VPN Problems

[Carp1812]

I'm running Win2k server and trying to set up a VPN. I have a DSL connection behind a Linksys router. I'm forwarding port 1733 to the server box. I have the R&RAS server running as a remote access server. I have the active directory installed and working to authenticate. I have given the user accounts dial-in permission in the active directory properties. I'm trying to use MSCHAPS authentication for the VPN. I have the R&RAS server set up to assign IPs in a range that is outside the DHCP pool (handled by my router). I have allocated 10 PPTP ports and 10 L2TP ports for the server. When I try to connect to the VPN (sending user name, password, and domain) it tells me that there is no connection available. I tried connecting from an XP Pro machine. What am I doing wrong? This is all the relevant info that I can think of right now. Please ask any questions. Any advice is greatly appreciated.

 

[minendo]

What model linksys router?

 

[Carp1812]

BEFSR41

 

[minendo]

Originally posted by: Carp1812
BEFSR41

I don't think that router will do VPN. You need an actual VPN router such as the BEFVP41.

 

[Carp1812]

Are you telling me that my router won't HOST a VPN or it isn't capable of passing the ports to a host on my network? I don't need it to host the VPN....

 

[Fuzznuts]

win2k vpn will not work over a NAT connection the 2k box itself needs a public ip and the port you should be opening is 1723 not 1733. you either need to create a tunnel at the router as minendo suggested or stick the 2k box on the net. of course if you have a linux box around you could set that up as your firewall/router sitck poptop on it and have your vpn run from there.

 

[Need4Speed]

the server can be behind a nat as long as the router has ipsec/pptp passthru. the client can also be behind a nat as long as it is nat aware. it cannot be behind a proxy though. ssh sentinal is a nat aware client and is a hell of alot better than the POS microsoft thats included with XP.

 

[Carp1812]

Are there specific settings that I can look for in my host or my client to allow me to determine whether or not I'm NAT-aware? Does anybody else see anything I'm forgetting to do here? Thanks.

 

[bobcpg]

yes you are able to do this. i have the same router at home and i can get a vpn from work to home. you need to forward some port(s) and need to enable some things. when i get home from work i'll let ya know what to do.