VPN issue

September 27, 2009 at 03:23:24
Specs: Windows Vista
Hi
I have gone though the RRAS wizard to setup VPN on server 2003. I am trying to connect from vista laptop to the server but error msg am getting is 'remote server is not configured to establish a connection on port 'pptp' with this computer.
A have a router that connects to the server to the internet. I am not sure if that needs to be configured as well?

See More: VPN issue

Report •


#1
September 27, 2009 at 07:18:54
The router has to be configured, to forward tcp port 1723.
The router may have an option to passthrough PPTP.
If so, activate this option.

Report •

#2
September 28, 2009 at 17:21:48
Thanks for your reply.
I have opened TCP ports 1701-1723 on my router. I am reading a paper from Microsoft that says that for external computers to connect over VPN, the server should have a static address? I think I have dynamically assigned address setup on my internet connection. Will that work?
- Or will I have to contact my ISP for a static IP???
- Or should I configure the connection to use an assigned IP like 192.168.0.1?
Thanks

Report •

#3
September 28, 2009 at 17:30:30
If you will connect to your machine from the internet, you need a static ip address or you need a service like NO-IP or DYNDNS, to assign your dynamic ip address to a domain name.
On DynDNS, there are several tools to update the domain name automatically with the current ip address. Also alot of routers do have such function integrated. So no special update client is needed.
In that case, you can access the local machine via, e.g.:
your_domain_name.dyndns.org
This will work for you.

Report •

Related Solutions

#4
September 29, 2009 at 17:00:32
Hi,

Thanks for your reply. I did sign up for a dyndns account and when I set up my VPN server on MS Server 2003, i used the domain "mancosa.dyndns.biz" as registered. I also downloaded a client update for IP updates. I cant seem to connect even if i type http://127.0.0.1 in my browser. The RRAS shows that server is running and my port on my router at UDP 1723 is also tested opened. Any help? Thanks

PS: on my router it says "local ip address" do i have to give the IP address of the Internet connection or my Private VPN network here? Thanks


Report •

#5
September 29, 2009 at 17:11:51
It's a forwarding, you configure in the router, so you have to forward the traffic for port 1723 to the server that provides PPTP. I assume, that the server has a private (non routable) ip address, something like 192.168.x.x. So that's the address, you need to configure in the router.

What are you expecting to see on http://127.0.0.1 ?


Report •

#6
September 29, 2009 at 18:08:22
Hi
Thanks for your prompt reply. There are 2 IPs:

Internet Adapter:
192.168.1.11
LAN Adapter:
192.168.0.1

1) I put the one connected to the internet 192.168.1.11
2) And it requests for a name for the server. Is that my server name right? in that case it is "server"
3) How can i test if the port is open and listening? I tried portqry but it says 'wrong command'. I downloaded PFPortChecker but when i tested '1723 TCP' it says 'could not test port 1723 because another application has that port locked. Close any application using it'. When I stop the server and test again, it says "your port is open"??
-------------
The 127.0.0.1, i read on the dyndns server that if we cant connect to server then we should test it locally first by testing this address. I dont know what to expect :)

Thanks.


Report •

#7
September 29, 2009 at 18:26:15
You can use http://www.auditmypc.com/firewall-t... to check, whether the port is open and reachable from the internet.
Go to the buttom of that page and type in you public ip address and hit enter.
At the next page choose "Advanced Security Scan" and type in TCP,1723
The port scan status page will show, whether the port is open and reachable.

Report •

#8
September 29, 2009 at 20:46:56
hi.
Yes the port is open. Still same problem. I cant connect from vista. Says 'server not configured for pptp with this computer'!

Report •

#9
September 29, 2009 at 21:16:41
Can you connect the vista machine, so that it can directly connect to the PPTP server network card (192.168.1.11)?
Then create a new connection where the address of the pptp vpn server is 192.168.1.11 on the vista machine.
Try to connect via this new pptp connection.
Does this give the same message?

Report •

#10
September 29, 2009 at 21:28:08
Ah one other thing I forgot.
On the vista machine, I guess there is running the windows firewall.
Check whether the GRE (protocol 47) not port 47 is allowed.

Report •

#11
September 30, 2009 at 11:36:03
Hi

It didnt give that message when connecting to the 192.168.1.11 address but couldnt connect. I turned off firewall both on server and vista client.

- Is that enough to allow for the GRE(47) to be allowed?
- I am not too sure if my settings of the addresses are correct for things like DNS, DHCP, etc. Maybe that is why.

Maybe you could direct me the steps so that i check if I've done it properly. I just followed the wizard though.


