xp vpn server, but how to set port in router firewall?:edit WORKS

[bobcpg]

So there are two computers behind my linksys firewall/router so what port should i forward to the lan ip. Also, when i goto connect to the vpn how do i specify what that port?
i am useing the vpn server with xp. I can get it to work when the computer is dirlectly connected to the cable modem.

thanks,

-bob

 

[JackMDS]

Using the Cable Modem directly should be easer then through the Linksys. You have to make one computer by it self work thought the modem, if it can not work through the Modem it will not work no matter what you do.

BTW: Many of the Entry Level Network appliances have problems with VPN. Log to the sites of the equipment, and make sure that your appliances (Modem, Router etc.) are Windows VPN compatible.

 

[Smilin]

Try opening these ports:

500 TCP
1701 UDP
1723 UDP

See MS Kbase article q289241

 

[Schnieds]

Unfortunately MS VPN Solutions use GRE Protocol 47 (At least their server products do) Most of the cheap DSL/Cables routers do not support GRE Protocol 47 pass-thru which means that even if you forward port 1723 (VPN PPTP port) you will only get to the Authenticating Username and Password part of the VPN connection and then it will hang.

As Jack said, test it without the router in place first. When that works forward port 1723 in your router to the internal address of your VPN server. If there is a place to specify random protocol pass-thru's, put GRE 47 in there. If you forward port 1723 and can establish a connection but it dies at the authentication, then you know the router doesn't support MS VPN passthru. =(

Good Luck

 

[bobcpg]

yeah it works great without the router. I'm am gonna try with all those ports open and let ya all know.

 

[Schnieds]

Congrats in getting it working without the router... I hope you have the same luck with it.

If you can't get it working with the router, you may want to consider putting Linux on some old box you have any running your VPN services on it. Linux doesn't use GRE 47, and therefore most el-cheapo routers can pass the PPTP connection through without a hitch. I have an old PII300 running my Linux VPN server at home through a Linksys router with no problems.

 

[bobcpg]

yeah i got it to work with the router. My linksys router had this thing called DMZ host and i just enabled that for my local ip address and it work from the office today.

thanks again
-bob

 

[Schnieds]

Hey bobcpg,

This may not matter to you, but I think that you might want to know what a DMZ is. A DMZ is a Demilitarized Zone. Any computer that you make a DMZ host allows EVERYTHING to get to it. So if you are relying on the NAT functionality of your router to provide some level of the security, making your VPN server a DMZ host does away with all of the NAT security that your router provides.

Basically any packet or request sent to your VPN computer is being passed through your router, be it a VPN connection or hack attack. I would highly recommend using some form of software firewall on your VPN computer to protect yourself, even if it's just the inherent Windows firewall. I would highly recommend Zone Alarm as a software firewall, although I have never used it on a VPN server. You will have to configure the firewall to allow the VPN connections through... but it will be much safer!

 

[bobcpg]

ok i disabled the DMZ host and opened ports:
500 TCP
1701 UDP
1723 UDP
and everything work great.

-thanks all
bob