[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 453
  • Last Modified:

VPN to home network troubleshooting

Hi,

I set up a windowx XP vpn server at home and tried to
connect to it from outside but failed. However, I'm
able to make vpn connection inside my home network.
Comparing the packet sequence between the success and
failed connection, it looks like VPN server cannot
tal GRE to outside VPN client. Could anyone point me
what the problem might be ? (router firmware ? setting ? ...)

Thanks !!

Vincent


 Network configuration:  


   Home network:  216.101.10.101 (for explanation only, not real ip)

         Router: Linksys NR041 (Network Everywhere,
                                firmware version 1, release 08)
                 - port 1723 forwarded to 192.168.1.108
                 - Black WAN Request: disable
                 - PPTP Pass Through: enable
                 - L2TP Pass Through: enable
                 - IPSec Pass Through: enable

         VPN_Server: 192.168.1.108  (Windows XP Prof)

         VPN_Client1: 192.168.1.101 (Windows VPN Client)
   
   
   Hot Spot network:

         VPN_Client2: 192.168.10.31 (Windows VPN Client)



I'm able to create VPN connection from VPN_Client1 to
VPN_Server through my home internet ip (216.101.10.101,e.g.)
within my home network. However, I'm not
able to make connection from VPN_Client2 from an outside
hotspot internet connection.

The following is the failed connection packet sequence:

************** Sequence I (failed) ***************

192.168.10.31:1056  -> 216.101.10.101:1723
  TCP: src = 1056, dst = 1723, ack = 0X00000000 SYN
  Length             : 62

216.101.10.101:1723 -> 192.168.10.31:1056
  TCP: src = 1723, dst = 1056, ack = 0X9BBFD18C SYN ACK
  Length             : 62

192.168.10.31:1056  -> 216.101.10.101:1723
  TCP: src = 1056, dst = 1723, ack = 0XD413755F ACK
  Length             : 54

192.168.10.31:1056  -> 216.101.10.101:1723
  TCP: src = 1056, dst = 1723, ack = 0XD413755F PSH ACK
  Length             : 210

216.101.10.101:1723 -> 192.168.10.31:1056
  TCP: src = 1723, dst = 1056, ack = 0X37C0D18C PSH ACK
  Length             : 210

192.168.10.31:1056  -> 216.101.10.101:1723
  TCP: src = 1056, dst = 1723, ack = 0X7014755F PSH ACK
  Length             : 222

216.101.10.101:1723 -> 192.168.10.31:1056
  TCP: src = 1723, dst = 1056, ack = 0XDFC0D18C PSH ACK
  Length             : 86

192.168.10.31:1056  -> 216.101.10.101:1723
  TCP: src = 1056, dst = 1723, ack = 0X9014755F PSH ACK
  Length             : 78

192.168.10.31       -> 216.101.10.101
  IP: ID = 0x0125, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

216.101.10.101:1723 -> 192.168.10.31:1056
  TCP: src = 1723, dst = 1056, ack = 0XF7C0D18C ACK
  Length             : 60

192.168.10.31       -> 216.101.10.101
  IP: ID = 0x0126, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

192.168.10.31       -> 216.101.10.101
  IP: ID = 0x0127, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

192.168.10.31       -> 216.101.10.101
  IP: ID = 0x0128, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

192.168.10.31       -> 216.101.10.101
  IP: ID = 0x0129, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

192.168.10.31       -> 216.101.10.101
  IP: ID = 0x012A, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

192.168.10.31       -> 216.101.10.101
  IP: ID = 0x012B, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

192.168.10.31       -> 216.101.10.101
  IP: ID = 0x012C, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

192.168.10.31       -> 216.101.10.101
  IP: ID = 0x012D, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

192.168.10.31       -> 216.101.10.101
  IP: ID = 0x012E, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

216.101.10.101:1723 -> 192.168.10.31:1056
  TCP: src = 1723, dst = 1056, ack = 0XF7C0D18C PSH ACK
  Length             : 70

192.168.10.31:1056  -> 216.101.10.101:1723
  TCP: src = 1056, dst = 1723, ack = 0XA014755F PSH ACK
  Length             : 202

216.101.10.101:1723 -> 192.168.10.31:1056
  TCP: src = 1723, dst = 1056, ack = 0X8BC1D18C ACK
  Length             : 60

192.168.10.31:1056  -> 216.101.10.101:1723
  TCP: src = 1056, dst = 1723, ack = 0XA014755F PSH ACK
  Length             : 70

216.101.10.101:1723 -> 192.168.10.31:1056
  TCP: src = 1723, dst = 1056, ack = 0X9BC1D18C PSH ACK
  Length             : 70

192.168.10.31:1056  -> 216.101.10.101:1723
  TCP: src = 1056, dst = 1723, ack = 0XB014755F FIN ACK
  Length             : 54

216.101.10.101:1723 -> 192.168.10.31:1056
  TCP: src = 1723, dst = 1056, ack = 0X9CC1D18C FIN ACK
  Length             : 60

