setting up vpn server on 2008 sbs server
hi all i am trying to setup a vpn server on a 2008 sbs server, i seem to have allthe settings tunred on and i have set the three port fowards but i am still getting this error
The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.
The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.
Try enabling GRE (Protocol 47) on your firewall/router (Can show up as VPN Passthrough on low end routers, has to be enabled as a port of some mid range Firewalls and routers and as an actual protocol on higher end Firewalls and routers)
ASKER
I have Ports
1723
987
and 42 open i am using a Speed Touch modem
THanks so much for the help so far
1723
987
and 42 open i am using a Speed Touch modem
THanks so much for the help so far
If that's a Thomson speed touch 585v7 then you've hit exactly the problem I described. It does not have a VPN passthrough capability.
There are hacks, but I've never got them to work.
Suggest a replacement router is the easiest way forward unfortunately. Netgear dg834 are very reliable and do allow VPN passthrough.
There are hacks, but I've never got them to work.
Suggest a replacement router is the easiest way forward unfortunately. Netgear dg834 are very reliable and do allow VPN passthrough.
ASKER
yea i know :) the only problem is that it is a site i support and it is 1000km away i will have to work something out
Thanks
ANy other ideas
Thanks
ANy other ideas
Yeah. Can you confirm what router version this is? If it is a speed touch 585v7 then there is an option to rever to firmware version 7.4.4.7 which does support pptp VPN.
You will lose connection during the upgrade, but if you do it using a remote machine, it'll upgrade fine.
There are known issues with this version of firmware, which you can avoid quite easily, but people have got working pptp VPN with this firmware.
You will lose connection during the upgrade, but if you do it using a remote machine, it'll upgrade fine.
There are known issues with this version of firmware, which you can avoid quite easily, but people have got working pptp VPN with this firmware.
ASKER
SpeedTouch 500Series
System Software
Item
Description
Version
4.2.7.16.0
File
LLT6AA4.27G
Board type
ADNT-Q
hope that helps
System Software
Item
Description
Version
4.2.7.16.0
File
LLT6AA4.27G
Board type
ADNT-Q
hope that helps
Do you actually need to use a VPN? You can share files using Sharepoint, and you can access internal desktops or a Terminal Server using Remote Web Workplace, both of which are much more secure than a VPN, and RWW will provide much better performance. Though I am a big supporter of VPN's they have one big security hole which is a wide open tunnel between the corporate network and a computer out of your control which could be hosting malicious software. An SBS domain often has alternates to using a VPN.
I do appreciate you may have needs for VPN. If your router will not support PPTP pass-through you can probably still use Hamachi/LogMeIn's VPN solution which does not require port forwarding nor GRE pass-through:
https://secure.logmein.com/products/hamachi2/
You can use the basic version for free.
For the record when configuring port forwarding for a PPTP VPN, on any router, you only need port 1723 and enable GRE pass-through. GRE is protocol 47 not port 47 so forwarding a port in most cases makes no difference with GRE. GRE is enabled in different ways on different routers. On some you use "enable PPTP pass-through", others you forward the PPTP service rather than the port 1723 which dose both, forward 1723 and enable GRE, still other routers require a command to enable GRE pass-through.
You router sounds like a combined modem/router. Is so you can often put them in bridge mode effectively making them a basic modem and disabling all NAT and firewall features. You can then place a router which does support PPTP pass-through between the modem and the SBS.
I do appreciate you may have needs for VPN. If your router will not support PPTP pass-through you can probably still use Hamachi/LogMeIn's VPN solution which does not require port forwarding nor GRE pass-through:
https://secure.logmein.com/products/hamachi2/
You can use the basic version for free.
For the record when configuring port forwarding for a PPTP VPN, on any router, you only need port 1723 and enable GRE pass-through. GRE is protocol 47 not port 47 so forwarding a port in most cases makes no difference with GRE. GRE is enabled in different ways on different routers. On some you use "enable PPTP pass-through", others you forward the PPTP service rather than the port 1723 which dose both, forward 1723 and enable GRE, still other routers require a command to enable GRE pass-through.
You router sounds like a combined modem/router. Is so you can often put them in bridge mode effectively making them a basic modem and disabling all NAT and firewall features. You can then place a router which does support PPTP pass-through between the modem and the SBS.
ASKER
Hi thanks for the feed back on this one, yes we are in need of a VPN as i am off site and about 2000km frm the site where the server is and the owner of the company often needs to connected to the network. For this site i manage a VMware server of which i can not acess using the tools that the server currently has i have tried to use the free VPN server options and cant seemt to get it working. The modem that is on site there doesnt seem to offer GRE. I have setup a Linux option onsite at one stage and i could connected but could access thing with there ip address but not there DNS names and could never figer out how to fix it
If DNS is the only issue you need to modify the VPN client to point to the corporate DNS server. Have a look at my blog. DNS is option 4 and the best choice but there are other name resolution options. It references the Windows VPN client but if using another similar client options should still exist.
http://blog.lan-tech.ca/2011/04/05/vpn-client-name-resolution/
http://blog.lan-tech.ca/2011/04/05/vpn-client-name-resolution/
ASKER
mate have you got a good idea waht the best linux one and step by step for one as i got rid of mine as it didnt work :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Couple of questions:
Let me know and I'm sure we'll get it fixed soon.