VPN PPTP

  • Thread starter Thread starter Pedro Gonçalves
  • Start date Start date
P

Pedro Gonçalves

Hi,

I configured RRAS to accept VPN PPTP connections in a Windows 2000 SBS.
I have one Router that connects my network to the internet. That router has
NAT.
I have basically 2 problems:
1 - I can't configure the NAT to let pass only traffic from and to VPN
Clients. So I had to redirect all traffic to my server in order that VPN
Clients could connect and validate credentials with success. I tryied to
redirect traffic to port TCP 1723 and 47, the client can connect but can't
validade credentials. What I need to configure in the NAT.
2 - I have basically the same problem in Win XP Clients. If I activate the
firewall that XP brings with (in the Local Area Connection and/or VPN
Connection), I can connect but can't validade username and password. What I
need to do to mantain the firewall actived and let VPN traffic passtrought?

Thanks,
Pedro
 
TCP port 1723 is all you need for PPTP. You do not need tcp port 47. This
has nothing to do with VPN.

If you forward TCP port 1723 from the firewall to RRAS server, you
should be able to establish a pptp connection from a remote client to the
RRAS server using the router's public IP.

The other requirement for a successful connection is GRE. Generic
Routing Encapsulation is an IP protocol (IP protocol 47). The VPN data is
carried inside packets with GRE headers. If anything in the path (client,
ISP, firewall etc) blocks GRE, the connection soon fails because no data is
transferred.

Your router must not block GRE in either direction. Depending on the
router GRE might be called by its name or its IP protocol number (47). Some
routers even refer to PPTP passthrough mode or even VPN passthrough mode.
Whatever it is called, it must be enabled for incoming and outgoing traffic
for a PPTP VPN connection to work.
 
Hi Bill,

Thanks for your awnser. I already configured the router with tcp port 1723
and protocol gre.
But I don't know to configure Win XP Firewall to let pass IP Protocol 47.
When I click add and in the Service Settings window I've only to options for
protocol: TCP or UDP. How can I add protocol gre?

Pedro Gonçalves
MCSD
 
Sorry, I can't help you there. I know that some personal firewalls will
prevent a VPN connection, but I have not tried using the XP basic firewall.
I have been using Norton Internet Security Pro. You may get more options
with the firewall enhancements included with XP SP2 (currently in beta
testing).
 
Back
Top