192.168.10.31:1056  -> 216.101.10.101:1723
  TCP: src = 1056, dst = 1723, ack = 0XB114755F ACK
  Length             : 54




************** Sequence II (success) ***************

192.168.1.101:1426  -> 216.101.10.101:1723
  TCP: src = 1426, dst = 1723, ack = 0X00000000 SYN
  Length             : 62

216.101.10.101:1723 -> 192.168.1.101:1426 62
  TCP: src = 1723, dst = 1426, ack = 0X61AB68C6 SYN ACK
  Length             : 62

192.168.1.101:1426  -> 216.101.10.101:1723
  TCP: src = 1426, dst = 1723, ack = 0XDE2ADAE5 ACK
  Length             : 54

192.168.1.101:1426  -> 216.101.10.101:1723
  TCP: src = 1426, dst = 1723, ack = 0XDE2ADAE5 PSH ACK
  Length             : 210

216.101.10.101:1723 -> 192.168.1.101:1426
  TCP: src = 1723, dst = 1426, ack = 0XFDAB68C6 PSH ACK
  Length             : 210

192.168.1.101:1426  -> 216.101.10.101:1723
  TCP: src = 1426, dst = 1723, ack = 0X7A2BDAE5 PSH ACK
  Length             : 222

216.101.10.101:1723 -> 192.168.1.101:1426
  TCP: src = 1723, dst = 1426, ack = 0XFDAB68C6 ACK
  Length             : 60

216.101.10.101:1723 -> 192.168.1.101:1426
  TCP: src = 1723, dst = 1426, ack = 0XA5AC68C6 PSH ACK
  Length             : 86

192.168.1.101:1426  -> 216.101.10.101:1723
  TCP: src = 1426, dst = 1723, ack = 0X9A2BDAE5 ACK
  Length             : 54

192.168.1.101:1426  -> 216.101.10.101:1723
  TCP: src = 1426, dst = 1723, ack = 0X9A2BDAE5 PSH ACK
  Length             : 78

216.101.10.101:1723 -> 192.168.1.101:1426
  TCP: src = 1723, dst = 1426, ack = 0XBDAC68C6 ACK
  Length             : 60

192.168.1.101       -> 216.101.10.101
  IP: ID = 0x18E5, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

216.101.10.101      -> 192.168.1.101
  IP: ID = 0x8C4A, Protocol = GRE, Length = 97(0x0061)
  Length             : 111

192.168.1.101       -> 216.101.10.101
  IP: ID = 0x18E6, Protocol = GRE, Length = 48(0x0030)
  Length             : 62

216.101.10.101      -> 192.168.1.101
  IP: ID = 0x8C4B, Protocol = GRE, Length = 80(0x0050)
  Length             : 94

216.101.10.101      -> 192.168.1.101
  IP: ID = 0x8C4C, Protocol = GRE, Length = 93(0x005D)
  Length             : 107

192.168.1.101       -> 216.101.10.101
  IP: ID = 0x18E7, Protocol = GRE, Length = 48(0x0030)
  Length             : 62

216.101.10.101      -> 192.168.1.101
  IP: ID = 0x8C4D, Protocol = GRE, Length = 93(0x005D)
  Length             : 107

0
vincentlue
Asked:
vincentlue
  • 4
  • 2
1 Solution
 
lrmooreCommented:
I would expect a remote system to show up as a natted IP public address, not as its original 192.168.10.31 IP..
Try this reg hack:
Reference:
http://support.microsoft.com/default.aspx?scid=kb;en-us;271731

If you want your PPTP client that is running either Windows XP SP1 or Windows 2000 SP4-or-later to permit a connection to a PPTP server that replies with a different IP address, you must turn off PPTP address validation. To do so, follow these steps. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate the following subkey, where <000x> is the network adapter for the WAN Miniport (PPTP) driver:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\<000x>  
4. On the Edit menu, point to New, and then click DWORD Value.
5. Type ValidateAddress, and then press ENTER.

Note By default, the Data value is 0 (Off).  
6. Quit Registry Editor.
7. Restart your computer.
0
 
vincentlueAuthor Commented:

Thanks Irmoor, this reg change on the vpn client fixes the problem.

Vincent
0
 
lrmooreCommented:
Cool. Don't forget to come back and close out the question.

- Cheers!
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
lrmooreCommented:
Are you still working on this?
Have you found a solution?
Do you need more information?

This question will be classified as abandoned soon if we don't get some feedback from you.

Can you close out this question? See here for details:
http://www.experts-exchange.com/help.jsp#hs5

Thanks for your attention!
0
 
vincentlueAuthor Commented:
Hmm, I thought this question has already been closed with
your answer accepted. Will try closing again. BTW, another
factor I found on this problem is the dsl router setting of
the original test. It was not configured to accpet ttpt.
0
 
lrmooreCommented:
Thanks!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now