setting up vpn server on 2008 sbs server

Hi,

Couple of questions:


Let me know and I'm sure we'll get it fixed soon.

Try enabling GRE (Protocol 47) on your firewall/router (Can show up as VPN Passthrough on low end routers,  has to be enabled as a port of some mid range Firewalls and routers and as an actual protocol on higher end Firewalls and routers)

I have Ports
1723
987
and 42 open i am using a Speed Touch modem

THanks so much for the help so far

If that's a Thomson speed touch 585v7 then you've hit exactly the problem I described. It does not have a VPN passthrough capability.

There are hacks, but I've never got them to work.

Suggest a replacement router is the easiest way forward unfortunately. Netgear dg834 are very reliable and do allow VPN passthrough.

yea i know :) the only problem is that it is a site i support and it is 1000km away i will have to work something out

Thanks

ANy other ideas

Yeah. Can you confirm what router version this is?  If it is a speed touch 585v7 then there is an option to rever to firmware version 7.4.4.7 which does support pptp VPN.

You will lose connection during the upgrade, but if you do it using a remote machine, it'll upgrade fine.

There are known issues with this version of firmware, which you can avoid quite easily, but people have got working pptp VPN with this firmware.

SpeedTouch 500Series

System Software       
      
      
Item
            
Description
Version
            
4.2.7.16.0
File
            
LLT6AA4.27G
Board type
            
ADNT-Q


hope that helps

Do you actually need to use a VPN? You can share files using Sharepoint, and you can access internal desktops or a Terminal Server using Remote Web Workplace, both of which are much more secure than a VPN, and RWW will provide much better performance. Though I am a big supporter of VPN's they have one big security hole which is a wide open tunnel between the corporate network and a computer out of your control which could be hosting malicious software. An SBS domain often has alternates to using a VPN.

I do appreciate you may have needs for VPN. If your router will not support PPTP pass-through you can probably still use Hamachi/LogMeIn's VPN solution which does not require port forwarding nor GRE pass-through:
https://secure.logmein.com/products/hamachi2/
You can use the basic version for free.

For the record when configuring port forwarding for a PPTP VPN, on any router, you only need port 1723 and enable GRE pass-through. GRE is protocol 47 not port 47 so forwarding a port in most cases makes no difference with GRE. GRE is enabled in different ways on different routers. On some you use "enable PPTP pass-through", others you forward the PPTP service rather than the port 1723 which dose both, forward 1723 and enable GRE, still other routers require a command to enable GRE pass-through.

You router sounds like a combined modem/router. Is so you can often put them in bridge mode effectively making them a basic modem and disabling all NAT and firewall features. You can then place a router which does support PPTP pass-through between the modem and the SBS.

Hi thanks for the feed back on this one, yes we are in need of a VPN as i am off site and about 2000km frm the site where the server is and the owner of the company often needs to connected to the network.  For this site i manage a VMware server of which i can not acess using the tools that the server currently has i have tried to use the free VPN server options and cant seemt to get it working.  The modem that is on site there doesnt seem to offer GRE.  I have setup a Linux option onsite at one stage and i could connected but could access thing with there ip address but not there DNS names and could never figer out how to fix it

If DNS is the only issue you need to modify the VPN client to point to the corporate DNS server. Have a look at my blog. DNS is option 4 and the best choice but there are other name resolution options. It references the Windows VPN client but if using another similar client options should still exist.
http://blog.lan-tech.ca/2011/04/05/vpn-client-name-resolution/

mate have you got a good idea waht the best linux one and step by step for one as i got rid of mine as it didnt work :)