VPN with 2 XP Home

[kathi]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I am trying to vpn to my work computer running XP home with my Home computer running XP Home.
At work we have a peer to peer network (4 computers hooked to a router with a static IP Address assigned to the Router). On the router I have forwarded 500,50-51,1723,47,3389 ports to my Work Computer IP address. Also I have the DMZ set to the Work Computer IP. I also set up the incomming connection to use the ip address with in my work lan. I have called Linksys and they say it is not the router that is in the VPN configurations.

On the client, I have unchecked "use default gateway on remote network" When I try to connect I get as far as verifying user id/password, then an Error 721. I have tried using a dial-up connection to the internet and my home broadband to connect to my Work Computer but both give me 721 error.

When I look at the router logs, I see my Home Computer's IP address with port 1214 'to' my Work Computer's IP Address port 1723.

I would appreciate if someone would please help me. I feel like I am running in circles. Thanks in Advance! Kathi

 

[jrc]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

If you are using VPN, why are you forwarding ports? Also, you shouldn't be
messing with DMZ to do what you are talking about (if you want to keep your
machine safe).



"Kathi" <anonymous@discussions.microsoft.com> wrote in message
news:AC1CB478-973A-454D-B24F-E9E791CC66E5@microsoft.com...
> I am trying to vpn to my work computer running XP home with my Home
computer running XP Home.
> At work we have a peer to peer network (4 computers hooked to a router
with a static IP Address assigned to the Router). On the router I have
forwarded 500,50-51,1723,47,3389 ports to my Work Computer IP address. Also
I have the DMZ set to the Work Computer IP. I also set up the incomming
connection to use the ip address with in my work lan. I have called Linksys
and they say it is not the router that is in the VPN configurations.
>
> On the client, I have unchecked "use default gateway on remote network"
When I try to connect I get as far as verifying user id/password, then an
Error 721. I have tried using a dial-up connection to the internet and my
home broadband to connect to my Work Computer but both give me 721 error.
>
> When I look at the router logs, I see my Home Computer's IP address with
port 1214 'to' my Work Computer's IP Address port 1723.
>
> I would appreciate if someone would please help me. I feel like I am
running in circles. Thanks in Advance! Kathi
>

 

[kathi]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I am using the default VPN that came with Windows XP Home. As for the ports, everything I read said I needed to forward the port 1723. Then I would read some more and there were recommendations of forwarding other ports. As for the DMZ, that was the only way I could actually get the connection else it would say server was not responding.
Any ideas?

 

[kathi]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Ok so I went back and modified the router settings to only forward port 1723 and disabled DMZ. I am still getting the 721 error?

 

[Bob]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Sun, 25 Apr 2004 13:21:03 -0700, "=?Utf-8?B?S2F0aGk=?="
<anonymous@discussions.microsoft.com> wrote:

>I am trying to vpn to my work computer running XP home with my Home computer running XP Home.
>At work we have a peer to peer network (4 computers hooked to a router with a static IP Address assigned to the Router). On the router I have forwarded 500,50-51,1723,47,3389 ports to my Work Computer IP address.

Why did you forward port 47?

If you want to run PPTP VPN, then you need to pass PROTOCOL 47 packets
(GRE). If the router supports this, it is usually known as "PPTP
Passsthru".

And if you want to use PPTP VPN, why all those other ports? All you
need to forward for PPTP is port 1723.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[kathi]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I have setup everything like it shows (on the url links). But I have one question...what do you mean by port 1723 forward on both machines? I have the router forward port 1723. How do I set up my client (home) or the work computer?

 

[Bob]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Mon, 26 Apr 2004 06:43:30 -0400, "JRC" <pooh@jrehmconsulting.net>
wrote:

>If you are using VPN, why are you forwarding ports?

PPTP requires that port 1723 be forwarded. It also requires that
Protocol 47 packets be passed thru.

