Netgear Prosafe client- server PPTP VPN connects, but cannot ping or see files

Hi,

I'm running Windows 7 Pro, and have tried to setup our Netgear router to take PPTP traffic, so we can access our virtual server there. But I get nothing!

Netgear PPTP settings:

netgear_router-settings.png
I'm assuming that the starting and ending IP addresses are simply virtual IP addresses created for this VPN. The local Netgear IP is 10.0.0.250. I set up a suitable user

On the client side, followed the same instructions here:
http://kb.netgear.com/app/answers/detail/a_id/24288/~/configuring-a-pptp-vpn-tunnel-to-prosafe%2Fprosecure-routers?cid=wmt_netgear_organic

What am I doing wrong?
Any help would be much appreciated.
Kamil BayriAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Rob WilliamsConnect With a Mentor Commented:
If the Netgear is your VPN server there is no port forwarding to set up there. You only need port forwarding if the VPN server is behind the router, such as using a Windows server as the VPN server.

On the client side, on their router you just need to enable PPTP pass-through which is usually in the firewall section and on most routers enabled by default.  No port forwarding at all.

For the record, a PPTP VPN is not very secure.  Netgear offers their own IPsec client that is much more secure,. I have not used a Netgear for some time, but they used to come with at least 1 license, and you can buy more.
0
 
arnoldCommented:
You should not be starting from 0  it should be at least 2
What PPTP ip does your PPTP VPN adapter get upon connecting?
Ping might be restricted by firewalls running on the individual system.
0
 
Rob WilliamsCommented:
Are all the subnets in the path between client and server different?  They need to be.  If more than one network segment uses 10.0.0.x and the same subnet mask, such as client and server, routing cannot take place and though connected you cant access resources.  

Also the Windows firewall when you enable file and print sharing automatically creates a firewall exception but only for access from the local subnet.  It needs to be configured to allow the remote subnet or "public".
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Kamil BayriAuthor Commented:
Arnold, I should be starting from 10.0.2.2 instead?
I get something like 10.0.2.5
0
 
Kamil BayriAuthor Commented:
@Rob
Yes, the subnet created is exclusive to PPTP VPNs.
The local VLAN has 10.0.0.250/ 255.255.255.0

I've noticed that while the PPTP IP on my VPN adapter is 10.0.2.2
It also says the subnet mask is 255.255.255.255, which seems odd as I didn't set it up like that.

On the Netgear device, under PPTP Active users, it gives a PPTP IP of 10.0.2.0 for the username I logged in with.

I tried disabling the firewall on the client side temporarily. It still times out when I ping the Netgear IP. Should I also try to configure something from the server side?
0
 
arnoldCommented:
That is correct,
Add a rule
route add 10.0.2.0 mask 255.255.255.0 10.0.2.2
See if that makes a difference.
0
 
Kamil BayriAuthor Commented:
Arnold,

The subnetting starts from 10.0.2.0 already.

I already had a PPTP exception for a single address. I'm having difficulty doing it for multiple addresses with that mask! As soon as I select range of addresses, it also asks for a corresponding range of WAN destination IP addresses. These are usually the public IP addresses for the WAN, I would think...but I only have one.
Any help?

PPTP exception
0
 
Rob WilliamsCommented:
>>"Yes, the subnet created is exclusive to PPTP VPNs.
 The local VLAN has 10.0.0.250/ 255.255.255.0"

Good, and the client site from which you are connecting must be different as well. I assume it is.
0
 
Kamil BayriAuthor Commented:
@Rob

How do I setup the client side to be different in this regard?
I assumed simply creating a new VPN connection through the network and sharing centre would suffice.


I'm still having issues creating exceptions for more than one PPTP address!
I don't actually need a VLAN setup for PPTP though, do I?
0
 
Rob WilliamsCommented:
Usually the client side is controlled by a router offering DHCP.  Most home routers by default use a 192.168.0 or 1.x subnet.  In your situation that is fine and no need for any changes.  But if the client site uses 10.0.0.x or 10.0.2.x you will have routing issues with your VPN.  You could switch to 192.168.x.x or even 10.0.3.x assuming a subnet mask of 255.255.255.0  A subnet mask of 255.255.0.0 or 255.0.0.0 will add complications.

On that note, you asked earlier about the Netgear VPN client having a subnet mask of 255.255.255.255.  That is normal and fine.

No, you do not need a Vlan.
0
 
Kamil BayriAuthor Commented:
Thanks Rob.
Yes, the client side has a 192.168.0. subnet. No issues over there.

Now I just need to be able to set up the port forwarding for PPTP.
0
 
Kamil BayriAuthor Commented:
I don't specifically have a VPN server set up anywhere. However, the Netgear config for PPTP is to set up a PPTP server.

I believed that since I wanted access to the virtual server to which the netgear is attached, I'd need to create an exception for a number of VPN addresses, perhaps?

Out of interest, there isn't a IPSec server setup on the Netgear in the same way it is for the other tunneling protocols- you just configure a bunch of policies. I assume a VPN server would have to be set up in addition in this case?
0
 
Rob WilliamsCommented:
The Netgear router is your VPN server device, so no port forwarding is required nor do you need to make any additions to "virtual servers".  The latter is required if you were doing something like a direct connection to the server with RDP and no VPN.  

If the windows firewall is enabled on your server you will need to make exceptions in it to allow connections from different subnets or choose "public" instead of domain.  You might want to disable the Windows firewall, on the server, just as a test.  If you have any other security software you may have to configure it as well.

Your router shows IPsec VPN on the left.  There is a lot more to configure with it, such as policies.  Part of why it is more secure.
0
 
Kamil BayriAuthor Commented:
No windows firewall on the server.

The Netgear doubles as a firewall. Do I need to make some exceptions there?
0
 
Rob WilliamsConnect With a Mentor Commented:
No.  Configuring the VPN configures the Netgear firewall.

You mention you have a connection.  When connected can you ping the LAN IP of the Netgear?  Such as 10.0.0.x
0
 
Kamil BayriAuthor Commented:
Wow...I can ping it.
And I could do so after getting rid of that single PPTP exception that I had.
All this time I was trying to ping the WAN IP.

But, I still can't see my server files. What would I have to do?
0
 
Rob WilliamsConnect With a Mentor Commented:
Can you access the server files by using the IP such as:
\\10.0.0.123\ShareName\

When authenticating you may need to use your username in the form:  InternalDomainName\UserName
0
 
Kamil BayriAuthor Commented:
It doesn't allow the connection.

When diagnosing, I get "The remote device or resource won't accept the connection"
0
 
Rob WilliamsCommented:
Out of curiosity you are not trying to access resources with a web browser are you?  That is the only time I have seen that error.  It should be using windows file explorer.  Type it in the title box.
0
 
Kamil BayriAuthor Commented:
Yes! It works now.

Your help throughout is so much appreciated.

I should be able to set this up for several PPTP users, right?
0
 
Kamil BayriAuthor Commented:
Rob was patient and great throughout. Very helpful.
0
 
Rob WilliamsCommented:
Thanks Kamil.

Now that it is working if you would rather use DNS names than IP's you should be able to edit the VPN client. Assuming you have an Internal DNS server...
Go to Network and Sharing | Change adapter settings |  properties of the PPTP virtual adapter | Networking tab | Internet Protocol version IPv4 properties | Advanced | DNS
In the DNS server addresses box enter the IP of your internal/corporate DNS server.
In the DNS suffix for this connection box enter your internal domain name like:  MyDomain.local
And save.

Cheers!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.