Sign in with
Sign up | Sign in
Your question

VPN connections

Last response: in Windows XP
Share
Anonymous
November 13, 2004 10:55:02 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I am trying to set up a vpn connection between my home (laptop dynamic IP)
and my office (pc static IP). Both machines are running windows xp pro sp2.
The office machine is behind a Linksys router and has port forwarding to the
if address of the PC enabled. Windows firewall is configured to allow VPN
and rdc and indeed I can connect no problem using RDC. When I try to
establish a vpn I get as far as logon name and password veryfication and then
everything stops. I have a feeling it may be something to do with
authentication prorocols but I don't know enough about how to configure
IPsec/certificates/MS-Chaps v2 blah blah blah. Any ideas anybody

More about : vpn connections

Anonymous
November 13, 2004 7:53:09 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

"gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
news:B8D4629C-A5A4-46E5-875F-5CF2A1DFDC95@microsoft.com
>
> I am trying to set up a vpn connection between my home (laptop
> dynamic IP) and my office (pc static IP).

Are you trying to make a VPN with PPTP or with L2TP?

> Both machines are running
> windows xp pro sp2. The office machine is behind a Linksys router and
> has port forwarding to the if address of the PC enabled.

Which ports are forwarded? The required ports are different depending on
whether you are trying PPTP or L2TP. For PPTP you need to forward TCP port
1723, plus IP protocol number 47 (known as GRE). On a Linksys, forwarding
GRE is usually enabled by enabling "PPTP pass-through". However, depending
on which model of Linksys router you have, PPTP pass-though is broken on
certain firmware versions, and incoming PPTP connections cannot be made.

With L2TP/IPSec, you need to forward UDP ports 1701, 500, and 4500, and
enable "L2TP pass-through". But setting up an L2TP server is non-trivial on
the IPSec side.

> Windows
> firewall is configured to allow VPN and rdc and indeed I can connect
> no problem using RDC. When I try to establish a vpn I get as far as
> logon name and password veryfication and then everything stops. I
> have a feeling it may be something to do with authentication
> prorocols but I don't know enough about how to configure
> IPsec/certificates/MS-Chaps v2 blah blah blah.

If you are trying L2TP/IPSec, then see
http://support.microsoft.com/default.aspx?scid=kb;en-us;885407 because your
L2TP server is behind a NAT router.

--
Robin Walker
rdhw@cam.ac.uk
Anonymous
November 13, 2004 7:53:10 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi Robin,

Thanks for your response.

These are the ports that I have forwarded in the linksys router:

PPTP 1723 TCP protocol
RDC 3389 Both (TCP/UDP) protocol
GRE 47 Both (TCP/UDP) protocol
IPsec 50 Both (TCP/UDP) protocol
L2TP 500 Both (TCP/UDP) protocol

All these ports are listed as exceptions within the Windows Firewall setup.

If you want you could have a look at the setup for yourself through RDC.

Hope this makes sense to you.

Kind regards

John Marzano

"Robin Walker" wrote:

> "gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
> news:B8D4629C-A5A4-46E5-875F-5CF2A1DFDC95@microsoft.com
> >
> > I am trying to set up a vpn connection between my home (laptop
> > dynamic IP) and my office (pc static IP).
>
> Are you trying to make a VPN with PPTP or with L2TP?
>
> > Both machines are running
> > windows xp pro sp2. The office machine is behind a Linksys router and
> > has port forwarding to the if address of the PC enabled.
>
> Which ports are forwarded? The required ports are different depending on
> whether you are trying PPTP or L2TP. For PPTP you need to forward TCP port
> 1723, plus IP protocol number 47 (known as GRE). On a Linksys, forwarding
> GRE is usually enabled by enabling "PPTP pass-through". However, depending
> on which model of Linksys router you have, PPTP pass-though is broken on
> certain firmware versions, and incoming PPTP connections cannot be made.
>
> With L2TP/IPSec, you need to forward UDP ports 1701, 500, and 4500, and
> enable "L2TP pass-through". But setting up an L2TP server is non-trivial on
> the IPSec side.
>
> > Windows
> > firewall is configured to allow VPN and rdc and indeed I can connect
> > no problem using RDC. When I try to establish a vpn I get as far as
> > logon name and password veryfication and then everything stops. I
> > have a feeling it may be something to do with authentication
> > prorocols but I don't know enough about how to configure
> > IPsec/certificates/MS-Chaps v2 blah blah blah.
>
> If you are trying L2TP/IPSec, then see
> http://support.microsoft.com/default.aspx?scid=kb;en-us;885407 because your
> L2TP server is behind a NAT router.
>
> --
> Robin Walker
> rdhw@cam.ac.uk
>
>
>
Related resources
Anonymous
November 13, 2004 7:53:11 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

What error message are you getting?
Are you using a dynamic dns service?

