wbuschau
join:2003-11-11
Warren, OH
| wrt54g with vpn pptp server behind it
I have a wrt54g with pptp server behind it (w2k3). I have ports 1723 and 47 forwarded to it's static ip address of 192.168.1.100. But it doesn't work. It times out trying to authenticate username and password. This works just fine locally(on the lan) so something at the router is stopping it when trying to connect to the pptp server externally from the internet. Any help would be greatly appreciated. |
|
Wifi Box
join:2003-10-14
France | use my hacked firmware... regard in this forum |
|
WifiOnlooker
@rr.com
| Your firmware seems to have it's own pptp server in it, rather he wants to use the windows 2003 pptp stuff.
I installed the latest hacked firmware, and nothing changed. I restored factory defaults after the upgrade. I've enabled upnp, diabled block anon requests, changed mtu to 1200, forwarded 1723 (which btw was the only thing that made any progress) with no progress.
What is the login/pass textbox for on the vpn server page? What if we want to log onto the nt domain? |
|
pc319
Premium
join:2002-04-24
The Q | VPN passthrough should work with Wifi's firmware, which is what I have configured for a W2K3 Server. I'm using the pre6-i version. |
|
sgkent
join:2002-04-15
Sacramento, CA | reply to wbuschau
you only need to forward 1723 TCP. 47 is a protocol (GRE) not a port.
What combination of OS are you running? |
|
WifiOnlooker
@sarcom.com
| reply to pc319
I installed version 2.00.8.1h.wfb. It doesn't not work. Hangs at u/p validation 721. Even putting the server onto the DMZ did not work either.
Can you explain what settings you need? Or is the factory defaults for this hacked firmware ok? Did you set the VPN server to enabled?
tks |
|
pc319
Premium
join:2002-04-24
The Q | The only thing I have set is under Applications&Gaming->Server Profiles->Server PPTP is checked and forwarded to the IP of my server. Don't enable anything under the VPN Server tab. |
|
sgkent
join:2002-04-15
Sacramento, CA
| reply to wbuschau
we are running 3 VPN's. One is W98, ME and W2k to NT4 multihomed with PPTP filtering and behind firewalls at both ends. Another is BEFSX41 to BEFSX41 and the third is W98, ME and W2k to W2k server behind firewalls at both ends. We've also run W2kpro to W2kpro behind firewalls at both ends. It can be done. BEFsx41 to BEFsx41 is the easiest solution. |
|
gojeda
join:2002-12-15
Pompano Beach, FL
| reply to WifiOnlooker
I have Wifi's H version and it works with my Win2K Server based VPN.
Also, if you are placing the server in the DMZ and it still isnt working, that would indicate a configuration issue on the server. Even in the old Linksys firmwares, my Win2K Server VPN would work while in DMZ mode, but never behind the router. Linksys never cared enough to fix it for whatever reason. Luckily the hacked firmwares floating around now solved the issue for me.
Lastly, simply opening up port 1723 will NOT make a VPN server work. GRE 47 must also to be forwarded to the same host in order for VPN to work. You can shell into the router to make that happen, or use Wifi's solution instead. |
|
WifiOnlooker
@sarcom.com | I tested the VPN configuration by making a VPN connection from the another workstation on the lan. The connection worked as expected. Therefore, all signs point to the Linksys---however placing the machine in the DMZ did not work. |
|
sgkent
join:2002-04-15
Sacramento, CA
| reply to wbuschau
FYI - I don't believe that one can set a specific forward of GRE protocol in most of the SOHO routers such as linksys. Fortunately all the VPN's I've set up behind SOHO routers including BEFSX41 must have GRE47 open already as when TCP Port 1723 is forwarded to a specific IP address the firewall works. The CISCO routers on my last job allowed specific settings of GRE 47 protocol but the SOHO routers I've cared for don't. |
|
RayA
@cable.rogers
| reply to WifiOnlooker
I had the exact same problem. W2K VPN would work locally but not through the router even after WiFi firmware upgrade. It turns out that I've also forwarded IPSEC to my Win2K server under Applications&Gaming->server Profiles->server IPSEC. Disabling it solved the problem. I guess the VPN client is trying both protocols (PPTP and IPSEC) to connect to the server and failing during IPSEC authentication because you don't have the required certificates on your server (this is my assumption and I may be wrong, but as I said not forwarding IPSEC to the server corrected the problem). |
|
axtogrind
| reply to WifiOnlooker
Same probs as WifiOnlooker: "I tested the VPN configuration by making a VPN connection from the another workstation on the lan. The connection worked as expected. Therefore, all signs point to the Linksys---however placing the machine in the DMZ did not work."
AND turning the Linksys's firewall totally off doesn't get me there, either. Win2003 server. Like pc319, I'm "The only thing I have set is under Applications&Gaming->Server Profiles->Server PPTP is checked and forwarded to the IP of my server. Don't enable anything under the VPN Server tab."
Using Wifi-box.net Release Version: 2.00.8.1h.wfb 15/01/2004. Almost ready to commit ritualistic suicide.
ax |
|
pc319
Premium
join:2002-04-24
The Q | Try version pre6-i, that's the version I've been using for a couple of months now. |
|
axtogrind
| Thank you.
pre6-i did it.
I'm typing this now via dial up with a secure connection to the VPN.
Thank you. And thank you wifi.
ax |
|
