dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10889
share rss forum feed

trudesea

join:2009-09-23

[Business] Cannot PPTP VPN through the business gateway

I need to be able to PPTP VPN from a couple clients to a remote site. It seems as though the business gateway is blocking it.

Does anyone know if this can be resolved using port forwarding on the gateway? If so, any examples?

I've tried to forward port 1723 TCP/UDP and GRE to the WAN interface of my wireless router (Buffalo G300NH) with no luck.

So I have:

Public Private Protocol IP
0 0 ~ 0 GRE 10.1.xx.xx (WAN IP)
1723 1723 ~ 1723 TCP/UDP 10.1.xx.xx (WAN IP)

Not sure if the ports ranges are correct. PPTP VPN passthrough is enabled on the Buffalo. I've also connected by laptop up to the business gateway directly and cannot connect.

Any advice/help appreciated.

Thanks,
Tim


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by trudesea:

I need to be able to PPTP VPN from a couple clients to a remote site. It seems as though the business gateway is blocking it.

Does anyone know if this can be resolved using port forwarding on the gateway? If so, any examples?

I've tried to forward port 1723 TCP/UDP and GRE to the WAN interface of my wireless router (Buffalo G300NH) with no luck.

So I have:

Public Private Protocol IP
0 0 ~ 0 GRE 10.1.xx.xx (WAN IP)
1723 1723 ~ 1723 TCP/UDP 10.1.xx.xx (WAN IP)

Not sure if the ports ranges are correct. PPTP VPN passthrough is enabled on the Buffalo. I've also connected by laptop up to the business gateway directly and cannot connect.

Any advice/help appreciated.

Thanks,
Tim

I had that happen to me a couple of days ago. I was using a public hotspot, and PPTP would not connect, but I was able to connect via IPSEC. I had assumed that it was the local hotspot that was blocking it . I have seen selective VPN blocking before, and that is one reason that I run both PPTP and IPSEC servers. However, now I think I will dig my notebook out of the backpack and try to do a 3G PPTP connection to see if it works.

I will be back in about 30 minutes (or possibly less) to report the results of the test.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

noisefloor

join:2010-05-09
reply to trudesea
OK, how is your SMC gateway configured? Using a static IP I assume? Make sure you login to 10.1.10.1 cusadmin
make sure SPI is disabled and static firewall is disabled. Try to connect.


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to trudesea
OK, I just tested my PPTP access through my new Comcast SMCD3G gateway using a 3G connection on my notebook.

The good news for me is that I had my desktop shortcut setup to use a hostname that no longer shares an IP address with my PPTP server. Previously with AT&T DSL, I only had a single static IP address per circuit, but with Comcast Business I have a /29 block. All I had to do was change the hostname to get my PPTP access working again.

The bad news for you is that I don't have a clue what to tell you about your PPTP problem. So I will start with a question that will help me know where to start.

I suspect that you are using a dynamic IP since you are talking about port forwarding, but a single static IP might also require port forwarding in the SMC gateway depending on how your other equipment is connected and configured. Do you have static IP address(es), or are you using a dynamic IP address?
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

noisefloor

join:2010-05-09
It sounds like he is port forwarding through his buffalo router and his SMC is just routing the static. I'm just thinking something like SPI or true static firewall is enabled in the SMC.

trudesea

join:2009-09-23
I'm using dynamic ip.

Here is my SMC Firewall setup:

enabled: Disable Firewall for True Static IP Subnet Only
enabled: Disable Gateway Smart Packet Detection
disabled: Disable Ping on WAN Interface

I attempted to setup port forwarding to the WAN interface on the Buffalo which has PPTP passthrough enabled. All my clients devices are wired connections to the LAN ports of the Buffalo.

I'd be so nice to just have a bridge option on the SMC I've read where you can come close, but differing opinions on whether it's a good thing to do.

thanks for the info guys. hopefully I've provided you with the info you were asking about.

Tim


JohnInSJ
Premium
join:2003-09-22
Aptos, CA
I believe there is a setting on the SMC that enables/disables vpn pass-through, but it's on the "comcast only" view/login for the modem so you can't "officially" change it.

You might be able to get someone on comcast's slide to log in and flip the bit for you.
--
My place : »www.schettino.us

noisefloor

join:2010-05-09
reply to trudesea
alright, so it sounds like you also have a double NAT situation as well then. Since you aren't on a static talk them into installing a standard cable modem for you.

sloppy work around would be to enable DMZ (from the smc) for the buffalo router.

keason
Premium
join:2002-05-02
Ann Arbor, MI
Reviews:
·Comcast Business..
Static IP's would make this much easier too. Is there any reason that you are using PPTP instead of SSL? Many hotspots are locked down for all ports but http, https, pop, dns and imap.

There are lots of inexpensive SSL devices , many of which will double as a router/firewall on top of being more secure.

trudesea

join:2009-09-23
I think there may be a misunderstanding....I'm going from a couple of my client PCs behind the Buffalo router and business gateway to a pptp vpn at another site that I don't manage.

I don't know why they are sticking to pptp vpn.


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by trudesea:

I think there may be a misunderstanding....I'm going from a couple of my client PCs behind the Buffalo router and business gateway to a pptp vpn at another site that I don't manage.

I don't know why they are sticking to pptp vpn.

In that case, nothing you can do with DMZ or port forwarding on either the SMC or Buffalo routers would make any difference. Those settings are for incoming traffic, not outgoing.

Look for port filtering settings in the routers and/or in the software firewalls on the individual PCs involved.

You may also be running into a problem of conflicting LAN IP address ranges. If your LAN subnet(s) have not changed behind the Buffalo router, then possibly the LAN subnet on your SMC router is the same as is used on the remote VPN server(s). I have seen that cause problems with both PPTP and IPSEC VPN in both directions. It is also possible that the remote networks have changed the LAN subnet that they use, so that even if you have not changed anything behind your Buffalo router, there could still be a conflict. You (or your clients) may need to contact the operator(s) of the VPN server(s) to find out if any changes have been made to the remote end and/or what IP subnet is in use on their end.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.