existing D-Link to get rid of all the boxes on my desk, but none of them was a modem, I got a router with my inital connection, added a switch, and then wireless.

I have ordered a wireless Dlink, and a Dlink modem... we'll see how it goes tomorrow.

The XP nmative question was relating to the XP client machine :) seems you set up an L2TP with IPSEC tunnel and stick in the IPSEC passphrase.

VPN Passthrough is outbound only.

:(

Thanks.
Nigel.
0
 
nigel5Author Commented:
Well, the DI-824VUP+ and DSL-300T are going back, the second batch arrive today.

On the plus side, I can get the VPN endpoint to work... a little, and I can route through to my XP server and have the VPN work properly.

On the down side, I can only have an 8 letter username in the VPN endpoint, when I disconnect, I loose all connectivity for a couple of hours, When connecting via the VPN endpoint my home network is not visible because there is no route to the subnet, you can't get a DHCP'd address off the LAN,  the wireless is flakey, and for some reason the connectivity between the modem and the router is very tempramental.

We'll see what the next one does.

:(((

At least remote desktop works
0
 
nigel5Author Commented:
I have had to resort back to my original setup s things do not work with the Dlink. I have been onto the support site, and they have posrted the UK beta flash... gonna apply this in the next couple days.
0
 
cleaverXCommented:
Hi,

can you tell me if you finally got it to work: WinXP vpn server behind the DLINK DSL G604T?
I'm trying it, but does not work either...
0
 
DarthModCommented:
PAQed with no points refunded (of 250)

DarthMod
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Tackle projects and never again get stuck behind a technical roadblock.
Join Now