I hate VPN! Can someone help?

Butters

Butters

Butters

Permabanned
Joined
22 Apr 2007
Posts
1,805
guys,

still trying to set up VPN, I've done the following

remember, I only have one NIC. I will get another one eventually but I still want to make sure I know what is going wrong here before throwing a second NIC into the mix.

OK, port 1723 is opened on the router and points to the server 192.168.2.101
I've enabled RRAS on the server and under Remote Policies I've added a policy, the conditions of which are:-

NAS-Port-Type matches "Virtual (VPN)" AND
Windows-Group matches "Domain Users"

And Grant remote access permission is checked.

Lastly I have gone into one of the domain users (me) and gone to the dial in tab and checked Allow Access under the Remote Access Permission section.

I still get Error 800: messages when I try and connect to the network using a VPN connection on a XP Pro SP2 machine using the WAN IP address (which is static).

please help.
 
you need to open up protcol 50 (GRE) aswell asuming pptp


Can you vpn into server internally just to check all is setup correctly that side?
 
Hi Butters

Can you Telnet on to your server VPN from external - (from the CMD prompt - telnet {WANIP} 1723)
If it connects you will just get a black screen. If you get no black screen on the telnet times out then the PPTP port (1723) is not open on your router or the server is not listening.

make sure your policy is not causing problems - Change your user account to Allow Dial Access, and not based on policy.
If you get on using this setting - then your policy is causing the problem.

Also, worth checking your router can do VPN pass through and update firmware!
ttfn

Rob :cool:
 
Last edited:
Hi Butters

OK, make sure you understand how to port forward correctly for your router.
It could also be worth making sure your on the current firmware level.

What make and model router do you have?

ttfn
Rob :cool:
 
Its a Belkin F5D7231 which, according to the box, allows VPN Passthrough and IPSec.

I've gone into Virtual Servers and added the LAN Ip as 192.168.2.101, TCP port 1723 as the LAN port and port 1723 as the public port and ticked 'enable'.

Its on the latest firmware too.

I can ping the server by IP and DNS from outside of the domain and can use Outlook WA easily too.

Maybe I've got muddled up with the LAN port and Public port thingy
 
Butters said:
Its a Belkin F5D7231 which, according to the box, allows VPN Passthrough and IPSec.
Click to expand...

"VPN Passthrough" usually only means OUTGOING connections. A lot of routers do not support incoming PPTP connections, as you need to forward the GRE protocol (this is in addition to the 1723 port forwarding)

I know the Drayteks can do this automatically when you forward port 1723, but i don't know what other routers do.
 
Hi Butters

No, that all seems fine. From Personal experiance, I have had problems with Belkin routers and VPN / VPN pass through - it may be worth trying another router (Linksys or Draytek I'd recommend for your setup).

As long as you have PPTP VPN Passthrough enabled - this also allows the GRE protocol (47).

Like I said, I think your Belkin could be the cause of this - Google Belkin F5D7231 VPN problems.

ttfn

Rob :cool:
 
oddjob62 said:
"VPN Passthrough" usually only means OUTGOING connections. A lot of routers do not support incoming PPTP connections, as you need to forward the GRE protocol (this is in addition to the 1723 port forwarding)
Click to expand...

FYI
a router that supports VPN Passthrough simply means that it can support "passing through" packets that originate from VPN clients. An example of this would be your laptop or home office PC trying to connect to the VPN server at your corporate office location ;)
 
You must log in or register to reply here.
Back
Top Bottom