Jump to content

Router and VPN question

Premier

By Premier
in Networks and the Internet

 Share

Recommended Posts


darkfiber1010

darkfiber1010

Posted
Posted (edited)

I don't know if you’re trying to set up a VPN Server, client or both. I have some instructions that I originally wrote for someone that wasn't that familiar with computers so if they are a little over explanatory at times I'm sorry. I'm assuming you’re using Windows XP, and some version of a hardware router/firewall. To answer your initial question though, a standalone VPN router is a nice thing to have but you don't need one if you want to save some money. A regular Windows XP (or other OS) computer will work just fine as a VPN Server.

Setting Up the VPN Server:

Step 1: Create a Connection

Access the New Connection Wizard, usually found in the Start menu under Accessories then Communications or in the Control Panel under Network Connections

Step 2: Click next and then select "Advanced Connections", then select "Accept Incoming Connections"

Step 3: Leave everything unchecked and click next. On the next screen select "Allow Virtual Private connections" and click next.

Step 4: Select the existing user account that you wish to access the VPN, or create a new one by clicking add. When finished click next

Step 5: At the network software screen, you shouldn't have to do anything. The default values should be fine. However if you have issues later on we can come back here. So just click next for now and then finish. A new connection called Incoming connections should now be in your network connections folder located in Control Panel.

Step 6: Setting up the Router/Gateway (this is where the fun begins)

This step is specific to your router in order to complete the following you will need to consult the manufacturer website or if its one of the common ones such as Linksys I might be able to walk you through it.

a. First there is one last thing we need to do on the server computer before we set up the router/gateway but it ties in with the router setup so that is why it is in here. In order for your VPN Server to function correctly you need to assign it a static LAN IP address and also Static DNS information. First access your router's setup and record your ISP's or LAN Server's DNS server IP address (there may be more than one, use both). Next look at the subnet mask that your router is using. Write down the subnet mask, it should look similar to 255.255.255.0. Now look at the DHCP range if the range is something like 192.168.0.2 to 192.168.0.254, write down the first number in the range to use as your static address and then change the range to the next highest number so it prevents your static address from causing an error. For example using the above range, you should use 192.168.0.2 for your static address and change the new range to 192.168.0.3 to 192.168.0.254 . Next Open your Local Area Connection and select properties then Internet Protocol and properties. Select "Use the following IP address" and enter the IP address and subnet mask, along with the static DNS information and click ok. Your connection should now have a static LAN IP address.

b. Now that you have a static LAN IP address you need to go into the router and enable port forwarding to that address. The main port that needs to be forwarded for a Microsoft PPTP VPN is TCP 1723. Also 1721 I think.

c. Also you need to enable VPN Pass-through and if there is the option specifically PPTP pass-through. On most home router/gateways there is no option for GRE 47 which is just as crucial as TCP port 1723 to the operation of the VPN. However PPTP pass-through should take care of this. I say should because some vendors such as linksys are notorious for having problems with their routers actually allowing GRE even though it claims to be supported.

d. Finally you will need someway of reaching the VPN server from the Internet. This is done through either a WAN IP address or a hostname. You get a WAN IP address from your internet service provider, but in most cases due to technical reasons that address changes periodically, known as dynamic. In order to use a VPN Server you should have a WAN address that doesn't change known as static. You can buy a static address from your ISP but these are costly, however there is a perfectly legal and free way of getting around this. You use a Dynamic hostname service like www.dyndns.org. This service allows you to associate your changing IP address with a host name that doesn't change. The way it works is once you register for their service you pick a host name like "bobsVPN.dyndns.org" and initially you type in your WAN IP address so the service associates your address with the name. Next you go to your router/gateway and configure it for dynamic dns updates. What this does is when ever the WAN IP address from your ISP changes, the router automatically tells the dns service and the service associates your hostname with the new address. Most routers/gateway support this, the setup just once again just depends on your manufacturer.

Setting up the Client:

Step 1: Create a Connection

Access the New Connection Wizard, usually found in the Start menu under Accessories then Communications or in the Control Panel under Network Connections

Step 2: Click next, select "Connect to the Internet at my Workplace" and click next. It doesn't really matter if you are connecting to your workplace; Microsoft just worded it that way for some reason.

Step 3: Select "Virtual Private Network Connection" and click next. You can enter anything you want for the company name; once again it doesn't matter if it’s not a company. Click next

Step 4: If you’re using a high-speed connection you should select "Do Not Dial" and click next

Step 5: Here you need to type the IP address or hostname of the VPN server. If you are connecting to someone else's VPN server they will provide you with the hostname or IP address. If it is your VPN server than use a Static IP address or a hostname that you created with a dynamic dns service.

