I am currently trying to setup a VPN server on my Windows 7 PC and trying to setup a VPN connection on a Remote PC over the internet to my computer.
In my router I have forwarded ports 1723, 500, and 1701 UDP/TCP to cover all my odds and ends with the ports. I have a wnr2000v3 router and from what i can tell I don't need to setup GRE 47 or VPN pass through with it because I don't see an option for it in the router configuration.
On the VPN server side I believe I have created the new incoming connection VPN through the network wizard. Then I ran the cmd prompt netstat -ano to see which ports are open and what ports my computer is listening to, and ports 1723, 1701, and 500 are not on that list so I assume my computer is not listening to these ports.
Now on the client computer when I try to connect it seems as though it goes through everything fine but when it gets to registering computer I get an error that stats something a long the lines of cannot resolve the connection because of a DNS error.
Is there something else I have to do in Windows 7 to open ports 1723, 1701, and 500. Or am I missing something else any info to correct this would be much appreciated. Hope to hear back from the community soon.
I've used the MS VPN many times, so perhaps my experiences can provide some guidance.
Yes, you need GRE (protocol 47) and VPN pass-through support. Even though there's not an option to control it, hopefully it's enabled by default. The only thing I've ever opened on the firewall is port 1723.
Hopefully you've tested this on the LAN side (client and server) before attempting through your router's firewall. Does that work? IOW, is this strictly a firewall issue from the Internet side, or is the VPN server not working at all, not even between two LAN machines? You have to get that working before even attempting from the Internet.
If you don't see something similar to the following from netstat on the VPN server, it's not a good sign:
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4
The number 4 is just the PID (process ID), which will vary, but the rest should be the same. If not listed, then obviously it's not running. The output from netstat can be lengthy, so perhaps output to a file and search it to minimize the chance of missing it (e.g., netstat -ano > c:\temp.txt)
If and when you do have it working between LAN machines, attempts to test it from the Internet side using a loopback (i.e., a client inside the LAN that goes out your router and comesback in) will likely fail. You typically must the access from literally OUTSIDE your network. A bit of a hassle in some cases, but I can't remember a loopback ever working.
One oddity I've noticed about the MS VPN server is that using DHCP for the server never works (at least not for me). Connection attempts always fail. The ONLY way I've ever gotten it to work is specifying a range of local IPs outside my router's DHCP pool. This doesn't seem obvious and can set you back quite a while until you finally realize the problem.
If using a local firewall on the VPN server machine, either disable it (at least while testing), or open the necessary ports (1723). That's why LAN side testing is so important, so you eliminate these problems before having to deal w/ the router's firewall.