Hi,
I am trying to setup up a VPN so I can access my office XP Pro machine from home where I have an XP Home laptop. I have setup the XP Pro VPN server and the XP Home VPN client. I have opened port 1723 in both Windows firewalls. I have forwarded port 1723 (using D-Link's PPTP) in the WBR-2310 to my XP Pro server. From the laptop it seems I can see the machine, the status windows goes past connecting, but hangs in the login status and eventually times out. I have tried both the Administrator account and the personal account. Any idea what I am missing? Thank you.
I had exactly the same problem. The solution is to set up pptp as a virtual server pointing to the lan ip of the server. Port forwarding only forwards the port but not the GRE protocol (pptp passthrough)
PPTP is also using GRE protocol. GRE is a level 4 protocol (IP protocol number 47), just like TCP (IP protocol number 6).
First, in your WBR-2310 configuration, make sure that "Enable PPTP Passthrough" is checked in Advanved > Firewall settings. Then, make sure that you have also authorized GRE packets in your firewalls.
OK, here is what I suggest you to do:
1. Remove port forwarding for TCP 47, you don't need this one (TCP 47 and IP 47 are not the same thing). Unless you also need IPSec, you may remove UDP 500 too.
2. Disable any firewall on both you Windows XP and try connecting again. If it works, then one of your software firewall is causing the problem. Then, enable one of them and try again. This will tell you which one is the culprit. If VPN still does not work after disabling both firewalls, then the problem must be in the WBR-2310.
3. Have you enabled PPTP Passthrough in your WBR-2310?
OK thanks for the results. This helps narrowing it down.
Are you trying to connect while both your XP computers are behind the same WBR-2130??
If not, let's try this. It may be a little tricky to do... Please let me know if you don't understand what I am describing here. The goal of the test is to exclude all "external" sources such as ISPs (some ISPs are blocking some types of requests to avoid their customer to use "commercial" services like hosting web sites).
1. Connect your XP Home computer directly into the WAN port of your WBR-2310. Give it a static IP address such as 200.0.0.2. Make sure the WAN link light on the WBR-2310 is on. If does not come on, you may need a cross-over cable.
2. Set the WBR-2310 to use a static IP address on the WAN interface, such as 200.0.0.1. Make sure to write down the current WAN configuration because you will need to set it back once the test is completed.
3. Try connecting your VPN on the XP Home by using 200.0.0.1 as your destination. If it works, then all your components (XP Pro, XP Home and WBR-2310 are fine).
4. Reset your configurations: reconnect the WAN port to your modem, set the WAN IP settings back to what it was and put your XP Home back to automatic IP or what ever it was set to.
Your VPN connection WILL indeed fail if you try to connect while both computers are bethind the same router, no matter if it is wired or wireless. This is due to the fact that the client (XP Home) will receive an IP address in the same subnet as the one it already have (source and destination network are actually the same one!)
Leave your setup as it is right now and try from another location. Trying from your home may actually be the best option. Public WiFi accesses like the one offered by bars or bistros may have restrictions that prevent the use of PPTP.
You are absolutely right, the subnet must be different at your home than at work. If it is the same, it is usualy easier to change your home network than the corporate one... I am sure you see why. ;-)
Just so you know, following the "best pratices", anyone should always change the default LAN IP configuration of any router.
You are also right about the PPTP Passthrough.
Have you tought about a SSL-VPN solution? It does not involve opening firewalls with strange protocols such as GRE.
I use a great product called SSL-Explorer. It allows you to browse Windows file share, publish web application, connect through RDP and more, all front the comfort of a web browser. It removes the need of configuring a PPTP connection on the remote computer. This is a commercial product but you can get a 2-user licence for free.
I think you should take a look at it.
Beware of opening an FTP over the Internet. I used to do that and I quickly ended up with a lot (1000 hits in an hour) of brute force attack trying to crack the Administrator password.
SSL-Explorer supports WebDAV. It allows to map a drive in a windows workstation to a remote server using HTTPS.
×
1,884 views
Usually answered in minutes!
Hi,
OK, I thought I covered this but let me tell you what I have.
On the WBR-2310 I have the following ports forwarded to my Windows XP Pro machine that I setup the VPN server on.
TCP 1723
TCP 47
UDP 500
UDP 1701
On my Window Firewall on both my server and client I have the same ports opened up. No joy. It seems like I am connecting as the server gets past the connecting status but I hang on the login. Anyway to see on my server what is happening during a login attempt? Thank you,
Hi,
I really do appreciate your help here. When I said I thought I had covered this, I meant I thought I had all the right ports opened. OK,
now I only have port forwarding for 1723 TCP. I turned off both firewalls and still it gets past connect but hangs in login. I tried both my login and the Administrator login. Frustrating.
Sorry, yes I have PPTP, L2TP and IPSec enabled in the WBR firewall.
Hi,
At the moment I was trying this in the office. I have tried from home with the same results. I was not sure if I could be in the office and try this. I have my notebook on wireless and my server connected to a hard port. I only have the WBR in the office running off the DSL line. Is this valid to test? I will have to try your suggestions tonight if running off the WBR for both computers is not acceptable.
Hi,
Thanks again. I will try from home tonight. I thought that might be a problem but it did not work from home the first time so I kept trying here.
Hi,
I have a question. At home the notebook will receive an IP address from that network, off the Linksys router. I take it it should be different from my work IP subnet to work? I have to check this. I guess I need to make sure the the PPTP passthrough is enabled there also. Thanks again for your insights.
Hi,
Sorry I have not gotten back to you, been under the weather for a few days. I tried absolutely everything and got no where. I am just going to have to give up on this and use FTP as I can get that to work. Strange huh.
Hi,
Thanks for the suggestion. What I wanted to do was be able to access my file system from home so I could run my development programs on my notebook but access the office data so I did not have to copy data back and forth to keep things synchronized.
Hi,
Thanks for the comments. I will be careful of this. I was only going to enable the FTP when I knew I would be working from home. I will will check out SSL-Explorer. Thanks again for all the time you have spent with this.
×