Getting a PPTP VPN to Work through a Netgear Firewall


I have recently set up a VPN to my laptop so I can connect with my PDA and sync my computer up remotely. The VPN works perfectly except I cannot get it to work with my firewall. The only way I am able to get it to work right now is to set my laptop as a DMZ server.

I currently have port 1723 set to forward, is there any other ports I would need to forward?

I appreciate any help,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pptp uses TCP 1723.

You do not need to port forward this though, just open it up from your client.  You will also need to setup ipsec passthrough for pptp on your firewall.  This is needed so the firewall dosen't try and filter the pptp packets.

<I currently have port 1723 set to forward, is there any other ports I would need to> <forward?>
*You may need to use Port 47.

1723  PPTP (Microsoft's VPN solution). Note that this will also use IP protocol 47.

GRE - Generic Router Encapsulation Protocol.
Sorry my mistake.  You mean the pptp server.

In addition to port 1723, IP protocol 47 must also be allowed - note that this is *not* a TCP or UDP port - it's an IP protocol called GRE (TCP and UDP are also IP protocols, with their own associated numbers).
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

CornellianAuthor Commented:
How would I know if my router supports protocol 47?

I am using the Netgear FVS318, it has a built in VPN capabilities, but after extensive trials and research, the VPN can only be used by the Netgear software (you can't setup a connecting using windows xp (Netgear also makes you buy additionally, the only software that works with the router)).

I went through all of the router settings and there was no option to allow PPFP pass through as some other routers have.

I found this article about the  Netgear FVS318.

What is PPTP?Point-to-point Tunneling Protocol builds on the functionality of the Point-to-Point protocol (PPP) to provide remote access that can be tunneled though the Internet to a destination site or computer. PPTP encapsulates PPP packets using generic routing encapsulation (GRE) protocol, which gives PPTP the flexibility of handling protocols other than IP. The FVM318 supports pass-through mode for PPTP, but does not support end-point mode

Looks like establishing a gre tunnel through the firewall is ok.  Although as pointed out it "DOES NOT SUPPORT END-POINT MODE.

This dosen't look good.
<You may need to open TCP port 1723 and enable IP protocol 47 (GRE).>

DHCP turned off for LAN on my linksys
VPN Pass-through enabled for PPTP and all others
TCP/UDP Port 1723 forwarded to the VPN server’s static LAN address
Windows firewall SP2 is disabled

And all works fine !

Originally Posted by darkfiber1010
Linksys states it supports both, although since I was also told by Linksys to forward TCP/UDP port 47 I do not trust their techsupport. (47 GRE is what is actually used for a PPTP VPN and is completely different than TCP/UDP port 47).

This may help.;en-us;271731
Suported Feature:

PPTP Pass-Thru? Yes  
IPsec Pass-Thru? Yes  
L2TP Pass-Thru? Yes  

VPN Client Pass-Thru Notes - One VPN server of each type supported with appropriate ports forwarded  

Endpoint? Yes  
Endpoint notes - Manual key & IKE Security Association (SA) assignment
- 56-bit (DES) or 168-bit (3DES) IPsec encryption
- MD5 or SHA-1 authentication
- pre-shared key, perfect forward secrecy (Diffie-Helman and Oakley client support)  
<I went through all of the router settings and there was no option to allow PPFP pass> <through as some other routers have.>

*Configuring the FVS318 or FVS318 Router: [steps & screens],66,74&

*Each VPN passthrough must have its own 500 port open.

Troubleshoot a VPN Pass Through:,207,222&

Verify that you have the latest firmware update.

Client & router may both need to do NAT-T [Nat Traversal].

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.