Jack

"gyrocam1" wrote:

> Hi Robin,
>
> Thanks for your response.
>
> These are the ports that I have forwarded in the linksys router:
>
> PPTP 1723 TCP protocol
> RDC 3389 Both (TCP/UDP) protocol
> GRE 47 Both (TCP/UDP) protocol
> IPsec 50 Both (TCP/UDP) protocol
> L2TP 500 Both (TCP/UDP) protocol
>
> All these ports are listed as exceptions within the Windows Firewall setup.
>
> If you want you could have a look at the setup for yourself through RDC.
>
> Hope this makes sense to you.
>
> Kind regards
>
> John Marzano
>
> "Robin Walker" wrote:
>
> > "gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
> > news:B8D4629C-A5A4-46E5-875F-5CF2A1DFDC95@microsoft.com
> > >
> > > I am trying to set up a vpn connection between my home (laptop
> > > dynamic IP) and my office (pc static IP).
> >
> > Are you trying to make a VPN with PPTP or with L2TP?
> >
> > > Both machines are running
> > > windows xp pro sp2. The office machine is behind a Linksys router and
> > > has port forwarding to the if address of the PC enabled.
> >
> > Which ports are forwarded? The required ports are different depending on
> > whether you are trying PPTP or L2TP. For PPTP you need to forward TCP port
> > 1723, plus IP protocol number 47 (known as GRE). On a Linksys, forwarding
> > GRE is usually enabled by enabling "PPTP pass-through". However, depending
> > on which model of Linksys router you have, PPTP pass-though is broken on
> > certain firmware versions, and incoming PPTP connections cannot be made.
> >
> > With L2TP/IPSec, you need to forward UDP ports 1701, 500, and 4500, and
> > enable "L2TP pass-through". But setting up an L2TP server is non-trivial on
> > the IPSec side.
> >
> > > Windows
> > > firewall is configured to allow VPN and rdc and indeed I can connect
> > > no problem using RDC. When I try to establish a vpn I get as far as
> > > logon name and password veryfication and then everything stops. I
> > > have a feeling it may be something to do with authentication
> > > prorocols but I don't know enough about how to configure
> > > IPsec/certificates/MS-Chaps v2 blah blah blah.
> >
> > If you are trying L2TP/IPSec, then see
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;885407 because your
> > L2TP server is behind a NAT router.
> >
> > --
> > Robin Walker
> > rdhw@cam.ac.uk
> >
> >
> >
Anonymous
November 13, 2004 7:53:12 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi Jack,
I'm not using a dynamic dns service on the vpn server, it has a static IP
but the client computer (laptop) is dynamic.

Also I'm not getting an error message as such, what happens is I get a
message saying "veryfying user name and password" which just sits there until
I get frustrated with it and click cancel.

I use the same username and password to connect using RDC without any
problem at all.

John

"jackjenkins" wrote:

> What error message are you getting?
> Are you using a dynamic dns service?
>
> Jack
>
> "gyrocam1" wrote:
>
> > Hi Robin,
> >
> > Thanks for your response.
> >
> > These are the ports that I have forwarded in the linksys router:
> >
> > PPTP 1723 TCP protocol
> > RDC 3389 Both (TCP/UDP) protocol
> > GRE 47 Both (TCP/UDP) protocol
> > IPsec 50 Both (TCP/UDP) protocol
> > L2TP 500 Both (TCP/UDP) protocol
> >
> > All these ports are listed as exceptions within the Windows Firewall setup.
> >
> > If you want you could have a look at the setup for yourself through RDC.
> >
> > Hope this makes sense to you.
> >
> > Kind regards
> >
> > John Marzano
> >
> > "Robin Walker" wrote:
> >
> > > "gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
> > > news:B8D4629C-A5A4-46E5-875F-5CF2A1DFDC95@microsoft.com
> > > >
> > > > I am trying to set up a vpn connection between my home (laptop
> > > > dynamic IP) and my office (pc static IP).
> > >
> > > Are you trying to make a VPN with PPTP or with L2TP?
> > >
> > > > Both machines are running
> > > > windows xp pro sp2. The office machine is behind a Linksys router and
> > > > has port forwarding to the if address of the PC enabled.
> > >
> > > Which ports are forwarded? The required ports are different depending on
> > > whether you are trying PPTP or L2TP. For PPTP you need to forward TCP port
> > > 1723, plus IP protocol number 47 (known as GRE). On a Linksys, forwarding
> > > GRE is usually enabled by enabling "PPTP pass-through". However, depending
> > > on which model of Linksys router you have, PPTP pass-though is broken on
> > > certain firmware versions, and incoming PPTP connections cannot be made.
> > >
> > > With L2TP/IPSec, you need to forward UDP ports 1701, 500, and 4500, and
> > > enable "L2TP pass-through". But setting up an L2TP server is non-trivial on
> > > the IPSec side.
> > >
> > > > Windows
> > > > firewall is configured to allow VPN and rdc and indeed I can connect
> > > > no problem using RDC. When I try to establish a vpn I get as far as
> > > > logon name and password veryfication and then everything stops. I
> > > > have a feeling it may be something to do with authentication
> > > > prorocols but I don't know enough about how to configure
> > > > IPsec/certificates/MS-Chaps v2 blah blah blah.
> > >
> > > If you are trying L2TP/IPSec, then see
> > > http://support.microsoft.com/default.aspx?scid=kb;en-us;885407 because your
> > > L2TP server is behind a NAT router.
> > >
> > > --
> > > Robin Walker
> > > rdhw@cam.ac.uk
> > >
> > >
> > >
Anonymous
November 13, 2004 7:53:13 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

John,
I just setup a vpn with 2 xp pro boxes on dsl, can't get the drives, folders
to share yet though. Are you using dynamic dns or no-ip type client to keep
your dynamic address constant? I had the same problem of the window just
saying "connecting" before time out. After I connected it is quick. Got can
youseeme.org though RDC and check to make sure the ports can be seen. Check
the other computer too. Make sure in the Connection that it is pointing to
the right ip or server name. Mine is working with the box 'Use remote
gateway' checked in tcp/ip. You might try turning off encryption just to get
it connected. On the "Incoming Connection" make sure tunneling is checked.

Hope that helps. Maybe I'll figure out the share problem too.

Jack

Hope that helps

"gyrocam1" wrote:

> Hi Jack,
> I'm not using a dynamic dns service on the vpn server, it has a static IP
> but the client computer (laptop) is dynamic.
>
> Also I'm not getting an error message as such, what happens is I get a
> message saying "veryfying user name and password" which just sits there until
> I get frustrated with it and click cancel.
>
> I use the same username and password to connect using RDC without any
> problem at all.
>
> John
>
> "jackjenkins" wrote:
>
> > What error message are you getting?
> > Are you using a dynamic dns service?
> >
> > Jack
> >
> > "gyrocam1" wrote:
> >
> > > Hi Robin,
> > >
> > > Thanks for your response.
> > >
> > > These are the ports that I have forwarded in the linksys router:
> > >
> > > PPTP 1723 TCP protocol
> > > RDC 3389 Both (TCP/UDP) protocol
> > > GRE 47 Both (TCP/UDP) protocol
> > > IPsec 50 Both (TCP/UDP) protocol
> > > L2TP 500 Both (TCP/UDP) protocol
> > >
> > > All these ports are listed as exceptions within the Windows Firewall setup.
> > >
> > > If you want you could have a look at the setup for yourself through RDC.
> > >
> > > Hope this makes sense to you.
> > >
> > > Kind regards
> > >
> > > John Marzano
> > >
> > > "Robin Walker" wrote:
> > >
> > > > "gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
> > > > news:B8D4629C-A5A4-46E5-875F-5CF2A1DFDC95@microsoft.com
> > > > >
> > > > > I am trying to set up a vpn connection between my home (laptop
> > > > > dynamic IP) and my office (pc static IP).
> > > >
> > > > Are you trying to make a VPN with PPTP or with L2TP?
> > > >
> > > > > Both machines are running
> > > > > windows xp pro sp2. The office machine is behind a Linksys router and
> > > > > has port forwarding to the if address of the PC enabled.
> > > >
> > > > Which ports are forwarded? The required ports are different depending on
> > > > whether you are trying PPTP or L2TP. For PPTP you need to forward TCP port
> > > > 1723, plus IP protocol number 47 (known as GRE). On a Linksys, forwarding
> > > > GRE is usually enabled by enabling "PPTP pass-through". However, depending
> > > > on which model of Linksys router you have, PPTP pass-though is broken on
> > > > certain firmware versions, and incoming PPTP connections cannot be made.
> > > >
> > > > With L2TP/IPSec, you need to forward UDP ports 1701, 500, and 4500, and
> > > > enable "L2TP pass-through". But setting up an L2TP server is non-trivial on
> > > > the IPSec side.
> > > >
> > > > > Windows
> > > > > firewall is configured to allow VPN and rdc and indeed I can connect
> > > > > no problem using RDC. When I try to establish a vpn I get as far as
> > > > > logon name and password veryfication and then everything stops. I
> > > > > have a feeling it may be something to do with authentication
> > > > > prorocols but I don't know enough about how to configure
> > > > > IPsec/certificates/MS-Chaps v2 blah blah blah.
> > > >
> > > > If you are trying L2TP/IPSec, then see
> > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;885407 because your
> > > > L2TP server is behind a NAT router.
> > > >
> > > > --
> > > > Robin Walker
> > > > rdhw@cam.ac.uk
> > > >
> > > >
> > > >
Anonymous
November 14, 2004 12:13:03 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi Jack,
My client ip is dynamically asigned behind a D-link broadband router. Is
that likely to be a problem.

I logged into the server machine with RDC and remotely ran your suggested
canyouseeme.org. Interestingly enough, It could see port PPTP 1723 but
couldn't see GRE port 47. When I tested GRE 47 i got a message that said
something along the lines of could not see your port 47 because the
connection was refused. The port is forwarded in the linksys router and is
listed as an exception in the windows firewall. Anything else I might be
doing wrong?

John

"jackjenkins" wrote:

> John,
> I just setup a vpn with 2 xp pro boxes on dsl, can't get the drives, folders
> to share yet though. Are you using dynamic dns or no-ip type client to keep
> your dynamic address constant? I had the same problem of the window just
> saying "connecting" before time out. After I connected it is quick. Got can
> youseeme.org though RDC and check to make sure the ports can be seen. Check
> the other computer too. Make sure in the Connection that it is pointing to
> the right ip or server name. Mine is working with the box 'Use remote
> gateway' checked in tcp/ip. You might try turning off encryption just to get
> it connected. On the "Incoming Connection" make sure tunneling is checked.
>
> Hope that helps. Maybe I'll figure out the share problem too.
>
> Jack
>
> Hope that helps
>
> "gyrocam1" wrote:
>
> > Hi Jack,
> > I'm not using a dynamic dns service on the vpn server, it has a static IP
> > but the client computer (laptop) is dynamic.
> >
> > Also I'm not getting an error message as such, what happens is I get a
> > message saying "veryfying user name and password" which just sits there until
> > I get frustrated with it and click cancel.
> >
> > I use the same username and password to connect using RDC without any
> > problem at all.
> >
> > John
> >
> > "jackjenkins" wrote:
> >
> > > What error message are you getting?
> > > Are you using a dynamic dns service?
> > >
> > > Jack
> > >
> > > "gyrocam1" wrote:
> > >
> > > > Hi Robin,
> > > >
> > > > Thanks for your response.
> > > >
> > > > These are the ports that I have forwarded in the linksys router:
> > > >
> > > > PPTP 1723 TCP protocol
> > > > RDC 3389 Both (TCP/UDP) protocol
> > > > GRE 47 Both (TCP/UDP) protocol
> > > > IPsec 50 Both (TCP/UDP) protocol
> > > > L2TP 500 Both (TCP/UDP) protocol
> > > >
> > > > All these ports are listed as exceptions within the Windows Firewall setup.
> > > >
> > > > If you want you could have a look at the setup for yourself through RDC.
> > > >
> > > > Hope this makes sense to you.
> > > >
> > > > Kind regards
> > > >
> > > > John Marzano
> > > >
> > > > "Robin Walker" wrote:
> > > >
> > > > > "gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
> > > > > news:B8D4629C-A5A4-46E5-875F-5CF2A1DFDC95@microsoft.com
> > > > > >
> > > > > > I am trying to set up a vpn connection between my home (laptop
> > > > > > dynamic IP) and my office (pc static IP).
> > > > >
> > > > > Are you trying to make a VPN with PPTP or with L2TP?
> > > > >
> > > > > > Both machines are running
> > > > > > windows xp pro sp2. The office machine is behind a Linksys router and
> > > > > > has port forwarding to the if address of the PC enabled.
> > > > >
> > > > > Which ports are forwarded? The required ports are different depending on
> > > > > whether you are trying PPTP or L2TP. For PPTP you need to forward TCP port
> > > > > 1723, plus IP protocol number 47 (known as GRE). On a Linksys, forwarding
> > > > > GRE is usually enabled by enabling "PPTP pass-through". However, depending
> > > > > on which model of Linksys router you have, PPTP pass-though is broken on
> > > > > certain firmware versions, and incoming PPTP connections cannot be made.
> > > > >
> > > > > With L2TP/IPSec, you need to forward UDP ports 1701, 500, and 4500, and
> > > > > enable "L2TP pass-through". But setting up an L2TP server is non-trivial on
> > > > > the IPSec side.
> > > > >
> > > > > > Windows
> > > > > > firewall is configured to allow VPN and rdc and indeed I can connect
> > > > > > no problem using RDC. When I try to establish a vpn I get as far as
> > > > > > logon name and password veryfication and then everything stops. I
> > > > > > have a feeling it may be something to do with authentication
> > > > > > prorocols but I don't know enough about how to configure
> > > > > > IPsec/certificates/MS-Chaps v2 blah blah blah.
> > > > >
> > > > > If you are trying L2TP/IPSec, then see
> > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;885407 because your
> > > > > L2TP server is behind a NAT router.
> > > > >
> > > > > --
> > > > > Robin Walker
> > > > > rdhw@cam.ac.uk
> > > > >
> > > > >
> > > > >
Anonymous
November 14, 2004 1:48:01 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

John,

It can't see my 47 either, but both sides can see 1723.
I have both boxes configured with dynamic dns client. The dns is provided
free by no-ip.com. So when I try to connect to the box, I don't type in an
ip address I type in name.no-ip.com. Also I use that name when 'making a
connection'. Since you have a pixed ip on one end yours is a little
different. Email me and I'll give you the address of my test box I have
setup and see if you can connect to it to see which side has a problem. The
email is my user name at softhome dot net. Then maybe we can figure out how
to share folders.

Jack
"gyrocam1" wrote:

> Hi Jack,
> My client ip is dynamically asigned behind a D-link broadband router. Is
> that likely to be a problem.
>
> I logged into the server machine with RDC and remotely ran your suggested
> canyouseeme.org. Interestingly enough, It could see port PPTP 1723 but
> couldn't see GRE port 47. When I tested GRE 47 i got a message that said
> something along the lines of could not see your port 47 because the
> connection was refused. The port is forwarded in the linksys router and is
> listed as an exception in the windows firewall. Anything else I might be
> doing wrong?
>
> John
>
> "jackjenkins" wrote:
>
> > John,
> > I just setup a vpn with 2 xp pro boxes on dsl, can't get the drives, folders
> > to share yet though. Are you using dynamic dns or no-ip type client to keep
> > your dynamic address constant? I had the same problem of the window just
> > saying "connecting" before time out. After I connected it is quick. Got can
> > youseeme.org though RDC and check to make sure the ports can be seen. Check
> > the other computer too. Make sure in the Connection that it is pointing to
> > the right ip or server name. Mine is working with the box 'Use remote
> > gateway' checked in tcp/ip. You might try turning off encryption just to get
> > it connected. On the "Incoming Connection" make sure tunneling is checked.
> >
> > Hope that helps. Maybe I'll figure out the share problem too.
> >
> > Jack
> >
> > Hope that helps
> >
> > "gyrocam1" wrote:
> >
> > > Hi Jack,
> > > I'm not using a dynamic dns service on the vpn server, it has a static IP
> > > but the client computer (laptop) is dynamic.
> > >
> > > Also I'm not getting an error message as such, what happens is I get a
> > > message saying "veryfying user name and password" which just sits there until
> > > I get frustrated with it and click cancel.
> > >
> > > I use the same username and password to connect using RDC without any
> > > problem at all.
> > >
> > > John
> > >
> > > "jackjenkins" wrote:
> > >
> > > > What error message are you getting?
> > > > Are you using a dynamic dns service?
> > > >
> > > > Jack
> > > >
> > > > "gyrocam1" wrote:
> > > >
> > > > > Hi Robin,
> > > > >
> > > > > Thanks for your response.
> > > > >
> > > > > These are the ports that I have forwarded in the linksys router:
> > > > >
> > > > > PPTP 1723 TCP protocol
> > > > > RDC 3389 Both (TCP/UDP) protocol
> > > > > GRE 47 Both (TCP/UDP) protocol
> > > > > IPsec 50 Both (TCP/UDP) protocol
> > > > > L2TP 500 Both (TCP/UDP) protocol
> > > > >
> > > > > All these ports are listed as exceptions within the Windows Firewall setup.
> > > > >
> > > > > If you want you could have a look at the setup for yourself through RDC.
> > > > >
> > > > > Hope this makes sense to you.
> > > > >
> > > > > Kind regards
> > > > >
> > > > > John Marzano
> > > > >
> > > > > "Robin Walker" wrote:
> > > > >
> > > > > > "gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
> > > > > > news:B8D4629C-A5A4-46E5-875F-5CF2A1DFDC95@microsoft.com
> > > > > > >
> > > > > > > I am trying to set up a vpn connection between my home (laptop
> > > > > > > dynamic IP) and my office (pc static IP).
> > > > > >
> > > > > > Are you trying to make a VPN with PPTP or with L2TP?
> > > > > >
> > > > > > > Both machines are running
> > > > > > > windows xp pro sp2. The office machine is behind a Linksys router and
> > > > > > > has port forwarding to the if address of the PC enabled.
> > > > > >
> > > > > > Which ports are forwarded? The required ports are different depending on
> > > > > > whether you are trying PPTP or L2TP. For PPTP you need to forward TCP port
> > > > > > 1723, plus IP protocol number 47 (known as GRE). On a Linksys, forwarding
> > > > > > GRE is usually enabled by enabling "PPTP pass-through". However, depending
> > > > > > on which model of Linksys router you have, PPTP pass-though is broken on
> > > > > > certain firmware versions, and incoming PPTP connections cannot be made.
> > > > > >
> > > > > > With L2TP/IPSec, you need to forward UDP ports 1701, 500, and 4500, and
> > > > > > enable "L2TP pass-through". But setting up an L2TP server is non-trivial on
> > > > > > the IPSec side.
> > > > > >
> > > > > > > Windows
> > > > > > > firewall is configured to allow VPN and rdc and indeed I can connect
> > > > > > > no problem using RDC. When I try to establish a vpn I get as far as
> > > > > > > logon name and password veryfication and then everything stops. I
> > > > > > > have a feeling it may be something to do with authentication
> > > > > > > prorocols but I don't know enough about how to configure
> > > > > > > IPsec/certificates/MS-Chaps v2 blah blah blah.
> > > > > >
> > > > > > If you are trying L2TP/IPSec, then see
> > > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;885407 because your
> > > > > > L2TP server is behind a NAT router.
> > > > > >
> > > > > > --
> > > > > > Robin Walker
> > > > > > rdhw@cam.ac.uk
> > > > > >
> > > > > >
> > > > > >
Anonymous
November 14, 2004 9:56:47 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

"gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
news:32A35441-3F10-46BB-87A6-78A1233D3425@microsoft.com
>
> I logged into the server machine with RDC and remotely ran your
> suggested canyouseeme.org. Interestingly enough, It could see port
> PPTP 1723 but couldn't see GRE port 47. When I tested GRE 47 i got a
> message that said something along the lines of could not see your
> port 47 because the connection was refused. The port is forwarded in
> the linksys router and is listed as an exception in the windows
> firewall.

GRE (IP Protocol number 47) is not "TCP port 47". Therefore when you tested
port 47, it was correctly refused. You cannot forward GRE by forwarding
port 47 in a router configuration.

The only way to forward GRE in a Linksys is by enabling "PPTP pass-thuough".
Even then, protocol 47 might be only forwarded when traffic has been
recognised on port 1723.

"PPTP pass-though" for incoming calls is broken on some firmware versions of
some models of Linksys router.

--
Robin Walker
rdhw@cam.ac.uk
Anonymous
November 16, 2004 6:21:02 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi Robin,

Thanks for that. I have updated the firmware in my Linksys router to the
latest that they have and pptp passthrough is enabled. I have removed the
forwarding of GRE 47 from the application and gaming forwarding page in the
Linksys router but still nothing doing.

John

"Robin Walker" wrote:

> "gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
> news:32A35441-3F10-46BB-87A6-78A1233D3425@microsoft.com
> >
> > I logged into the server machine with RDC and remotely ran your
> > suggested canyouseeme.org. Interestingly enough, It could see port
> > PPTP 1723 but couldn't see GRE port 47. When I tested GRE 47 i got a
> > message that said something along the lines of could not see your
> > port 47 because the connection was refused. The port is forwarded in
> > the linksys router and is listed as an exception in the windows
> > firewall.
>
> GRE (IP Protocol number 47) is not "TCP port 47". Therefore when you tested
> port 47, it was correctly refused. You cannot forward GRE by forwarding
> port 47 in a router configuration.
>
> The only way to forward GRE in a Linksys is by enabling "PPTP pass-thuough".
> Even then, protocol 47 might be only forwarded when traffic has been
> recognised on port 1723.
>
> "PPTP pass-though" for incoming calls is broken on some firmware versions of
> some models of Linksys router.
>
> --
> Robin Walker
> rdhw@cam.ac.uk
>
>
>
Anonymous
November 16, 2004 6:26:03 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi Jack,

Sorry I didn't get back to you sooner but I've been a bit tied up with home
stuff and haven't been able to get back to this for a couple of days.

I've just had a look at what Robin posted last and am trying a couple of
things including trying to make sense of the link he sent about L2TP/IPsec.

I'll be back, as he said in the movie....

John

"jackjenkins" wrote:

> John,
>
> It can't see my 47 either, but both sides can see 1723.
> I have both boxes configured with dynamic dns client. The dns is provided
> free by no-ip.com. So when I try to connect to the box, I don't type in an
> ip address I type in name.no-ip.com. Also I use that name when 'making a
> connection'. Since you have a pixed ip on one end yours is a little
> different. Email me and I'll give you the address of my test box I have
> setup and see if you can connect to it to see which side has a problem. The
> email is my user name at softhome dot net. Then maybe we can figure out how
> to share folders.
>
> Jack
> "gyrocam1" wrote:
>
> > Hi Jack,
> > My client ip is dynamically asigned behind a D-link broadband router. Is
> > that likely to be a problem.
> >
> > I logged into the server machine with RDC and remotely ran your suggested
> > canyouseeme.org. Interestingly enough, It could see port PPTP 1723 but
> > couldn't see GRE port 47. When I tested GRE 47 i got a message that said
> > something along the lines of could not see your port 47 because the
> > connection was refused. The port is forwarded in the linksys router and is
> > listed as an exception in the windows firewall. Anything else I might be
> > doing wrong?
> >
> > John
> >
> > "jackjenkins" wrote:
> >
> > > John,
> > > I just setup a vpn with 2 xp pro boxes on dsl, can't get the drives, folders
> > > to share yet though. Are you using dynamic dns or no-ip type client to keep
> > > your dynamic address constant? I had the same problem of the window just
> > > saying "connecting" before time out. After I connected it is quick. Got can
> > > youseeme.org though RDC and check to make sure the ports can be seen. Check
> > > the other computer too. Make sure in the Connection that it is pointing to
> > > the right ip or server name. Mine is working with the box 'Use remote
> > > gateway' checked in tcp/ip. You might try turning off encryption just to get
> > > it connected. On the "Incoming Connection" make sure tunneling is checked.
> > >
> > > Hope that helps. Maybe I'll figure out the share problem too.
> > >
> > > Jack
> > >
> > > Hope that helps
> > >
> > > "gyrocam1" wrote:
> > >
> > > > Hi Jack,
> > > > I'm not using a dynamic dns service on the vpn server, it has a static IP
> > > > but the client computer (laptop) is dynamic.
> > > >
> > > > Also I'm not getting an error message as such, what happens is I get a
> > > > message saying "veryfying user name and password" which just sits there until
> > > > I get frustrated with it and click cancel.
> > > >
> > > > I use the same username and password to connect using RDC without any
> > > > problem at all.
> > > >
> > > > John
> > > >
> > > > "jackjenkins" wrote:
> > > >
> > > > > What error message are you getting?
> > > > > Are you using a dynamic dns service?
> > > > >
> > > > > Jack
> > > > >
> > > > > "gyrocam1" wrote:
> > > > >
> > > > > > Hi Robin,
> > > > > >
> > > > > > Thanks for your response.
> > > > > >
> > > > > > These are the ports that I have forwarded in the linksys router:
> > > > > >
> > > > > > PPTP 1723 TCP protocol
> > > > > > RDC 3389 Both (TCP/UDP) protocol
> > > > > > GRE 47 Both (TCP/UDP) protocol
> > > > > > IPsec 50 Both (TCP/UDP) protocol
> > > > > > L2TP 500 Both (TCP/UDP) protocol
> > > > > >
> > > > > > All these ports are listed as exceptions within the Windows Firewall setup.
> > > > > >
> > > > > > If you want you could have a look at the setup for yourself through RDC.
> > > > > >
> > > > > > Hope this makes sense to you.
> > > > > >
> > > > > > Kind regards
> > > > > >
> > > > > > John Marzano
> > > > > >
> > > > > > "Robin Walker" wrote:
> > > > > >
> > > > > > > "gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
> > > > > > > news:B8D4629C-A5A4-46E5-875F-5CF2A1DFDC95@microsoft.com
> > > > > > > >
> > > > > > > > I am trying to set up a vpn connection between my home (laptop
> > > > > > > > dynamic IP) and my office (pc static IP).
> > > > > > >
> > > > > > > Are you trying to make a VPN with PPTP or with L2TP?
> > > > > > >
> > > > > > > > Both machines are running
> > > > > > > > windows xp pro sp2. The office machine is behind a Linksys router and
> > > > > > > > has port forwarding to the if address of the PC enabled.
> > > > > > >
> > > > > > > Which ports are forwarded? The required ports are different depending on
> > > > > > > whether you are trying PPTP or L2TP. For PPTP you need to forward TCP port
> > > > > > > 1723, plus IP protocol number 47 (known as GRE). On a Linksys, forwarding
> > > > > > > GRE is usually enabled by enabling "PPTP pass-through". However, depending
> > > > > > > on which model of Linksys router you have, PPTP pass-though is broken on
> > > > > > > certain firmware versions, and incoming PPTP connections cannot be made.
> > > > > > >
> > > > > > > With L2TP/IPSec, you need to forward UDP ports 1701, 500, and 4500, and
> > > > > > > enable "L2TP pass-through". But setting up an L2TP server is non-trivial on
> > > > > > > the IPSec side.
> > > > > > >
> > > > > > > > Windows
> > > > > > > > firewall is configured to allow VPN and rdc and indeed I can connect
> > > > > > > > no problem using RDC. When I try to establish a vpn I get as far as
> > > > > > > > logon name and password veryfication and then everything stops. I
> > > > > > > > have a feeling it may be something to do with authentication
> > > > > > > > prorocols but I don't know enough about how to configure
> > > > > > > > IPsec/certificates/MS-Chaps v2 blah blah blah.
> > > > > > >
> > > > > > > If you are trying L2TP/IPSec, then see
> > > > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;885407 because your
> > > > > > > L2TP server is behind a NAT router.
> > > > > > >
> > > > > > > --
> > > > > > > Robin Walker
> > > > > > > rdhw@cam.ac.uk
> > > > > > >
> > > > > > >
> > > > > > >
Anonymous
November 17, 2004 3:54:40 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

gyrocam1 <gyrocam1@discussions.microsoft.com> wrote:

> I have updated the firmware in my Linksys router to
> the latest that they have and pptp passthrough is enabled.

But that might be the problem: PPTP pass-through is broken on recent
versions of firmware of certain Linksys models. Which model of Linksys do
you have?

--
Robin Walker
rdhw@cam.ac.uk

> "Robin Walker" wrote:
>
>> "gyrocam1" <gyrocam1@discussions.microsoft.com> wrote in message
>> news:32A35441-3F10-46BB-87A6-78A1233D3425@microsoft.com
>>>
>>> I logged into the server machine with RDC and remotely ran your
>>> suggested canyouseeme.org. Interestingly enough, It could see port
>>> PPTP 1723 but couldn't see GRE port 47. When I tested GRE 47 i got
>>> a message that said something along the lines of could not see your
>>> port 47 because the connection was refused. The port is forwarded
>>> in the linksys router and is listed as an exception in the windows
>>> firewall.
>>
>> GRE (IP Protocol number 47) is not "TCP port 47". Therefore when
>> you tested port 47, it was correctly refused. You cannot forward
>> GRE by forwarding port 47 in a router configuration.
>>
>> The only way to forward GRE in a Linksys is by enabling "PPTP
>> pass-thuough". Even then, protocol 47 might be only forwarded when
>> traffic has been recognised on port 1723.
>>
>> "PPTP pass-though" for incoming calls is broken on some firmware
>> versions of some models of Linksys router.
!