--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Mon, 26 Apr 2004 04:56:04 -0700, "=?Utf-8?B?S2F0aGk=?="
<anonymous@discussions.microsoft.com> wrote:

>I am using the default VPN that came with Windows XP Home. As for the ports, everything I read said I needed to forward the port 1723. Then I would read some more and there were recommendations of forwarding other ports. As for the DMZ, that was the only way I could actually get the connection else it would say server was not responding.
>Any ideas?

Yes, learn how PPTP VPN works - admittedly a confusing task.

http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Mon, 26 Apr 2004 05:01:06 -0700, "=?Utf-8?B?S2F0aGk=?="
<anonymous@discussions.microsoft.com> wrote:

>Ok so I went back and modified the router settings to only forward port 1723

On both machines? You must forward port 1723 on both machines.
Although the terms VPN Server and VPN Client are used, packets can
originate from either machine, and therefore the receiving machine
must be allowed to pass packets thru port 1723.

>and disabled DMZ. I am still getting the 721 error?

PPTP VPN also requires that protocol 47 (GRE) packets be allowed to
pass thru both routers. Usually this is called "PPTP Passthru".

If you have any firewalls in the PC, disable them to see if they are
interferring. Don't just turn off the GUI - you must Disable the
firewall engine using the GUI.

If you are running that known virus called "Zone Alarm", throw it away
and get a decent firewall like Kerio (free to the home user).

"msconfig" is helpful in finding hidden startups.

--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Mon, 26 Apr 2004 08:11:07 -0700, "=?Utf-8?B?S2F0aGk=?="
<anonymous@discussions.microsoft.com> wrote:

>I have setup everything like it shows (on the url links). But I have one question...what do you mean by port 1723 forward on both machines?

Do you understand how NAT works? An incoming packet is not allowed to
penetrate the NAT firewall unless:

1) The incoming packet is a Response to an outgoing Request packet,
which NAT keeps track of with port translation.

2) The router is instructed to ignore the NAT firewall for one or more
particular ports for one particular machine. For example, let's say
you have a web server like Apache running on a particular machine. You
have to forward all incoming port 80 packets to that machine,
otherwise no one on the Internet can access the webserver.

>I have the router forward port 1723.

From that it would appear you understand the concept of forwarding a
port. Are you sure port 1723 is being forwarded to the VPN machine?

What about "PPTP Passthru"? You must allow protocol 47 (GRE) packets
to pass thru the router too. Most NAT implementations block all
protocols except the most commonly used ones. GRE is uncommon so it is
default blocked - you therefore have to unblock it.

>How do I set up my client (home) or the work computer?

I do not understand your question. You have to follow those
instructions for each machine.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[kathi]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Ok, on the router I have port 1723 forwarding to my VPN machine (work). I have all of the VPN Passthrough items enabled which includes the port 47 GRE that was mentioned. Which are: IPSEC, PPPoE, and PPTP.
No Firewal on WORK Computer.

You mentioned I had to have the port forwarding onboth machines...so I was confused on what was meant by BOTH machines.
All i have is at WORK: XP Home hooked up to a router and HOME: XP HOME hooked up to a router
Both have different local LAN ip address WORK 192.168.1 and HOME 192.168.0
My WORK as static IP Address of 192.168.1.100 and my router has a static IP from my ISP
So, I have followed everything from the url links....rebooted machine/router/modem.........still no luck. Someone said it was my VPN...but I am using Microsoft VPN Connection which is with XP Home & has the setup info you provided.
The Router has DHCP enabled.

 

[kathi]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I went to the router logs and see my Home Machine IP Address in the Incoming with port 1723
In the Outgoing, I see my Work Lan IP & Destination IP (Home) using Service/Port# 3974
So do I need to open something up on my home computer to access port#3974 when I get a reply back from my Work?

 

[jrc]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Sorry folks, but I'm still confused about the forwarding anything if VPN is
truely in use. I'll admit I don't mess with MS VPN much, but to date I've
never had to forward ports to get any VPN functionality using any VPN.



