IPSec/PPtP with 2 BEFVP41 routers
Posted on 2006-03-21
I will start be telling you what I have and what I want. I have installed two BEFVP41 V2 VPN routers on two branches of our company. I've configured an IPSec tunnel between them and the connection works fine. However, the ability to connect to one office or another it's a must for administration purposes. The problem is that I can not connect from outside. The most convenient way to do this would be to use PPtP. But, the PPtP server would have to stay behind the router as this one doesn't have native support for this protocol. I've forwarded ports 47 and 1723 to the local machine that was configured to accept PPtP connections. Let's call that Location 2.
If I'm trying to connect from Location 1 (where I am) to Location 2 (where the PPtP server it's at) everything goes fine. It connects in an instant, when checking my public IPs it appears the public IP from Location 2, in other words it works just fine.
However, the problem is that I can not connect from outside my ISP metro network. I have used my mobile phone data service as a data carrier. After I get online, when I am trying to dial the PPtP connection to Location 2, it hangs up at "Verifying user name and password" (it's obvious that the packets reach the BEFVP41 at Location 2 then they are forwarded to the machine hosting the PPtP service), then, after 20 sec it ends up saying:
"Error 721: The remote computer did not respond. For further assistance, click More Info or search Help and Support Center for this error number."
Would it be possible that this situation might happen because the machine hosting the PPtP service is actually behind a NAT? Would it be possible to make it work if I were to buy a budget machine, and have my ISP assign it a public IP. I don't have any problem with buying a second machine that will only serve for PPtP, I just want to be sure that this will solve the problem.
Another option would be to work with IPSec, and create a tunnel on one of the routers, but I can't seem to find a decent IPSec client for Windows (that should also be free). I've read about SSH Sentinel, that was supposed to be freeware for personal use, but SafeNet is buying SSH's business and the download link it's gone.