|
[Help Me] DGL 4300 VPNHi all,
I am trying to setup a VPN connection from my office to my home computer behind a DGL-4300. Everything I've tried fails to work though, since it appears the firewall blocks protocol 47. Also I've noticed when I connect from my home machine with a VPN it tends to drop the connection after a couple of minutes. I've looked everywhere to try and figure this out, but Dlink won't help and there's not much on the Internet.
Anyone had success in setting up an incoming connection through this firewall?
Thanks,
-J |
|
|
What type of VPN connection are you using? Do you have the IPSEC, or PPTP ALG's enabled? |
|
|
It's just a simple Windows XP VPN connection, and all of the ALG applications are checked and nothing else added. I also have 1723 forwarded under the Gaming section. That's it. I had this problem with the 1.4 firmware, and I just today upgraded to the 1.6 with still the same problem. |
|
|
to jay_dale
Remove the port forwarding rule for 1723. Enabling only the PPTP ALG, and try it out. Is it IPSEC VPN, PPTP, or L2TP. From what you are describing I would assume PPTP, in which case only enable that ALG. |
|
|
I have cleared all of the ALG applications except PPTP, and removed 1723 from the Gaming section.
When I try to connect, the log states the firewall blocked the incoming TCP connection on port 1723. I tried with both PPTP and IPSEC turned on as well with the same response. Is there something else I'm missing? |
|
|
to jay_dale
No that should be about it. Port forwarding shouldn't really be required as the ALG should do the job for you, but I know that PPTP has worked previously through this router. If I have a couple spare minutes I'll hunt one down and test it out for you. |
|
|
If you or anyone else could help, that would be great.
It just appears that even with the ALG selected, it blocks the incoming 1723 connection request. And even when I actually forwarded 1723, it still blocked the corresponding protocol 47 during account verification. |
|
dc69 join:2006-01-17 united kingd |
to jay_dale
You might want to try using a virtual server entry - there's one in the dropdown list for PPTP and this worked for me when I needed to do the same thing a few months ago. Cheers, Dave said by jay_dale:Hi all, I am trying to setup a VPN connection from my office to my home computer behind a DGL-4300. Everything I've tried fails to work though, since it appears the firewall blocks protocol 47. Also I've noticed when I connect from my home machine with a VPN it tends to drop the connection after a couple of minutes. I've looked everywhere to try and figure this out, but Dlink won't help and there's not much on the Internet. Anyone had success in setting up an incoming connection through this firewall? Thanks, -J |
|
|
Thanks dc69, that fixed it. However, it causes another problem. This time with outgoing VPN connections.
When I connect to a client with a VPN connection, it disconnects after a minute or two, and I notice this in the log of the device:
[INFO] Wed Jan 18 17:53:36 2006 PPTP ALG rejected packet from (their ip):1723 to (my outside address):2565
After a few of these entries the connection simply drops. Any ideas as to why the firewall would drop this connection?
Thanks! |
|
jay_dale |
Ok, after fiddling with it some more I learned that if I connect to a client using just a firewall VPN connection, the connection stays connected. If I connect to a client using RRAS, it drops. I get the above message in the log with a different port each time to my outside address and then the connection simply drops. |
|
|
You may want to look at this... » DGL 4300 has a new 1.6 FW release, by nemo01. I don't use it , so I can't help. |
|
|
I've already upgraded to 1.6 and have this same problem as before with 1.4. Thanks, though...:) |
|
|
to jay_dale
Just to clarify the VPN server is behind some other firewall at a remote location and the clients are located behind the DGL-4300? What do you mean when you say "connect a client with RRAS"? |
|
|
In other words, some clients I connect using a FW username/PW, while other clients I connect to using a domain UN/PW. One is authenticated in the FW, while the other is authenticated through RRAS.
Sorry, didn't clarify...:D |
|
2 edits |
eots
Member
2006-Jan-21 10:44 pm
When you say you're connecting using a domain, username and password, are you authenticating to a RADIUS server? Which protocol are you using to establish the VPN tunnel, PPTP or L2TP?
I also had outgoing VPN connection problems with the DGL-4300 using PPTP, but L2TP was stable. I was hoping to hear that FW 1.6 resolved this issue. |
|
|
laughey to jay_dale
Anon
2006-Jan-29 4:07 pm
to jay_dale
With 1.6, if you turn the PPTP ALG off, it should work with a MS PPTP server. The ALG is only necessary, according to DLINK, if you need more than one user in the inside of the 4300 to use PPTP at the same time. Welcome to the world of DLINK -- horrible product and NO support. |
|
D2Meep3 join:2005-07-27 Cochranton, PA |
to jay_dale
hmm mine was connected to the net b4 with the pptp alg turned on heres my set up im at home my wired pc to the 4300 has outpost firewall on it when i turned off pptp in the router it still connected but my firewall blocked me for an RST Attack which i dont know what that means it looked like this though :
RST Attack: xxx.xxx.x.xxx --> xxx.xxx.x.xxx blocked for 5min
x= my ipaddress =) |
|
|