RRAS Windows 2003 VPN

Does the Linksys allow for port forwarding of 1723 and port 47?  pptp / gre both need to be forwarded through the router, some Linksys devices don't support this, make sure that you are forwarding the correct ports if not check to see the Linksys can actually forward those ports.


Cheers,

Chris

You need to forward port 1723 as mentioned but you also need to allow GRE packets to pass. This is protocol 47 (not port 47) and is enabled on Linksys routers , usually on the Firewall page, with "Enable PPTP pass-through". Another possible cause of your symptoms is if the VPN server end and Client end of the tunnel have a local networks using the same subnet. In your case the office/server end is using 192.168.1.x, try using something else at the remote end like 192.168.2.x  This is not always necessary with the windows VPN as it uses a Virtual Adapter but it is definitely a "best practice" procedure so there are no routing conflicts.

The network im connecting to is a 192.168.1.x addressing, the networki am connecting from is 192.168.100.x - would this be a problem - As i said the forwarding seems to work good because I am connecting to the other network, i just cant see anything on it......

"see" as in, you're unable to ping devices on the other network?  Or see as you open your network neighborhood and you don't see machines listed?


Chris

"see" as in i cant ping anything, i cant connect to machines, no network neighborhood, nothing. but make the initial connection to the server.

Oops I just saw I put port instead of protocol :)  protocol 47 = gre *gasp* sorry about that, thanks for the correction Rob

Chris

>>"The network im connecting to is a 192.168.1.x addressing, the networki am connecting from is 192.168.100.x"
That is fine, that is how you want it. The Windows VPN will assign an IP in the 192.168.1.x range to the VPN virtual adapter of the client.

You likely will not see anything when browsing as NetBIOS names are not broadcast over a VPN. There are several ways to work around that but can you connect to a resource using an IP such as
  \\192.168.1.123\ShareName
Or map a drive using:
  net  use  z:  \\192168.1.123\ShareName
If so we can take steps from there.

If you cannot ping then you likely don't have a complete connection. Check the "enable PPTP Pass-through" on the Linksys.
Also from the VPN server end go to the following site and test for port 1723 to verify the port is visible from the Internet:
http://www.canyouseeme.org/
While at that site, it will display the Public/Internet IP. Make sure this is the IP you are trying to connect to.

No problem Chris, just though it should be clarified, port/protocol 47 that is.

I check off the enable pptp pass through -- I also verified port 1723 on canyouseeme.org... all is well.

Any other ideas??

could it be any type of routing issue? Do i ned to put any static routes in the linksys or in rras?

You don't need any static routes, so long as the Linksys is the default gateway for the VPN server.

Everything sounds fine. Perhaps have a look at the following site to confirm your configuration:
Widows 2003 VPN server:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows XP VPN client:
http://www.onecomputerguy.com/networking/xp_vpn.htm

At the client site you might need to enable PPTP or VPN pass through as well. You do not need to do any port forwarding at the client site. Also, for the record, a few older modems and routers (thinking of client site router) do not support VPN traffic, and in a few rare cases ISP's don't support PPTP traffic.
It's late here so I'm off, but will check back in the morning.

what about the rounting table of the client after the VPN connection is established can u provide that ?

Just want to check the mask on both networks is 255.255.255.0

If you were incorectly using 255.255.0.0 or 255.0.0.0 both would be seen as the same network and break the vpn.

If you are authenticating OK, the port forward & gre are probably fine.

If you do an ipconfig /all what IP address are you recieving (if any) after authentication ?

both networks are 255.255.255.0

when i do an ip config - it givesm me the proper ip address, but the dns and gateway are the same ip address as well. lets say i get a ip address of 192.168.1.125 - the dns and gateway will be the same. But I can get on the Internet while attache dto the VPN.

If you are authenticating, and getting an ip from the remote network it sound like you are nearly there!

Do you have any firewall software, such as zonealarm which might need the 192.168.1.x network added to the trusted network list?

I think this worked, Im going to try it today from my office- if it workd from there then I kow that I  am in business.

Ill let you know how it works out.

Thanks jsanfilippo5,
--Rob

ok, im trying this from my office machine. it tells me that the server didntr respond. This works from other networks though. Do i nee dto make any changes to my firewall or router at my office???

The router/firewall will likely need to have VPN or PPTP-pass-through enabled. If it still doesn't work, try connecting directly to the modem as a test, and see if that works. Before doing so you should enable the Windows firewall and turn off file an print sharing for security purposes. There should be no need to configure the software firewall as the VPN connection is outgoing, and all outgoing traffic is allowed by default.

well i tried tonight from my neighbors lan - it worked flawless with my MAC vpn client - from windows no good. I cannot map drives or anything. From the mac I was able to ping and attach to every machine with no problem.

Im starting to get very frustrated.....

Sounds like your VPN server, and the router at that end are working fine. I suspect the problem at the other client site, where you are having the problem, is the router.
-see if PPTP or VPN pass-through is enabled
-does your modem perform NAT (Network Address Translation) as well as the router? This would be indicated by the router's WAN/Exterior/Public interface having a private IP such as 192.168.x.x, 10.x.x.x or 172.16-31-x.x If the router is using one of these on the WAN side the modem is performing NAT, and VPN's do not work well with dual NAT devices. You can double check this, as mentioned above, by connecting the computer directly to the modem
-some routers do not support VPN's, and in some rare cases some ISP's do not support PPTP traffic.