Step 6: Select the "Add shortcut to desktop" for your convenience if you wish and click Finish.

Step 7: Setting up the Router/Gateway

Most home routers/gateways don't block outgoing ports but just to be on the safe side enable PPTP pass-through.

Edited by darkfiber1010
Link to comment
Share on other sites
Damian_Iz

Damian_Iz

Posted
Posted (edited)

Hi!

I am trying to set up a VPN, but i have problems.

I have been looking at darkfiber1010 response, and it is EXACTLY what i did!!!!

I have configured de VPN server on my PC at work. My PC has Win 2000 Pro.

It is on a LAN, wich has a ADSL modem to the internet - then the router (linksys BEFSR11) where i enabled the IPSEC and PPTP pass through, enable for forwarding the ports TCP 1723, UDP 500 and TCP UDP 1721 to my machine.

Then, the router is connected directly to the switch...

¿should i do something more?

I was trying with the "instant" dynamic IP. And i have a NO-IP DNS nameserver too.

I have tested it with the client on a home PC (WIN XP), using directly the dynamic IP, and all we coul do was pinging each other by IP... but i was imposible to browse the files or see the work network from the client.

what can i do? please HELP!!! i am getting tired of problems with this.

Sorry about my English.. Im a spanish speaker.

Edited by Damian_Iz
Link to comment
Share on other sites
darkfiber1010

darkfiber1010

Posted
Posted

Damian_IZ, I need more information in order to help you. Are you at least getting a successful VPN connection? What I mean by this is when you try to connect to your VPN server, does it successfully connect or do you get an error message for example "Error 721". If it does connect successfully without an error, then the problem is one of two things. The LAN settings on the VPN server connection might need to be reconfigured. Or it might be a problem with your router, some linksys routers have issues with VPNs that can not be corrected. However once you give me more information we can decided what the problem is.

Link to comment
Share on other sites
Damian_Iz

Damian_Iz

Posted
Posted

ok

Yes, i do have a successfull connection. In that moment is when y can PING successfully the client by IP, and the client can ping the server, too.

It sounds to me, taht the LAN settings issue is the more likely problem...

i'll be expecting for help! ;)

Link to comment
Share on other sites
darkfiber1010

darkfiber1010

Posted
Posted (edited)

Damian_Iz, I didn't forget about you I've just been busy. Tomorro I will post some more directions to try to help you out. You're probably going to have to go in to the properties of the vpn server "Incomming connections" Icon then go to the Network tab then Internet Protocol and make sure Allow access to LAN is checked. Also you may have to manually specify an IP address range in order to correct the problem. In the mean time use google and find sites that explain VPN LAN browsing issues. Maybe you can figure it out for yourself till then.

Edited by darkfiber1010
Link to comment
Share on other sites
Damian_Iz

Damian_Iz

Posted
Posted (edited)

Somewhere I read that maybe you must map the shared folder to see them from client. ¿What do you think?

Oh! and one more thing... ¿must i set something about permissions and passwords in the client machine? anyway, the client can log ok right now.

and what about WINS OR LMHOSTS issues... this LAN have not any of them ... do i have to have them/some of them?

NAT is used just setting forwarding on the router... it need sth more?

Edited by Damian_Iz
Link to comment
Share on other sites
  • 2 weeks later...
neur0sis

neur0sis

Posted
Posted

Hi Guys -

I am having the exact same problem, with exactly the same router here. I can't seem to get it to work though.

Here is where I am at so far:

I have the VPN server running on the Windows 2000 Server box here. I forwarded the ports in my router/firewall (Linksys BEFSR11) and created a client on the laptop I am trying to use.

I can connect to the VPN. The client makes the handshake, connects and tells me I am connected... But I can not view any network resources, ping any computers on the lan here at work, or do anything really.

If I look at the properties of the VPN connection, it seems to be sending out tons of packets, but only receiving a couple.

I don't understand the resolution that Damian came up with here with the LMHOSTS file (I don't know how they work) ... but at least his connection he could ping other lan computers... mine won't even get that far!

Any help would be appreciated!

Link to comment
Share on other sites
Gekko_uk

Gekko_uk

Posted
Posted

Hi, It seems this is the Place to be for VPN's!

I am using a netgear router, I have it setup as described in guide above/over page.

One client at a time works perfectly, if I try more than one client behind the router conecting to the vpn server, each client drops a connection, basically I can only get one client on at a time.

My main question is how do I set it up so everyone in the smaller office Downsouth can see the Machines in the larger "head" office, and vice versa?

DO I Set a VPN server up down in Sat Office the same way as it is setup in Headoffice?

Cheers

Gekko

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...