Solved

Netgear Prosafe client- server  PPTP VPN connects, but cannot ping or see files

Posted on 2016-10-21
22
80 Views
Last Modified: 2016-10-23
Hi,

I'm running Windows 7 Pro, and have tried to setup our Netgear router to take PPTP traffic, so we can access our virtual server there. But I get nothing!

Netgear PPTP settings:

netgear_router-settings.png
I'm assuming that the starting and ending IP addresses are simply virtual IP addresses created for this VPN. The local Netgear IP is 10.0.0.250. I set up a suitable user

On the client side, followed the same instructions here:
http://kb.netgear.com/app/answers/detail/a_id/24288/~/configuring-a-pptp-vpn-tunnel-to-prosafe%2Fprosecure-routers?cid=wmt_netgear_organic

What am I doing wrong?
Any help would be much appreciated.
0
Comment
Question by:Kamil Bayri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 9
  • 2
22 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 41854860
You should not be starting from 0  it should be at least 2
What PPTP ip does your PPTP VPN adapter get upon connecting?
Ping might be restricted by firewalls running on the individual system.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 41855618
Are all the subnets in the path between client and server different?  They need to be.  If more than one network segment uses 10.0.0.x and the same subnet mask, such as client and server, routing cannot take place and though connected you cant access resources.  

Also the Windows firewall when you enable file and print sharing automatically creates a firewall exception but only for access from the local subnet.  It needs to be configured to allow the remote subnet or "public".
0
 

Author Comment

by:Kamil Bayri
ID: 41855793
Arnold, I should be starting from 10.0.2.2 instead?
I get something like 10.0.2.5
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 

Author Comment

by:Kamil Bayri
ID: 41855799
@Rob
Yes, the subnet created is exclusive to PPTP VPNs.
The local VLAN has 10.0.0.250/ 255.255.255.0

I've noticed that while the PPTP IP on my VPN adapter is 10.0.2.2
It also says the subnet mask is 255.255.255.255, which seems odd as I didn't set it up like that.

On the Netgear device, under PPTP Active users, it gives a PPTP IP of 10.0.2.0 for the username I logged in with.

I tried disabling the firewall on the client side temporarily. It still times out when I ping the Netgear IP. Should I also try to configure something from the server side?
0
 
LVL 78

Expert Comment

by:arnold
ID: 41855916
That is correct,
Add a rule
route add 10.0.2.0 mask 255.255.255.0 10.0.2.2
See if that makes a difference.
0
 

Author Comment

by:Kamil Bayri
ID: 41855981
Arnold,

The subnetting starts from 10.0.2.0 already.

I already had a PPTP exception for a single address. I'm having difficulty doing it for multiple addresses with that mask! As soon as I select range of addresses, it also asks for a corresponding range of WAN destination IP addresses. These are usually the public IP addresses for the WAN, I would think...but I only have one.
Any help?

PPTP exception
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 41856015
>>"Yes, the subnet created is exclusive to PPTP VPNs.
 The local VLAN has 10.0.0.250/ 255.255.255.0"

Good, and the client site from which you are connecting must be different as well. I assume it is.
0
 

Author Comment

by:Kamil Bayri
ID: 41856028
@Rob

How do I setup the client side to be different in this regard?
I assumed simply creating a new VPN connection through the network and sharing centre would suffice.


I'm still having issues creating exceptions for more than one PPTP address!
I don't actually need a VLAN setup for PPTP though, do I?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 41856034
Usually the client side is controlled by a router offering DHCP.  Most home routers by default use a 192.168.0 or 1.x subnet.  In your situation that is fine and no need for any changes.  But if the client site uses 10.0.0.x or 10.0.2.x you will have routing issues with your VPN.  You could switch to 192.168.x.x or even 10.0.3.x assuming a subnet mask of 255.255.255.0  A subnet mask of 255.255.0.0 or 255.0.0.0 will add complications.

On that note, you asked earlier about the Netgear VPN client having a subnet mask of 255.255.255.255.  That is normal and fine.

