DI-808HV VPN Router and VPN Server Setup


The topography of my network is at http://test.bachandbach.com/Visio-Network%20Topography.pdf

My forte is programming and not networking. Any assistance on getting VPN to work and clueing me in on what I need to obtain to make it work would be most helpful.

I want to allow one or more users to connect to my LAN using VPN through a DI-808HV VPN Broadband Router. I have attempting several tries using the manual which came with the router, the D-Link site and looking at a few posts in this forum. I'm not have good luck.

In the mean time I am going to attempt to tell ther VPN router to forward incoming packets for port 1723 to the specific box accepting incoming connections.

A specific question I have in this scenario, what is meant by a VPN Server? Does this refer to software on the box accepting connections or the VPN router or something else entirely? If its software on the box accepting connections is in built-in to Windows XP Pro SP2 or do I need to obtain a license for separate software?

Much thanks ... David
David BachAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

Rob WilliamsConnect With a Mentor Commented:
It sounds like everything is configured correctly. Once you connect to the VPN server (the D-Link) you may not be able to "see" anything. One test is to connect to the D-Link using it's normal LAN IP 192.168.1.x   If you can do that the VPN is working. Next if you have any software firewalls on the PC/servers you wish to connect to, they must be configured to accept the connections. For now as a test just disable them. Then NetBIOS names are not often available over a VPN (there are ways around this) so try connecting to a share using the IP address such as \\\ShareName  Remember the network is virtual, pretend it doesn't exist.

>>"Does networking usually seem this complex?"
Mmmmmmm.....and you are just at the tip of the iceberg. When you get into serious networking there is as much to know about it, as there is server operating systems. On a scale of 1 to 10 I am a 2 but there are 9's and 10's here.
Rob WilliamsCommented:
The simplest way to set up the VPN, would be to configure the D-Link to accept incoming PPTP VPN connections. The following link is quite specific as to how to set up th DI-808HV and the Windows client:

As for the rest of the configuration, leave DHCP enabled on the 808HV as you have now. On the other routers make sure it is disabled.
I fail to see the advantage of adding the BEFSR41. There is no need for it at all. If you need additional ports for multiple computers just add a basic switch, or you could use the 4 LAN ports only of the BEFSR41.
As for the wireless router, the WRT54G, it could be configured as an access point. To do so:
-do not configure the WAN section
-assign it's LAN configuration an IP in the same subnet as the existing 808HV LAN, such as
-again, make sure DHCP is disabled
-connect a cable between one of the LAN ports of the 808HV and one of the LAN ports of the WRT54G. Do not connect to the WAN port of the WRT54G
-now configure the wireless as you would normally. All users can connect and receive a DHCP IP from the 808HV and will be able to share local resources
-I believe both of these devices are auto-detect but check that a connection light come on on each when you plug in the cable. If not you will need a cross-over cable

As for Windows XP firewall settings. The connecting client will be using an outgoing connection. If any changes are required the firewall will ask if you want to allow the service. Click un-block and it will make any necessary configuration changes.
On the XP machines on the 192.168.1.x network. They will only need firewall adjustments if you wish to allow sharing of services. I assume you will want file and print sharing. When you enable file and print sharing it should automatically be configured, but if not open the firewall and make the necessary changes:
control panel | Windows Firewall |Exceptions |check File and Printer sharing.  You shouldn't have any problem with the VPN user accessing the shares but if you do , go back to the exception page, highlight File and Print Sharing and click edit, then change Scope. Check the box "any computer (including those on the Internet)".  The 808HV will actually not allow any Internet users access to the computer except the VPN users.
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

David BachAuthor Commented:
Hi ded9;

In looking at the first link you mention (http://www.windowsnetworking.com/j_helmig/xpvpnsrv.htm) I read the following text:

============ START OF TEXT

When you connect directly via a modem, using a phone-line, or via broadband ( cable modem or DSL/ADSL modem), your systems is getting an Internet IP-address assigned.

when you connect via a router (often the functions of Modem and Router are integrated into a single box, called ADSL-router ) then the router will have an Internet IP-address assigned, while all connected systems will use a local network IP-address, the router handles the communication from the PC's to the internet via IP-address translation (NAT), but that makes it impossible to connect from the internet through the router to a system on the LAN, no connection can be established from the Internet to a VPN-server on the local network.

============ END OF TEXT

This would indicate it is impossible to establish a VPN connection when the VPN Server is a local resource behind a router.

Hi RobWill;

One aspect I do not understand in the DI-808HV instructions is the assignment of the Virtual IP of PPTP Server. This instructions state:

============ START OF TEXT

Insert the Virtual IP of the PPTP Server (IE This must be different from the LAN IP Address.

============ ENDOF TEXT

My LAN addresses are from to 192.168.1 199 and are assigned by the VPN router'S DHCP. If I assign the box accepting incoming connections to, for example, this might satisfy the requirements of the VPN server via the VPN router, however, I would then not have access from other computers on my LAN to the computer accepting incoming connections and visa versa. (Very confused).

The User Name and Password I enter in the configuration for PPTP Server, does this need to match the user id and password in one of the user accounts on the box accepting incoming connections?

