dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2044
jay_dale
join:2004-03-02
Spring, TX

jay_dale

Member

[Help Me] DGL 4300 VPN

Hi all,

I am trying to setup a VPN connection from my office to my home computer behind a DGL-4300. Everything I've tried fails to work though, since it appears the firewall blocks protocol 47. Also I've noticed when I connect from my home machine with a VPN it tends to drop the connection after a couple of minutes. I've looked everywhere to try and figure this out, but Dlink won't help and there's not much on the Internet.

Anyone had success in setting up an incoming connection through this firewall?

Thanks,

-J

packetpusher
Premium Member
join:2005-03-22
Oakville, ON

packetpusher

Premium Member

What type of VPN connection are you using? Do you have the IPSEC, or PPTP ALG's enabled?
jay_dale
join:2004-03-02
Spring, TX

jay_dale

Member

It's just a simple Windows XP VPN connection, and all of the ALG applications are checked and nothing else added. I also have 1723 forwarded under the Gaming section. That's it. I had this problem with the 1.4 firmware, and I just today upgraded to the 1.6 with still the same problem.

packetpusher
Premium Member
join:2005-03-22
Oakville, ON

packetpusher to jay_dale

Premium Member

to jay_dale
Remove the port forwarding rule for 1723. Enabling only the PPTP ALG, and try it out. Is it IPSEC VPN, PPTP, or L2TP. From what you are describing I would assume PPTP, in which case only enable that ALG.
jay_dale
join:2004-03-02
Spring, TX

jay_dale

Member

I have cleared all of the ALG applications except PPTP, and removed 1723 from the Gaming section.

When I try to connect, the log states the firewall blocked the incoming TCP connection on port 1723. I tried with both PPTP and IPSEC turned on as well with the same response. Is there something else I'm missing?

packetpusher
Premium Member
join:2005-03-22
Oakville, ON

packetpusher to jay_dale

Premium Member

to jay_dale
No that should be about it. Port forwarding shouldn't really be required as the ALG should do the job for you, but I know that PPTP has worked previously through this router. If I have a couple spare minutes I'll hunt one down and test it out for you.
jay_dale
join:2004-03-02
Spring, TX

jay_dale

Member

If you or anyone else could help, that would be great.

It just appears that even with the ALG selected, it blocks the incoming 1723 connection request. And even when I actually forwarded 1723, it still blocked the corresponding protocol 47 during account verification.
dc69
join:2006-01-17
united kingd

dc69 to jay_dale

Member

to jay_dale
You might want to try using a virtual server entry - there's one in the dropdown list for PPTP and this worked for me when I needed to do the same thing a few months ago.

Cheers,
Dave
said by jay_dale:

Hi all,

I am trying to setup a VPN connection from my office to my home computer behind a DGL-4300. Everything I've tried fails to work though, since it appears the firewall blocks protocol 47. Also I've noticed when I connect from my home machine with a VPN it tends to drop the connection after a couple of minutes. I've looked everywhere to try and figure this out, but Dlink won't help and there's not much on the Internet.

Anyone had success in setting up an incoming connection through this firewall?

Thanks,

-J
jay_dale
join:2004-03-02
Spring, TX

jay_dale

Member

Thanks dc69, that fixed it. However, it causes another problem. This time with outgoing VPN connections.

When I connect to a client with a VPN connection, it disconnects after a minute or two, and I notice this in the log of the device:

[INFO] Wed Jan 18 17:53:36 2006 PPTP ALG rejected packet from (their ip):1723 to (my outside address):2565

After a few of these entries the connection simply drops. Any ideas as to why the firewall would drop this connection?

Thanks!
jay_dale

jay_dale

Member

Ok, after fiddling with it some more I learned that if I connect to a client using just a firewall VPN connection, the connection stays connected. If I connect to a client using RRAS, it drops. I get the above message in the log with a different port each time to my outside address and then the connection simply drops.
Dan Koerner
join:2000-08-05
Clinton, TN

Dan Koerner

Member

You may want to look at this... »DGL 4300 has a new 1.6 FW release, by nemo01.

I don't use it , so I can't help.
jay_dale
join:2004-03-02
Spring, TX

jay_dale

Member

I've already upgraded to 1.6 and have this same problem as before with 1.4. Thanks, though...:)

packetpusher
Premium Member
join:2005-03-22
Oakville, ON

packetpusher to jay_dale

Premium Member

to jay_dale
Just to clarify the VPN server is behind some other firewall at a remote location and the clients are located behind the DGL-4300? What do you mean when you say "connect a client with RRAS"?
jay_dale
join:2004-03-02
Spring, TX

jay_dale

Member

In other words, some clients I connect using a FW username/PW, while other clients I connect to using a domain UN/PW. One is authenticated in the FW, while the other is authenticated through RRAS.

Sorry, didn't clarify...:D

eots
join:2003-02-04

2 edits

eots

Member

When you say you're connecting using a domain, username and password, are you authenticating to a RADIUS server? Which protocol are you using to establish the VPN tunnel, PPTP or L2TP?

I also had outgoing VPN connection problems with the DGL-4300 using PPTP, but L2TP was stable. I was hoping to hear that FW 1.6 resolved this issue.

laughey
@metrocast.net

laughey to jay_dale

Anon

to jay_dale
With 1.6, if you turn the PPTP ALG off, it should work with a MS PPTP server. The ALG is only necessary, according to DLINK, if you need more than one user in the inside of the 4300 to use PPTP at the same time. Welcome to the world of DLINK -- horrible product and NO support.
D2Meep3
join:2005-07-27
Cochranton, PA

D2Meep3 to jay_dale

Member

to jay_dale
hmm mine was connected to the net b4 with the pptp alg turned on heres my set up im at home my wired pc to the 4300 has outpost firewall on it when i turned off pptp in the router it still connected but my firewall blocked me for an RST Attack which i dont know what that means it looked like this though :

RST Attack: xxx.xxx.x.xxx --> xxx.xxx.x.xxx blocked for 5min

x= my ipaddress =)