Report •

#12
September 30, 2009 at 14:03:31
If
- both firewalls are deactivated
- both, server and vista client are connected to the same switch
- both machines are in the same ip range (192.168.1.x)
- PPTP connection from vista client to 192.168.1.11

This should work.


Report •

#13
October 1, 2009 at 10:41:18
Hi.
Just to ask:

- do i need to setup DHCP and DNS servers or only the DHCP on my router is enough? What I've done is setup DHCP, DNS, Active Directory and VPN servers on the server and now I am a bit confused whether that should be done because the router has a DHCP.
- what DNS and DHCP settings should i put for the connection on the vista client?
- How does the dyndns.org keep track of my domain?
Thanks


Report •

#14
October 1, 2009 at 13:48:03
The Windows server needs DNS for running ADS.
Anyway, the windows server can run DNS and DHCP.
In that case, the router do not need act as a DHCP server.
The vista clients should get the ip and dns from the windows server.
DynDNS must be updated by either a dyndns client program, running on the server or if supported, by the router itself. Most routers do support DynDNS, NO-IP and others.
So DynDNS only knows the current public ip address, that will be assigned to the domain name e.g. yourdomain.dyndns.org.

Report •

#15
October 1, 2009 at 14:21:43
Hi there
Many thanks for your patience and reply. I just tried something that will make you happy because it apparently worked. Uff! I created a VPN connection from the server itself and in the host name destination I typed 'server.mancosa.dyndns.org' where 'server' is the name of my server. And I was able to connect and looking in the Routing and Remote Access, I saw the user in the Remote Access Clients. Yes, I did install the update client for dyndns.com.

In Vista when I type 'server.mancosa.dyndns.org' in the host address or destination it says host does not exist. My registered domain in dyndns.com is 'mancosa.dyndns.org'. So:

1) Do i need to install Active Directory and add my server computer named 'server' as a resource computer?
2) Should I create a forest with a new tree and give 'mancosa.dyndns.org' as my domain or 'server.mancosa.dyndns.org'?
3) In the vista connection, the host destination should be what? 'mancosa.dyndns.org' or 'server.mancosa.dyndns.org'
4) Also what is the Preferred DNS setting? Or should i just set it to automatically detect. Or is it the DNS Servers for my ISP?
Thanks.


Report •

#16
October 1, 2009 at 15:01:22
The name, you have to use in the Remote Desktop Client is simply mancosa.dyndns.org.
This directs you to the public ip of your router, which forwards the the internal ip address of the server.

Ah, automatically detect is ok. So when public ip changes, the update client for dyndns will update the ip address for mancosa.dyndns.org at dyndns.org.


Report •

#17
October 1, 2009 at 15:24:48
i connected from vista and its now not giving me 'pptp connections problems' but now it is saying 'cannot communicate with mancosa.dyndns.org(41.212.235.137) Network diagnostics pinged the remote host but did not receive a response.' ??

Report •

#18
October 1, 2009 at 15:29:53
Have you checked the firewall settings on the Vista machine?
Is this Vista machine located in your internal network?

Report •

#19
October 1, 2009 at 15:31:47
Have you checked the firewall settings of your Vista machine?
Is the Vista machine located in your local network, where your server resides to?

Report •

#20
October 1, 2009 at 15:42:39
Yeps turned firewall off. Yes vista machine is on my local network. Router connects to server and vista machine connects wirelessly to router for internet access.

try nslookup mancosa.dyndns.org in your cmd window. For me it gives:
Server: unknown
Address: 192.168.1.1
Non-Authoritative answer:
Name: mancosa.dyndns.org
Address: 41.212.235.137

But on the server itself, it says :
time out


Report •

#21
October 1, 2009 at 15:50:04
First, I hope that it's ok. I scanned your mancosa.dyndns.org for the port TCP 1723 and it's closed.
Secondly, I guess when you're trying to connect via PPTP from inside you network through outside your network, back to inside your network, it woun't work.
Therefore, you have to use another internet connection with it's own public ip address, e.g. dialup connection or something like that.
You can check, whether it's open by www.auditmypc.com.

Report •

#22
October 1, 2009 at 16:08:57
Oh so you went on the auditmypc.com to scan the port? How did you do that on that site? when i do so, it says 'port open' when i enter my public IP address?? i must have missed something here. What I did is type 192.168.1.1 in my browser, logged in my router, add a new: it asks for

Name of server : server
Activate access: Yes
Protocol :TCP
From Port : 1723
To Port: 1723
Local IP: 192.168.1.11

so that opens the port right? I was thinking about going try the connection from my friend's place. So I will do that tomorrow.