Much thanks ... David
Rob WilliamsCommented:
David I haven't set up the D-Link but VPN's require different subnets on the 2 ends of the tunnel. This is so that any routing devices know where to send the packets. If they were the same it wouldn't know where to send a packet to the local or remote  network. In the case of the D-Link I would say the office (, the D-Link virtual network ( and the remote site (192.168.x.0) all have to be different. However, that doesn't mean the devices cannot connect. Unlike a local network where they all have to be on the same subnet, the purpose of a router is to allow communications between 2 subnets. Therefore you shouldn't have any problem.

As for the user name and password, they do not need to match anything. Assign whatever you like on the router and that is what the user will need to connect to the VPN router. However, once connected when they try to access a resource such as a file share they will be asked to provide an acceptable network/windows user name and password for the first connection. Depending on how the D-Link works if the user is already logged on to their computer with acceptable credentials they may be passed on. The other extreme is they have to provide a domain name with user name and password such as  MyDomain.abc\MyName or MyName@MyDomain.abc

>>"This would indicate it is impossible to establish a VPN connection when the VPN Server is a local resource behind a router."
Is your modem a combined modem and router ? If not just ignore, if it is you will need to log on to the modem and change it from NAT mode to Bridge mode, effectively making it a basic modem.
David BachAuthor Commented:
Hi RobWill;

The Comcast Cable modem I have is a SUREboard sb5100 modem. It has 1 cable input, 1 Ethernet port and 1 USB port. The USB port isn't in use. This does not sound like a router.

So ... if the office LAN has a subnet of, BUT the specific box designated as the PPTP server within the LAN has a subnet of this doesn't preclude the sharing of resources between the PPTP server box and other boxes on the LAN?

The computer with the VPN client uses a Verizon broadband wireless connection. I will check what the IP is next time but I suspect it is a public IP.

Much thanks ... David
David BachAuthor Commented:
I deactivated the entry in the Virtual Server administration of the D-Link router to handle PPTP traffic.
David BachAuthor Commented:
The current IP of the Verizon broadband wireless is which is a public IP.

Much thanks ... David
Rob WilliamsCommented:
>>"SUREboard sb5100 modem"
Maybe Surfboard 5100 ? If so it's a basic modem and you will have no problem.

>>" if the office LAN has a subnet of, BUT the specific box designated as the PPTP server within the LAN has a subnet of this doesn't preclude the sharing of resources between the PPTP server box and other boxes on the LAN?"
The virtual IP can be outside of the local subnet , but the configured LAN IP of the router must stay within the LAN subnet, i.e.  The D-ling will handle the routing between the and subnets. I suspect this is so that it can properly assign an IP to the VPN client.

>>"The computer with the VPN client uses a Verizon broadband wireless connection. I will check what the IP is next time but I suspect it is a public IP."
The WAN IP would be public but the LAN needs to be other than or
If they have any problem connecting, try using a wireless connection, if possible, just as a test.

>>" deactivated the entry in the Virtual Server administration of the D-Link router to handle PPTP traffic."
Hi Pal

You have not read the full article it further says

possible solution: if you can get from your ISP ( Internet Service Provider ) 2 IP-addresses,
one for the router and one for a second system and if you can configure the router to allow
to connect onto the local network to the VPN-server, to which the 2nd Internet IP-address
is assigned to.

please read the full article

David BachAuthor Commented:
Hi RobWill;

Oops! ... I stand corrected ... it is SURFboard ... Thank you!

I deactivated the PPTP routing because it was something I tried not knowing what effect it might have. Since it does not appear to have an effect (at least at the moment) I reversed the change I made earlier which was to activate it. I like to keep administration as clean, neat and straight forward as possible.

To answer your ealier question as to why I have a LinkSys router, it was an extra router and I'm using it to expand the number of available Ehternet ports I have ... there is no other reason than this.

Ok. I did successfully connect to ... something ... from my VPN client. I say "something" because during the time I was connected I checked the status of the D-Link VPN router but it showed no VPN connections. I also checked the status of the box enabled to receive connections and it showed none. But I did successfully become authenticated on the client machine and when I executed the ipconfig command I saw as the second IP associated with my laptop. (The first IP was public corresponding to the Verizon broadband wireless card.) So, progress has been made, I think. This is the first time I've connected to ... something.

On the VPN server box in the TCP properties of the VPN network object I indicated an address range from through which corresponds to the Vitural VPN Server subnet of The LAN IP for this same box I left at 192.168.1.xxx where xxx is dynamically assigned via DHCP from the VPN router.

Does networking usually seem this complex?

I will continue this tomorrow evening.

Hi ded9;

Yes! ... I did read the entire article. I will investigate a second public IP from Comcast as a later resort if other solutions fail.

Much thanks ... David
David BachAuthor Commented:
Hi RobWill;

Thank you for you patience and perseverance in helping me. The client who was asking me for a solution decided not to implement VPN, however, I learned quite a bit from you.

Much thanks ... David
Rob WilliamsCommented:
Thanks David,
Hopefully it will be of some help in the future.
Cheers !
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.