controlgmc
asked on
Setting up the router for VPN
Hi,
I got a Windows Server 2003 SBS that is acting as a VPN server. It is behind a D-Link EBR-2310 router that is acting as a firewall.
PPTP passthrough is enabled and port 1723 is fowarded to my VPN server IP adress.
However, it is impossible to establish a VPN connection even if my router setup looks fine. The only way I can make the connection work is by putting my server in the DMZ zone in my router config, which is unacceptable.
Is this a limitation of this router that can't accept incoming VPN connections? If so, what model of router would work for me? Thank you.
I got a Windows Server 2003 SBS that is acting as a VPN server. It is behind a D-Link EBR-2310 router that is acting as a firewall.
PPTP passthrough is enabled and port 1723 is fowarded to my VPN server IP adress.
However, it is impossible to establish a VPN connection even if my router setup looks fine. The only way I can make the connection work is by putting my server in the DMZ zone in my router config, which is unacceptable.
Is this a limitation of this router that can't accept incoming VPN connections? If so, what model of router would work for me? Thank you.
ASKER
They do not have the same subnet.
Also, the config of the router only allows port forwarding AND PPTP passthrough, which is equivalent to enabling GRE protocol as I understand. If this is not the case, how do I enable the GRE protocol.
I think the problem really comes from the router not accepting incoming VPN connections unless the VPN server IP is in DMZ, which is equivalent to having no firewall at all.
Is it possible that my router won't ever accept incoming VPN connections?
Also, the config of the router only allows port forwarding AND PPTP passthrough, which is equivalent to enabling GRE protocol as I understand. If this is not the case, how do I enable the GRE protocol.
I think the problem really comes from the router not accepting incoming VPN connections unless the VPN server IP is in DMZ, which is equivalent to having no firewall at all.
Is it possible that my router won't ever accept incoming VPN connections?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, I think it is really the router indeed that is the cause of my problem. I did a small research on the routers that would allow incoming VPN (PPTP). I came up with your suggestion; ZyXel (ZyWall 5) which is around 500$; and the SonicWALL TZ 170 SP which is around the same price.
They both offer similar specifications.
I'm simply wondering... I was used to buy routers for around 100$. This is a major upgrade. Is 500$ the lowest price I can pay for a router with the VPN capability? Isn't there a model for around 250$?
Thank you in advance.
They both offer similar specifications.
I'm simply wondering... I was used to buy routers for around 100$. This is a major upgrade. Is 500$ the lowest price I can pay for a router with the VPN capability? Isn't there a model for around 250$?
Thank you in advance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Older D-Link Models used to offer this capability - such as the D04. They had a "Virtual Server" option that would open GRE. I have not found any of the newer models that will do this.
The EBR 2310 is fully capable of accepting incoming VPN connections without enabling DMZ. You need to go to the Vitrual Server page (Under Advanced) and forward protocol 47 to your server's IP address. Then go to port forwarding and forward port 1723 to your server.
Actually, since this time, I have discovered several small business class routers for under $200 that do GRE (protocol 47). The Linksys RV042 does this quite nicely for around $150 and has 2 WAN Ports.
- your internal network
- your DMZ
- The client trying to connect
Both side can not have the same subnet
Also, allowing VPN is not only opening and forwarding ports. You need to enable the protocols also. GRE in this case. (ESP too for L2TP). By default this could be open to your DMZ but not internally. You may need to add your own rules.
J.