"Kathi" <anonymous@discussions.microsoft.com> wrote in message
news:1ECA7359-13D1-4D44-95A8-13C1575BECD5@microsoft.com...
> I went to the router logs and see my Home Machine IP Address in the
Incoming with port 1723
> In the Outgoing, I see my Work Lan IP & Destination IP (Home) using
Service/Port# 3974
> So do I need to open something up on my home computer to access port#3974
when I get a reply back from my Work?
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

FYI - UDP 500 & 4500 and IP Protocols 50 & 51 are for L2TP/IPSEC
VPNs...

Jeffrey Randow (Windows Net. & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Mon, 26 Apr 2004 14:31:56 GMT, spam@spam.com (Bob) wrote:

>On Sun, 25 Apr 2004 13:21:03 -0700, "=?Utf-8?B?S2F0aGk=?="
><anonymous@discussions.microsoft.com> wrote:
>
>>I am trying to vpn to my work computer running XP home with my Home computer running XP Home.
>>At work we have a peer to peer network (4 computers hooked to a router with a static IP Address assigned to the Router). On the router I have forwarded 500,50-51,1723,47,3389 ports to my Work Computer IP address.
>
>Why did you forward port 47?
>
>If you want to run PPTP VPN, then you need to pass PROTOCOL 47 packets
>(GRE). If the router supports this, it is usually known as "PPTP
>Passsthru".
>
>And if you want to use PPTP VPN, why all those other ports? All you
>need to forward for PPTP is port 1723.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

You still must forward or allow TCP Port 1723 in to get the VPN to
work (as the VPN passes traffic over this port)... Otherwise, the VPN
client will keep hitting the NAT firewall of the router..

Jeffrey Randow (Windows Net. & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Mon, 26 Apr 2004 20:36:07 -0400, "JRC" <pooh@jrehmconsulting.net>
wrote:

>Sorry folks, but I'm still confused about the forwarding anything if VPN is
>truely in use. I'll admit I don't mess with MS VPN much, but to date I've
>never had to forward ports to get any VPN functionality using any VPN.
>
>
>
>"Kathi" <anonymous@discussions.microsoft.com> wrote in message
>news:1ECA7359-13D1-4D44-95A8-13C1575BECD5@microsoft.com...
>> I went to the router logs and see my Home Machine IP Address in the
>Incoming with port 1723
>> In the Outgoing, I see my Work Lan IP & Destination IP (Home) using
>Service/Port# 3974
>> So do I need to open something up on my home computer to access port#3974
>when I get a reply back from my Work?
>>
>

 

[kathi]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I have all of the settings correct. I called Linksys (who has very bad tech support!) and they said the Router has VPN Passthrough which allows GRE 47. They were telling me to configure the work routers port forwarding with my Home Computer IP address...which I know is wrong...so anyway, I am going to bypass the router and connect the work computer to the Cable Modem then try to VPN from my home computer. They may determine it is the Router or if it is the Cable Modem??? But everything is set up just like what was recommended and no one can see where there is a mistake so I am assuming it is the Cable. Thanks

 

[Bob]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Mon, 26 Apr 2004 09:51:03 -0700, "=?Utf-8?B?a2F0aGk=?="
<anonymous@discussions.microsoft.com> wrote:

>Ok, on the router I have port 1723 forwarding to my VPN machine (work).

You are not being explicit enough. Is that machine the VPN Server? I
will assume it is for now.

You are aware that port forwarding requires that you give the machine
a static LAN IP address. Otherwise the router won't know which machine
to forward the packets to.

>I have all of the VPN Passthrough items enabled which includes the port 47 GRE that was mentioned.

OK

>Which are: IPSEC, PPPoE, and PPTP.

Which VPN are you going to use? I assume since you forwarded port 1723
and passed protocol 47 packets, that you are setting up a PPTP VPN.
Don't confuse an already confusing subject by dragging in a lot of
extraneous buzzwords. You are not setting up IPSec or PPPoE.

>No Firewal on WORK Computer.

I hope you made absolutely sure, because it's usually a firewall
hidden in background that causes lack of connection.

