dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
6629

bluescreen
@verizon.net

bluescreen

Anon

[Networking] Trying to set up PPTP VPN, cannot connect externally

Hi everyone,

I've been messing with this for hours and hours now and I just can't seem to get it to work. My ultimate goal is to set up a VPN into my home network that I can connect to from my Android phone. This kind of limits me in the available choices for types of VPN to use -- it has to be one of the ones supported by Android. For starters, I decided to go with a standard old-fashioned PPTP VPN. I have a Windows 7 machine inside my FiOS network (using the standard VZ-provided Actiontec router) and I used it to set up a VPN server. I followed instructions available at many places, this being one:

»www.howtogeek.com/135996 ··· oftware/

This process is relatively simple. The Win7 box has a static IP within the network. I then went into my Actiontec router and added port forwarding for PPTP (via the built-in rule that also includes GRE forwarding) to the static IP of the Win7 box, and attempted to connect from my phone via a cellular connection. This did not work. I then tried about a million combinations of settings with a similar fate. Finally, as a test, I set the Win7 box as the DMZ Host in the Actiontec router, and disabled Windows Firewall on the Win7 box. As far as I can tell, there should now be nothing in the way of a connection being established, unfortunately it still will not work.

Interestingly, if I attempt to connect to the VPN server from another Windows machine within the network, it works as long as I provide the internal IP of the Win7 box hosting the server (192.168.1.x). If I provide my external IP, however, it will not work. Because of this, I suspect the Actiontec is not forwarding something properly, but I can't really prove it.

Any suggestions would be appreciated.
marc3565
join:2009-10-08

marc3565

Member

What is the IP you are using for the static?
BlueScreen
join:2014-01-11

BlueScreen

Member

The internal IP of the Win7 machine is 192.168.1.120.
PJL
join:2008-07-24
Long Beach, CA

PJL

Member

said by BlueScreen:

The internal IP of the Win7 machine is 192.168.1.120.

That may be the issue. I think it's in the special range where STBs go. See this thread. It may apply. »[Networking] IP Conflicts on FiOS Router MI424WR-GEN3I

More Fiber
MVM
join:2005-09-26
Cape Coral, FL

More Fiber to bluescreen

MVM

to bluescreen
said by bluescreen :

If I provide my external IP, however, it will not work

The Actiontec does not support loopback from the internal LAN to it's external IP address. You have to test from another IP address.

Did you set the Source Port on the PF rule to ANY? The Source Port [b]must be{/b} ANY. It is a common mistake not to do that.
BlueScreen
join:2014-01-11

BlueScreen

Member

Click for full size
said by PJL:

That may be the issue. I think it's in the special range where STBs go

Thanks for this link. Per the thread you provided, I changed the static IP on the Win7 machine to 192.168.1.151. Unfortunately, this didn't seem to fix it.
said by More Fiber:

Did you set the Source Port on the PF rule to ANY? The Source Port [b]must be{/b} ANY. It is a common mistake not to do that.

I'm attempting to connect from my Android phone (Nexus 5) via an AT&T Cellular connection. I've tried using both LTE and HSPA+ networks and neither seem to work. I believe I've configured the PPTP forwarding correctly (I used the pre-configured option for PPTP on the Router's port forwarding page). I've attached a pic I clipped from the actiontec UI... does that look right?

As a side note, I've got several other port forwards going to various devices in my network and they're working just fine (a few security cameras, a linux box I use for development, etc). Granted they're all standard TCP forwards, nothing much crazier than that.
rlstarry
Premium Member
join:2002-05-22
California

rlstarry

Premium Member

Click for full size
That should be all you need to open up. I remember having issues until I made my own port forward rules under advanced -> port forwarding rules.
I'm running pptp and l2tp so I have a few more ports open than you'd need.
dewdude
pfSense on xcp-ng Asterisk geek
join:2010-03-27
Manassas, VA
·voip.ms
(Software) pfSense
(Software) DD-WRT

dewdude to bluescreen

Member

to bluescreen
I've done this before, in fact for quite some time I was running a basic PPTP VPN to my Windows 7 machine with no issues.

First of all; on the issue of the STB IPs; all of mine start at .101 and since it's detecting 5 coax devices; it's only using to .106 (although I have 6 STBs so I'm not sure why one isn't showing up.) Did they always start out on .101? That I can't remember; some time ago I had a wireless AP running on .100 and I think they all reconfigured themselves to bump up an IP. Won't swear to it; but using anything above .110 is generally fine. There aren't any "IP ranges" that I can see except for the fact the coax LAN might not start assigning till .100/101. I have a device that's 192.168.1.254 and all the forwards to it work fine.

It looks like from your screenshot that you used the preset for PPTP to the IP; which is good because you need GRE to make it all work.

Did you bother to check Windows Firewall to make sure PPTP is allowed? I had to enable PPTP on my Windows Firewall, making the connection on the PC wasn't actually enough to automatically enable it. You might also want to check the advanced settings on firewall rules and make sure NAT traversal for the PPTP rule is allowed. But the pre-configured PPTP option on the Actiontec menu has worked for both Win7 PPTP and my current Linux hosted PPTP.
BlueScreen
join:2014-01-11

BlueScreen

Member

said by rlstarry:

That should be all you need to open up.

Thanks for the suggestion. I set it up as you have pictured and still no dice.
said by dewdude:

Did you bother to check Windows Firewall to make sure PPTP is allowed?

Yes, one of the first things I tried was disabling Windows Firewall on the Win7 machine entirely, then setting the Win7 machine as the DMZ in the Actiontec, which (to my understanding) should basically turn off anything that may be getting in the way. Oddly, this still did not work.

I did a bunch more research and I saw several posts suggest switching from MoCA to Ethernet on the FiOS ONT, then trying a different router. I happened to have an old router with DD-WRT lying around, so I spent the better part of Sunday running a cable from my ONT into the house, calling Verizon to do the switchover to Ethernet, then configuring the alternate router. Once this was done, I set up a PPTP server directly on the DD-WRT router, attempted to connect from my phone via cellular, and it connected instantly. Unfortunately I had to plug the Actiontec router back in (via the WAN ethernet port this time) so the guide data would return to my TV. I haven't had a chance to try port forwarding to the Win7 box via the Ethernet-connected Actiontec yet, but I'll give that a shot and report back.
BlueScreen

BlueScreen

Member

Okay, I just got around to putting everything back as it was. I removed the DD-WRT router from the mix and put the Actiontec back as my router. Everything is identical to before, except I'm connecting to the internet via WAN instead of MoCA. Everything appears to be working fine now, and I am able to connect remotely. So, while it doesn't make much sense, it seems as though in my case, switching from MoCA to ethernet solved the problem. Hopefully this will be helpful to someone else down the line.
Expand your moderator at work