No, you do not need a Vlan.
0
 

Author Comment

by:Kamil Bayri
ID: 41856037
Thanks Rob.
Yes, the client side has a 192.168.0. subnet. No issues over there.

Now I just need to be able to set up the port forwarding for PPTP.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 41856044
If the Netgear is your VPN server there is no port forwarding to set up there. You only need port forwarding if the VPN server is behind the router, such as using a Windows server as the VPN server.

On the client side, on their router you just need to enable PPTP pass-through which is usually in the firewall section and on most routers enabled by default.  No port forwarding at all.

For the record, a PPTP VPN is not very secure.  Netgear offers their own IPsec client that is much more secure,. I have not used a Netgear for some time, but they used to come with at least 1 license, and you can buy more.
0
 

Author Comment

by:Kamil Bayri
ID: 41856066
I don't specifically have a VPN server set up anywhere. However, the Netgear config for PPTP is to set up a PPTP server.

I believed that since I wanted access to the virtual server to which the netgear is attached, I'd need to create an exception for a number of VPN addresses, perhaps?

Out of interest, there isn't a IPSec server setup on the Netgear in the same way it is for the other tunneling protocols- you just configure a bunch of policies. I assume a VPN server would have to be set up in addition in this case?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 41856075
The Netgear router is your VPN server device, so no port forwarding is required nor do you need to make any additions to "virtual servers".  The latter is required if you were doing something like a direct connection to the server with RDP and no VPN.  

If the windows firewall is enabled on your server you will need to make exceptions in it to allow connections from different subnets or choose "public" instead of domain.  You might want to disable the Windows firewall, on the server, just as a test.  If you have any other security software you may have to configure it as well.

Your router shows IPsec VPN on the left.  There is a lot more to configure with it, such as policies.  Part of why it is more secure.
0
 

Author Comment

by:Kamil Bayri
ID: 41856120
No windows firewall on the server.

The Netgear doubles as a firewall. Do I need to make some exceptions there?
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 500 total points
ID: 41856134
No.  Configuring the VPN configures the Netgear firewall.

You mention you have a connection.  When connected can you ping the LAN IP of the Netgear?  Such as 10.0.0.x
0
 

Author Comment

by:Kamil Bayri
ID: 41856180
Wow...I can ping it.
And I could do so after getting rid of that single PPTP exception that I had.
All this time I was trying to ping the WAN IP.

But, I still can't see my server files. What would I have to do?
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 500 total points
ID: 41856185
Can you access the server files by using the IP such as:
\\10.0.0.123\ShareName\

When authenticating you may need to use your username in the form:  InternalDomainName\UserName
0
 

Author Comment

by:Kamil Bayri
ID: 41856194
It doesn't allow the connection.

When diagnosing, I get "The remote device or resource won't accept the connection"
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 41856200
Out of curiosity you are not trying to access resources with a web browser are you?  That is the only time I have seen that error.  It should be using windows file explorer.  Type it in the title box.
0
 

Author Comment

by:Kamil Bayri
ID: 41856208
Yes! It works now.

Your help throughout is so much appreciated.

I should be able to set this up for several PPTP users, right?
0
 

Author Closing Comment

by:Kamil Bayri
ID: 41856214
Rob was patient and great throughout. Very helpful.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 41856224
Thanks Kamil.

Now that it is working if you would rather use DNS names than IP's you should be able to edit the VPN client. Assuming you have an Internal DNS server...
Go to Network and Sharing | Change adapter settings |  properties of the PPTP virtual adapter | Networking tab | Internet Protocol version IPv4 properties | Advanced | DNS
In the DNS server addresses box enter the IP of your internal/corporate DNS server.
In the DNS suffix for this connection box enter your internal domain name like:  MyDomain.local
And save.

Cheers!
0

Featured Post

Everything You Need to Know about Petya 2.0

Get an overview of the what, when and how of Petya 2.0  from our threat analyst Marc Labilerte, as well as a look at how WatchGuard Total Security Suite protected our customers from the recent attack!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question