Cornellian
asked on
Getting a PPTP VPN to Work through a Netgear Firewall
Hello,
I have recently set up a VPN to my laptop so I can connect with my PDA and sync my computer up remotely. The VPN works perfectly except I cannot get it to work with my firewall. The only way I am able to get it to work right now is to set my laptop as a DMZ server.
I currently have port 1723 set to forward, is there any other ports I would need to forward?
I appreciate any help,
Bill
I have recently set up a VPN to my laptop so I can connect with my PDA and sync my computer up remotely. The VPN works perfectly except I cannot get it to work with my firewall. The only way I am able to get it to work right now is to set my laptop as a DMZ server.
I currently have port 1723 set to forward, is there any other ports I would need to forward?
I appreciate any help,
Bill
<I currently have port 1723 set to forward, is there any other ports I would need to> <forward?>
*You may need to use Port 47.
1723 PPTP (Microsoft's VPN solution). Note that this will also use IP protocol 47.
http://www.iss.net/security_center/advice/Exploits/Ports/groups/Microsoft/default.htm
GRE - Generic Router Encapsulation Protocol.
*You may need to use Port 47.
1723 PPTP (Microsoft's VPN solution). Note that this will also use IP protocol 47.
http://www.iss.net/security_center/advice/Exploits/Ports/groups/Microsoft/default.htm
GRE - Generic Router Encapsulation Protocol.
Sorry my mistake. You mean the pptp server.
In addition to port 1723, IP protocol 47 must also be allowed - note that this is *not* a TCP or UDP port - it's an IP protocol called GRE (TCP and UDP are also IP protocols, with their own associated numbers).
In addition to port 1723, IP protocol 47 must also be allowed - note that this is *not* a TCP or UDP port - it's an IP protocol called GRE (TCP and UDP are also IP protocols, with their own associated numbers).
ASKER
How would I know if my router supports protocol 47?
I am using the Netgear FVS318, it has a built in VPN capabilities, but after extensive trials and research, the VPN can only be used by the Netgear software (you can't setup a connecting using windows xp (Netgear also makes you buy additionally, the only software that works with the router)).
I went through all of the router settings and there was no option to allow PPFP pass through as some other routers have.
Thanks,
Bill
I am using the Netgear FVS318, it has a built in VPN capabilities, but after extensive trials and research, the VPN can only be used by the Netgear software (you can't setup a connecting using windows xp (Netgear also makes you buy additionally, the only software that works with the router)).
I went through all of the router settings and there was no option to allow PPFP pass through as some other routers have.
Thanks,
Bill
I found this article about the Netgear FVS318.
http://66.102.7.104/search?q=cache:DBafayFMEAYJ:www.netgear.com/pdf_docs/FVM318_FAQs.pdf+FVS318+support+gre&hl=en
What is PPTP?Point-to-point Tunneling Protocol builds on the functionality of the Point-to-Point protocol (PPP) to provide remote access that can be tunneled though the Internet to a destination site or computer. PPTP encapsulates PPP packets using generic routing encapsulation (GRE) protocol, which gives PPTP the flexibility of handling protocols other than IP. The FVM318 supports pass-through mode for PPTP, but does not support end-point mode
Looks like establishing a gre tunnel through the firewall is ok. Although as pointed out it "DOES NOT SUPPORT END-POINT MODE.
This dosen't look good.
http://66.102.7.104/search?q=cache:DBafayFMEAYJ:www.netgear.com/pdf_docs/FVM318_FAQs.pdf+FVS318+support+gre&hl=en
What is PPTP?Point-to-point Tunneling Protocol builds on the functionality of the Point-to-Point protocol (PPP) to provide remote access that can be tunneled though the Internet to a destination site or computer. PPTP encapsulates PPP packets using generic routing encapsulation (GRE) protocol, which gives PPTP the flexibility of handling protocols other than IP. The FVM318 supports pass-through mode for PPTP, but does not support end-point mode
Looks like establishing a gre tunnel through the firewall is ok. Although as pointed out it "DOES NOT SUPPORT END-POINT MODE.
This dosen't look good.
<You may need to open TCP port 1723 and enable IP protocol 47 (GRE).>
DHCP turned off for LAN on my linksys
VPN Pass-through enabled for PPTP and all others
TCP/UDP Port 1723 forwarded to the VPN server’s static LAN address
Windows firewall SP2 is disabled
And all works fine !
Originally Posted by darkfiber1010
Linksys states it supports both, although since I was also told by Linksys to forward TCP/UDP port 47 I do not trust their techsupport. (47 GRE is what is actually used for a PPTP VPN and is completely different than TCP/UDP port 47).
http://www.techsupportforum.com/computer/topic/51637-1.html
This may help.
http://support.microsoft.com/default.aspx?scid=kb;en-us;271731
DHCP turned off for LAN on my linksys
VPN Pass-through enabled for PPTP and all others
TCP/UDP Port 1723 forwarded to the VPN server’s static LAN address
Windows firewall SP2 is disabled
And all works fine !
Originally Posted by darkfiber1010
Linksys states it supports both, although since I was also told by Linksys to forward TCP/UDP port 47 I do not trust their techsupport. (47 GRE is what is actually used for a PPTP VPN and is completely different than TCP/UDP port 47).
http://www.techsupportforum.com/computer/topic/51637-1.html
This may help.
http://support.microsoft.com/default.aspx?scid=kb;en-us;271731
Suported Feature:
http://www.tomsnetworking.com/ProductGuides-Router-Details-ProdID-FVS318.php
http://www.netgear.com/products/details/FVS318.php
PPTP Pass-Thru? Yes
IPsec Pass-Thru? Yes
L2TP Pass-Thru? Yes
VPN Client Pass-Thru Notes - One VPN server of each type supported with appropriate ports forwarded
Endpoint? Yes
Endpoint notes - Manual key & IKE Security Association (SA) assignment
- 56-bit (DES) or 168-bit (3DES) IPsec encryption
- MD5 or SHA-1 authentication
- pre-shared key, perfect forward secrecy (Diffie-Helman and Oakley client support)
http://www.tomsnetworking.com/ProductGuides-Router-Details-ProdID-FVS318.php
http://www.netgear.com/products/details/FVS318.php
PPTP Pass-Thru? Yes
IPsec Pass-Thru? Yes
L2TP Pass-Thru? Yes
VPN Client Pass-Thru Notes - One VPN server of each type supported with appropriate ports forwarded
Endpoint? Yes
Endpoint notes - Manual key & IKE Security Association (SA) assignment
- 56-bit (DES) or 168-bit (3DES) IPsec encryption
- MD5 or SHA-1 authentication
- pre-shared key, perfect forward secrecy (Diffie-Helman and Oakley client support)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You do not need to port forward this though, just open it up from your client. You will also need to setup ipsec passthrough for pptp on your firewall. This is needed so the firewall dosen't try and filter the pptp packets.