>You mentioned I had to have the port forwarding on both machines...so I was confused on what was meant by BOTH machines.

I think you would benefit by taking the time to learn how a VPN works.

There are two machines: the VPN Server and the VPN Client.

>All i have is at WORK: XP Home hooked up to a router and HOME: XP HOME hooked up to a router

That sounds like 2 machines to me. You need to forward port 1723 and
protocol 47 on each of those 2 machines.

>Both have different local LAN ip address WORK 192.168.1 and HOME 192.168.0

This is wrong. What you mean to say is that the subnet at WORK is
192.168.1.X and the subnet at HOME is 192.168.0.X.

>My WORK as static IP Address of 192.168.1.100 and my router has a static IP from my ISP

I assume that the static IP address 192.168.1.100 is the LAN IP
address. The VPN Server address can be different. The reason is simple
to understand. Microsoft treats the VPN as an "adapter" in the same
way it treats your actual Ethernet adapter. Therefore the address of
the VPN Adapter is different from the IP address of the Ethernet
Adapter.

>So, I have followed everything from the url links....rebooted machine/router/modem.........still no luck. Someone said it was my VPN...but I am using Microsoft VPN Connection which is with XP Home & has the setup info you provided.
>The Router has DHCP enabled.

I would change the LAN IP address to something below 192.168.1.100 -
for example, make it 192.168.1.10.

Next you need to tell us what the range of VPN IP addresses you told
the VPN Server to allow. Then you need to tell us if you are allowing
the VPN Client to specify its own address, and if so what is it.

You need to sit at one location with someone at the other location.
Have that person open the icon for the LAN Adapter - the one that is
in the tray. Open it to see the traffic passing back and forth. Then
you try to connect and see if the other person can see the hits. If
so, then you are making it thru the router, at least partially. If
not, then you have another problem.



--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Mon, 26 Apr 2004 10:01:11 -0700, "=?Utf-8?B?S2F0aGk=?="
<anonymous@discussions.microsoft.com> wrote:

>I went to the router logs and see my Home Machine IP Address in the Incoming with port 1723
>In the Outgoing, I see my Work Lan IP & Destination IP (Home) using Service/Port# 3974
>So do I need to open something up on my home computer to access port#3974 when I get a reply back from my Work?

That response is the NAT port translation. The router assigned port
3974 to the outgoing packet so it could translate the IP address for
routing on the Internet. When the reply comes back, the router will
know where to send it.

192.168.X.X is an unroutable subnet on the Internet.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Mon, 26 Apr 2004 23:56:53 -0500, "Jeffrey Randow (MVP)"
<jeffreyr-support@remotenetworktechnology.com> wrote:

>>And if you want to use PPTP VPN, why all those other ports?

>FYI - UDP 500 & 4500 and IP Protocols 50 & 51 are for L2TP/IPSEC
>VPNs...

My question was rhetorical.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Bob]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Tue, 27 Apr 2004 08:41:07 -0700, "=?Utf-8?B?S2F0aGk=?="
<anonymous@discussions.microsoft.com> wrote:

>I have all of the settings correct. I called Linksys (who has very bad tech support!)

Linksys is now owned by Cisco. Maybe things will change.

There are specific Linksys user forums. Try:

http://www.practicallynetworked.com/

>and they said the Router has VPN Passthrough which allows GRE 47.

On the ever-popular Linksys BEFSR41 router there are two passthrus,
one for IPSec and one for PPTP.

Be sure to turn off SPI - it's broken.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)



Jeffrey Randow (Windows Net. & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone
On Tue, 27 Apr 2004 12:52:09 GMT, spam@spam.com (Bob) wrote:

>On Mon, 26 Apr 2004 23:56:53 -0500, "Jeffrey Randow (MVP)"
><jeffreyr-support@remotenetworktechnology.com> wrote:
>
>>>And if you want to use PPTP VPN, why all those other ports?
>
>>FYI - UDP 500 & 4500 and IP Protocols 50 & 51 are for L2TP/IPSEC
>>VPNs...
>
>My question was rhetorical.