Report •

#23
October 1, 2009 at 16:28:19
No I haven't scanned your pc from AuditMyPC.com.
I used my own ip scanner for that, but maybe you public ip address at dyndns was not the actual one.

And yes, try to connect from your friends place.
You have to come from the internet with another public ip to check, whether it works.


Report •

#24
October 2, 2009 at 07:02:29
hi.

i tested from another PC and its giving me error 800. How do i ping my server? do i say ping server.mancosa.dyndns.org?

- i think my router might still be assigning IPs instead of Windows like you mentioned. How do I correct that?
- Trying testing if you still find the port 1723 closed


Report •

#25
October 2, 2009 at 07:29:12
I tested again and the routers public address is 41.212.235.137, but got no ping reply. Will be a firewall issue. If there is a firewall running at the server and a firewall running at the router too, both have to allow it. But ping isn't really neccessary for that.
TCP Port 1723 is still closed.
You can ping your server from e.g. your friends pc by using:
ping mancosa.dyndns.org

If DHCP is configured properly on the server, you have to deactivate it on the router.
So all clients should get an ip address of the range 192.168.1.x
subnet 255.255.255.0
default gateway 192.168.1.11

and if DNS also runs on the server:
DNS server 192.168.1.11

At the servers DNS forwarders zone, you have to forward to either your router (192.168.1.1) or to your ISPs DNS server.


Report •

#26
October 2, 2009 at 07:56:55
yeps.
You are right there was an error. Please try again. The update client was not updating the IP and I just played with the settings now. I've disactivated firewall on the server. Yeps I tried that and it couldnt ping the server. I think I am not sure if the DHCP is not properly configured. I dont want to play with the settings on the router in case something goes wrong. But let me see.

Report •

#27
October 2, 2009 at 11:14:03
The port 1723 is open now.
Now you should be able to connect from the pc of your friend.

Report •

#28
October 2, 2009 at 11:22:30
Yes I just tested on that site now, and it says open! ip 41.136.181.192 my public ip. This is what I am doing right now:

- Disabling DHCP on my router
- Setting up a DHCP server on server (192.168.1.11)
- For my internet connection, i have 'preferred DNS: 192.168.1.11'
- On my router it asks the server for opening port 1723. That is my server name right which in this case is 'server'
- I have disabled firewall so GRE(protocol 47) must be okay


Report •

#29
October 2, 2009 at 11:26:10
I would suggest to switch firewall on at the router.
Don't forget, you're running a Microsoft Server.
Always a nice playground for hackers.

Then check to connect to your server from your friends internet connection.


Report •

#30
October 2, 2009 at 11:28:38
can you try connecting on the server:

user account :guest

see if you can connect and let me know.


Report •

#31
October 2, 2009 at 12:46:23
Hi there!

I connected from my friend's place and it worked. I can see the remote client in the RRA but when i ping to mancosa.dyndns.org it didnt work. DNS problem?


Report •

#32
October 2, 2009 at 14:45:22
Nice to hear, that it's working.

when i ping to mancosa.dyndns.org it didnt work. DNS problem?
No, it's denied in the routers setup.
But you really don't need the ping.
Alot of hackers do search computers or servers in the internet by ping. If a computer replies to the ping, they scan the server for open ports and try to hack them.
I always deny ping from the internet.


Report •

#33
October 8, 2009 at 11:34:55
Hi again

Seems the problem with the VPN has pop up again :( . I was
able to connect to the server but couldnt access the shared
files from a windows XP client. It was giving the error
message:

"domain controller for the domain could not be contacted"

I did the following to the server:
- changed its IP to a static IP
- disabled router firewall
- assigned preferred DNS to the server static IP

After doing these, now I cant even connect to the server from
a client. Its giving Error 800. But I can ping the domain or the
server address. Any help on this?


Report •

#34
October 8, 2009 at 14:06:07
Sounds like a local firewall problem. Are you running any firewall software on the client computer like Zonealarm, Black Ice or what ever? Make port 88 is open in addition to 53. 88 will allow windows to authenticate with the domain.

Has this client worked before and if so what has changed recently like new software or hardware or what?


Report •

#35
October 8, 2009 at 14:13:24
Are you forwarding the ports for VPN to the correct ip address, after you've changed the ip address on the server?

Why have you disabled the firewall of the router?
What does the open port test (firewall test) at www.auditmypc.com show?
Is port 1723 open or not?
Does DynDNS work correctly update the ip address?


Report •

#36
October 8, 2009 at 14:52:03
Many Thanks for your replies.

