setting up vpn server on 2008 sbs server

awolarczuk
awolarczuk used Ask the Experts™
on
hi all i am trying to setup a vpn server on a 2008 sbs server, i seem to have allthe settings tunred on and i have set the three port fowards but i am still getting this error

The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi,

Couple of questions:

Which ports did you forward through your firewall?
Did you use the Enable VPN wizard?
What router do you have? Some thomson routers have no VPN passthrough setting... Even if you forward the correct ports

Let me know and I'm sure we'll get it fixed soon.
Try enabling GRE (Protocol 47) on your firewall/router (Can show up as VPN Passthrough on low end routers,  has to be enabled as a port of some mid range Firewalls and routers and as an actual protocol on higher end Firewalls and routers)

Author

Commented:
I have Ports
1723
987
and 42 open i am using a Speed Touch modem

THanks so much for the help so far
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

If that's a Thomson speed touch 585v7 then you've hit exactly the problem I described. It does not have a VPN passthrough capability.

There are hacks, but I've never got them to work.

Suggest a replacement router is the easiest way forward unfortunately. Netgear dg834 are very reliable and do allow VPN passthrough.

Author

Commented:
yea i know :) the only problem is that it is a site i support and it is 1000km away i will have to work something out

Thanks

ANy other ideas
Yeah. Can you confirm what router version this is?  If it is a speed touch 585v7 then there is an option to rever to firmware version 7.4.4.7 which does support pptp VPN.

You will lose connection during the upgrade, but if you do it using a remote machine, it'll upgrade fine.

There are known issues with this version of firmware, which you can avoid quite easily, but people have got working pptp VPN with this firmware.

Author

Commented:
SpeedTouch 500Series

System Software       
      
      
Item
            
Description
Version
            
4.2.7.16.0
File
            
LLT6AA4.27G
Board type
            
ADNT-Q


hope that helps
Top Expert 2013

Commented:
Do you actually need to use a VPN? You can share files using Sharepoint, and you can access internal desktops or a Terminal Server using Remote Web Workplace, both of which are much more secure than a VPN, and RWW will provide much better performance. Though I am a big supporter of VPN's they have one big security hole which is a wide open tunnel between the corporate network and a computer out of your control which could be hosting malicious software. An SBS domain often has alternates to using a VPN.

I do appreciate you may have needs for VPN. If your router will not support PPTP pass-through you can probably still use Hamachi/LogMeIn's VPN solution which does not require port forwarding nor GRE pass-through:
https://secure.logmein.com/products/hamachi2/
You can use the basic version for free.

For the record when configuring port forwarding for a PPTP VPN, on any router, you only need port 1723 and enable GRE pass-through. GRE is protocol 47 not port 47 so forwarding a port in most cases makes no difference with GRE. GRE is enabled in different ways on different routers. On some you use "enable PPTP pass-through", others you forward the PPTP service rather than the port 1723 which dose both, forward 1723 and enable GRE, still other routers require a command to enable GRE pass-through.

You router sounds like a combined modem/router. Is so you can often put them in bridge mode effectively making them a basic modem and disabling all NAT and firewall features. You can then place a router which does support PPTP pass-through between the modem and the SBS.

Author

Commented:
Hi thanks for the feed back on this one, yes we are in need of a VPN as i am off site and about 2000km frm the site where the server is and the owner of the company often needs to connected to the network.  For this site i manage a VMware server of which i can not acess using the tools that the server currently has i have tried to use the free VPN server options and cant seemt to get it working.  The modem that is on site there doesnt seem to offer GRE.  I have setup a Linux option onsite at one stage and i could connected but could access thing with there ip address but not there DNS names and could never figer out how to fix it
Top Expert 2013

Commented:
If DNS is the only issue you need to modify the VPN client to point to the corporate DNS server. Have a look at my blog. DNS is option 4 and the best choice but there are other name resolution options. It references the Windows VPN client but if using another similar client options should still exist.
http://blog.lan-tech.ca/2011/04/05/vpn-client-name-resolution/

Author

Commented:
mate have you got a good idea waht the best linux one and step by step for one as i got rid of mine as it didnt work :)
Top Expert 2013
Commented:
I am not a Linux fan I am afraid, but OpenVPN is popular
http://www.openvpn.net/

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial