Help With VPN Server

[Dave]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,

The set up: A windows xp machine running VPN incoming connections behind an
ADSL router (that has been configured). All the settings are default
(connect using username and password, etc). The pc is using a dynamic dns to
update the dns records of the current ip.

Remote desktop connection works perfectly. All my testing has been done
like this.

I am having problems setting up a VPN server with Windows XP. I am trying
to figure out exactly where the problem lies. The VPN is located behind an
ADSL router that has the neccessary PAT addresses configured and windows
firewall has been configured (I've even tried disabling it).

The windows XP machine can connect to my Windows 2000 VPN, but not the other
way around.

Basically I am having the following problem:
When I try connect to the VPN from a Windows 2000 Client, I get the
following error message: Error 781: The encryption attempt failed because no
valid certificate was found.

When I try connecting from a WinXP client, I get the following message:
Error 800: Unable to establish the VPN connection. The VPN server may be
unreachable, or security parameters may not be configured properly for this
connection.

I have done a lot of reading, but all of what I have found is absoulte
garbage. It all deals with Windows Server 2003 and Windows XP.

I have considered getting a certificate to try out, but is this really
neccessary?

I set up a test using an identical system, but from inside a LAN and that
worked fine.

Basically I need to know whether the problem lies with the router or if I
need to get a certificate for the server.

Thanks
Dave

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Well, the PPTP VPN server on a XP box needs to have both TCP Port 1723
forwarded through the router to the static LAN IP of the PPTP VPN server box
and have GRE Protocol 47 traffic enabled. The latter is sometimes called
"PPTP Pass Through" or "VPN Pass Through" depending on the manufacturer of
the router.

It has been my experience that the ability of consumer grade routers to pass
GRE Protocol 47 traffic can be problematic and highly dependent on firmware
versions running on the router. Simply stated some work others do not.

So, what router are you talking about? With that information perhaps someone
can help further...

What is a "PAT address"?

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"Dave" <Dave@discussions.microsoft.com> wrote in message
news:1FF9AFF6-5F73-42AC-8D8D-ADB9C53232FC@microsoft.com...
> Hi,
>
> The set up: A windows xp machine running VPN incoming connections behind
> an
> ADSL router (that has been configured). All the settings are default
> (connect using username and password, etc). The pc is using a dynamic dns
> to
> update the dns records of the current ip.
>
> Remote desktop connection works perfectly. All my testing has been done
> like this.
>
> I am having problems setting up a VPN server with Windows XP. I am trying
> to figure out exactly where the problem lies. The VPN is located behind
> an
> ADSL router that has the neccessary PAT addresses configured and windows
> firewall has been configured (I've even tried disabling it).
>
> The windows XP machine can connect to my Windows 2000 VPN, but not the
> other
> way around.
>
> Basically I am having the following problem:
> When I try connect to the VPN from a Windows 2000 Client, I get the
> following error message: Error 781: The encryption attempt failed because
> no
> valid certificate was found.
>
> When I try connecting from a WinXP client, I get the following message:
> Error 800: Unable to establish the VPN connection. The VPN server may be
> unreachable, or security parameters may not be configured properly for
> this
> connection.
>
> I have done a lot of reading, but all of what I have found is absoulte
> garbage. It all deals with Windows Server 2003 and Windows XP.
>
> I have considered getting a certificate to try out, but is this really
> neccessary?
>
> I set up a test using an identical system, but from inside a LAN and that
> worked fine.
>
> Basically I need to know whether the problem lies with the router or if I
> need to get a certificate for the server.
>
> Thanks
> Dave

 

[Dave]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

The PAT addressess are the port address translations (I think thats what it
stands for). Basically as the network shares one IP address, anything that
comes in on certain ports (TCP Port 1723 and GRE 47 included) are routed to a
specific pc (the machine running as the VPN server).

The router is a Telkom rebranded Marconi router (that is a rebrand of
someone else's router, I just don't know who's).

Other people have set up VPN's using this type of router
(ref:www.mybroadband.co.za). I have also made a post there. I have set all
the router settings in accordance with other people's configurations.

VPN Pass Through is enabled as well. The unfortunate thing is there is no
documentation on this router as no-one seems to be able to tell me who
actually manufactures it.

Thanks
Dave

"Sooner Al [MVP]" wrote:

> Well, the PPTP VPN server on a XP box needs to have both TCP Port 1723
> forwarded through the router to the static LAN IP of the PPTP VPN server box
> and have GRE Protocol 47 traffic enabled. The latter is sometimes called
> "PPTP Pass Through" or "VPN Pass Through" depending on the manufacturer of
> the router.
>
> It has been my experience that the ability of consumer grade routers to pass
> GRE Protocol 47 traffic can be problematic and highly dependent on firmware
> versions running on the router. Simply stated some work others do not.
>
> So, what router are you talking about? With that information perhaps someone
> can help further...
>
> What is a "PAT address"?
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
>
> "Dave" <Dave@discussions.microsoft.com> wrote in message
> news:1FF9AFF6-5F73-42AC-8D8D-ADB9C53232FC@microsoft.com...
> > Hi,
> >
> > The set up: A windows xp machine running VPN incoming connections behind
> > an
> > ADSL router (that has been configured). All the settings are default
> > (connect using username and password, etc). The pc is using a dynamic dns
> > to
> > update the dns records of the current ip.
> >
> > Remote desktop connection works perfectly. All my testing has been done
> > like this.
> >
> > I am having problems setting up a VPN server with Windows XP. I am trying
> > to figure out exactly where the problem lies. The VPN is located behind
> > an
> > ADSL router that has the neccessary PAT addresses configured and windows
> > firewall has been configured (I've even tried disabling it).
> >
> > The windows XP machine can connect to my Windows 2000 VPN, but not the
> > other
> > way around.
> >
> > Basically I am having the following problem:
> > When I try connect to the VPN from a Windows 2000 Client, I get the
> > following error message: Error 781: The encryption attempt failed because
> > no
> > valid certificate was found.
> >
> > When I try connecting from a WinXP client, I get the following message:
> > Error 800: Unable to establish the VPN connection. The VPN server may be
> > unreachable, or security parameters may not be configured properly for
> > this
> > connection.
> >
> > I have done a lot of reading, but all of what I have found is absoulte
> > garbage. It all deals with Windows Server 2003 and Windows XP.
> >
> > I have considered getting a certificate to try out, but is this really
> > neccessary?
> >
> > I set up a test using an identical system, but from inside a LAN and that
> > worked fine.
> >
> > Basically I need to know whether the problem lies with the router or if I
> > need to get a certificate for the server.
> >
> > Thanks
> > Dave
>
>
>

 

[Dave]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Here are the PAT settings for the VPN.

Prototcol | Interface | Service Name | PortNo | Server IP | Server Port

GRE | ATM1 | GRE Tunneling| 47 |[Ip of VPN]| 47
TCP | ATM1 | PPTP | 1723 |[Ip of VPN]| 1723
UDP | ATM1 | IPSec | 500 | [IP of VPN]| 500

Sorry, i forgot to put them in my last post.

Thanks
Dave

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Ok... I know that as NAT = Network Address Translation... Same thing...

First you don't need the IPsec port if your using PPTP VPN... That's just
another hole in your router that should be closed if not needed...

I found these pages...although its not much help...

http://www.portforward.com/english/routers/port_forwarding/Marconi/Marconi-Model2/Point-to-Point_Tunneling_Protocol.htm

http://www.portforward.com/english/routers/port_forwarding/Telkom/MPC850/Point-to-Point_Tunneling_Protocol.htm

As I noted earlier its possible you will need to upgrade/downgrade to a
different version of the firmware that will allow this to work. With my
Buffalo WBR-G54 I simply can not get a PPTP VPN tunnel established through
the router no matter what version of firmware I use. With my old Linksys
BEFSR41 it depended on the version of firmware. Some versions worked, some
did not. This may the case with your router...

One test you can run is detailed in this Cable Guy article... See the "VPN
Traffic" section near the end of the article...and grab the needed support
tools...

http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

Sorry I can't be of more help...

Good luck...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"Dave" <Dave@discussions.microsoft.com> wrote in message
news:E19F1BF9-B422-4D8E-882B-9DD5020DB313@microsoft.com...
> Here are the PAT settings for the VPN.
>
> Prototcol | Interface | Service Name | PortNo | Server IP | Server Port
>
> GRE | ATM1 | GRE Tunneling| 47 |[Ip of VPN]| 47
> TCP | ATM1 | PPTP | 1723 |[Ip of VPN]| 1723
> UDP | ATM1 | IPSec | 500 | [IP of VPN]| 500
>
> Sorry, i forgot to put them in my last post.
>
> Thanks
> Dave
>