Solved

Netgear Prosafe client- server  PPTP VPN connects, but cannot ping or see files

Posted on 2016-10-21
22
24 Views
Last Modified: 2016-10-23
Hi,

I'm running Windows 7 Pro, and have tried to setup our Netgear router to take PPTP traffic, so we can access our virtual server there. But I get nothing!

Netgear PPTP settings:

netgear_router-settings.png
I'm assuming that the starting and ending IP addresses are simply virtual IP addresses created for this VPN. The local Netgear IP is 10.0.0.250. I set up a suitable user

On the client side, followed the same instructions here:
http://kb.netgear.com/app/answers/detail/a_id/24288/~/configuring-a-pptp-vpn-tunnel-to-prosafe%2Fprosecure-routers?cid=wmt_netgear_organic

What am I doing wrong?
Any help would be much appreciated.
0
Comment
Question by:Kamil Bayri
  • 11
  • 9
  • 2
22 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
You should not be starting from 0  it should be at least 2
What PPTP ip does your PPTP VPN adapter get upon connecting?
Ping might be restricted by firewalls running on the individual system.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Are all the subnets in the path between client and server different?  They need to be.  If more than one network segment uses 10.0.0.x and the same subnet mask, such as client and server, routing cannot take place and though connected you cant access resources.  

Also the Windows firewall when you enable file and print sharing automatically creates a firewall exception but only for access from the local subnet.  It needs to be configured to allow the remote subnet or "public".
0
 

Author Comment

by:Kamil Bayri
Comment Utility
Arnold, I should be starting from 10.0.2.2 instead?
I get something like 10.0.2.5
0
 

Author Comment

by:Kamil Bayri
Comment Utility
@Rob
Yes, the subnet created is exclusive to PPTP VPNs.
The local VLAN has 10.0.0.250/ 255.255.255.0

I've noticed that while the PPTP IP on my VPN adapter is 10.0.2.2
It also says the subnet mask is 255.255.255.255, which seems odd as I didn't set it up like that.

On the Netgear device, under PPTP Active users, it gives a PPTP IP of 10.0.2.0 for the username I logged in with.

I tried disabling the firewall on the client side temporarily. It still times out when I ping the Netgear IP. Should I also try to configure something from the server side?
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
That is correct,
Add a rule
route add 10.0.2.0 mask 255.255.255.0 10.0.2.2
See if that makes a difference.
0
 

Author Comment

by:Kamil Bayri
Comment Utility
Arnold,

The subnetting starts from 10.0.2.0 already.

I already had a PPTP exception for a single address. I'm having difficulty doing it for multiple addresses with that mask! As soon as I select range of addresses, it also asks for a corresponding range of WAN destination IP addresses. These are usually the public IP addresses for the WAN, I would think...but I only have one.
Any help?

PPTP exception
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>"Yes, the subnet created is exclusive to PPTP VPNs.
 The local VLAN has 10.0.0.250/ 255.255.255.0"

Good, and the client site from which you are connecting must be different as well. I assume it is.
0
 

Author Comment

by:Kamil Bayri
Comment Utility
@Rob

How do I setup the client side to be different in this regard?
I assumed simply creating a new VPN connection through the network and sharing centre would suffice.


I'm still having issues creating exceptions for more than one PPTP address!
I don't actually need a VLAN setup for PPTP though, do I?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Usually the client side is controlled by a router offering DHCP.  Most home routers by default use a 192.168.0 or 1.x subnet.  In your situation that is fine and no need for any changes.  But if the client site uses 10.0.0.x or 10.0.2.x you will have routing issues with your VPN.  You could switch to 192.168.x.x or even 10.0.3.x assuming a subnet mask of 255.255.255.0  A subnet mask of 255.255.0.0 or 255.0.0.0 will add complications.

On that note, you asked earlier about the Netgear VPN client having a subnet mask of 255.255.255.255.  That is normal and fine.

No, you do not need a Vlan.
0
 

Author Comment

by:Kamil Bayri
Comment Utility
Thanks Rob.
Yes, the client side has a 192.168.0. subnet. No issues over there.

Now I just need to be able to set up the port forwarding for PPTP.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
If the Netgear is your VPN server there is no port forwarding to set up there. You only need port forwarding if the VPN server is behind the router, such as using a Windows server as the VPN server.

On the client side, on their router you just need to enable PPTP pass-through which is usually in the firewall section and on most routers enabled by default.  No port forwarding at all.

For the record, a PPTP VPN is not very secure.  Netgear offers their own IPsec client that is much more secure,. I have not used a Netgear for some time, but they used to come with at least 1 license, and you can buy more.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Kamil Bayri
Comment Utility
I don't specifically have a VPN server set up anywhere. However, the Netgear config for PPTP is to set up a PPTP server.

I believed that since I wanted access to the virtual server to which the netgear is attached, I'd need to create an exception for a number of VPN addresses, perhaps?

Out of interest, there isn't a IPSec server setup on the Netgear in the same way it is for the other tunneling protocols- you just configure a bunch of policies. I assume a VPN server would have to be set up in addition in this case?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
The Netgear router is your VPN server device, so no port forwarding is required nor do you need to make any additions to "virtual servers".  The latter is required if you were doing something like a direct connection to the server with RDP and no VPN.  

If the windows firewall is enabled on your server you will need to make exceptions in it to allow connections from different subnets or choose "public" instead of domain.  You might want to disable the Windows firewall, on the server, just as a test.  If you have any other security software you may have to configure it as well.

Your router shows IPsec VPN on the left.  There is a lot more to configure with it, such as policies.  Part of why it is more secure.
0
 

Author Comment

by:Kamil Bayri
Comment Utility
No windows firewall on the server.

The Netgear doubles as a firewall. Do I need to make some exceptions there?
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 500 total points
Comment Utility
No.  Configuring the VPN configures the Netgear firewall.

You mention you have a connection.  When connected can you ping the LAN IP of the Netgear?  Such as 10.0.0.x
0
 

Author Comment

by:Kamil Bayri
Comment Utility
Wow...I can ping it.
And I could do so after getting rid of that single PPTP exception that I had.
All this time I was trying to ping the WAN IP.

But, I still can't see my server files. What would I have to do?
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 500 total points
Comment Utility
Can you access the server files by using the IP such as:
\\10.0.0.123\ShareName\

When authenticating you may need to use your username in the form:  InternalDomainName\UserName
0
 

Author Comment

by:Kamil Bayri
Comment Utility
It doesn't allow the connection.

When diagnosing, I get "The remote device or resource won't accept the connection"
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Out of curiosity you are not trying to access resources with a web browser are you?  That is the only time I have seen that error.  It should be using windows file explorer.  Type it in the title box.
0
 

Author Comment

by:Kamil Bayri
Comment Utility
Yes! It works now.

Your help throughout is so much appreciated.

I should be able to set this up for several PPTP users, right?
0
 

Author Closing Comment

by:Kamil Bayri
Comment Utility
Rob was patient and great throughout. Very helpful.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Thanks Kamil.

Now that it is working if you would rather use DNS names than IP's you should be able to edit the VPN client. Assuming you have an Internal DNS server...
Go to Network and Sharing | Change adapter settings |  properties of the PPTP virtual adapter | Networking tab | Internet Protocol version IPv4 properties | Advanced | DNS
In the DNS server addresses box enter the IP of your internal/corporate DNS server.
In the DNS suffix for this connection box enter your internal domain name like:  MyDomain.local
And save.

Cheers!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now