@ace_omega:

1) I did turned down windows XP firewall. There is only the anti-virus running, think that was Avast but I didnt check if that included a firewall. I dont think so.
2) Ports you mentioned are not open probably because I didnt check. I will check that.
3) That client was only able to connect to the VPN server but no file sharing was tested. Nothing's changed for the client machine.

@paulsep:
1) Yes, I did make sure I changed the IP to 192.168.1.50 the new assigned static IP of the server.
2) disabled firewall only for testing purposes but as you figured out, that wasnt necessary
3) Yes, port 1723 is open according to the site
4) Yes dyndns.org's ip is updated and synchronised.

a) One thing I am confused about is that on the DHCP console, its written DHCP(server.mancosa.dyndns.org[192.168.0.1])? What's this IP? shouldnt it be 192.168.1.50 like my server IP.

b) for my DNS server, the zones I added could not be loaded. The forwarded zones were my ISP's IPs. I added four of them just in case.

c) Is there any other way I can check connecting to my server because I am having to run to my next door neighbour to verify that its working and running back.


Report •

#37
October 8, 2009 at 15:56:24
I don't think its a VPN port issue being that you can Ping the Server and the DNS so this lead me to believe it is an authentication issue but it could still be a DNS issue. I had so many problems with DNS through VPN that I gave up on it and used the client HOST files for name resolution. To verify if it is DNS try UNC pathing to the server using the IP address instead of the server name like \\192.168.1.50\ in the run or explorer. If it works then your DNS is not getting through the VPN.

"a) One thing I am confused about is that on the DHCP console, its written DHCP(server.mancosa.dyndns.org[192.168.0.1])? What's this IP? shouldnt it be 192.168.1.50 like my server IP."

Not for your VPN client computers because they are on a different subnet and thus a DHCP service.


Report •

#38
October 8, 2009 at 16:46:43
There shouldn't be any entry for server.mancosa.dyndns.org in the DHCP of your server.
Make sure, you enabled the use wildcards, when you will use server.mancosa.dyndns.org.
Your domain name at dyndns is mancosa.dyndns.org. I tried to resolve server.mancosa.dyndns.org and got nothing.
Tried the same with mancosa.dyndns.org and it got resolved. Then I checked, whether the port 1723 is open and it is.
So the question is, did you use server.mancosa.dyndns.org in the VPN client?
If so, try only mancosa.dyndns.org or enable use wildcards in your update client for dyndns.

Report •

#39
October 8, 2009 at 17:46:33
@ace_omega:

Yes I tried the UNC path to the server from a computer that is within the LAN and it worked. It could display the files in explorer.

@paulsep:

- I think use of wildcards is enabled because I did check quickly through the updater and everything that could be enabled was enabled. But I will double check.

- I used only mancosa.dyndns.org at my client. I was using the change ID or name of computer to add it to the domain then it gave the message that the account or that computer was not available or not part of the domain or something. I was using the account 'Guest' to try login.

- To my surprise, there is that entry in my DHCP server console. I just followed the basic wizard and I entered the info it prompted, ending up with this. But it did connect the XP client before though.

So like ace_omega is saying, must be a DNS issue then? The forwarders zone in DNS is not working as there is a red cross on it.


Report •

#40
October 8, 2009 at 19:32:50
Yepp, agreed. The DNS server problem must be solved first.
Therefore, check the event log for error messages.

Report •

#41
October 8, 2009 at 19:41:41
This is the error:

DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

If this DNS server does not have any DS-integrated peers, then this error
should be ignored.

If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even...


Report •

#42
October 8, 2009 at 19:55:49
And, have you checked the A records for that server on whether everything is correct?

Otherwise, delete the wrong A record and the corresponding revers records and create a new A record for that server. Let the DNS management console automatically create the revers record.


Report •

#43
October 9, 2009 at 05:03:09
I checked the A records and it showed:

Host: Server
Domain: server.mancosa.dyndns.org

So I suppose its correct. But there were 2 hosts in the DNS
console window one with an IP 192.168.0.1 and my static IP
192.168.1.50. I deleted the first one.

I connected from the XP client and its connecting at the
moment on the account guest. So how do I see my shared
files that I published to Active Directory?

When I am trying to change the computer name or ID of the
client XP pc to add it to the domain mancosa.dyndns.org, its
giving me 'a domain controller for that domain could not be
contacted'.

But when I connect, it does log onto the network.


Report •

#44
October 9, 2009 at 08:06:15
I checked the properties of the 'server' in Domain Controllers of the Active Directory folder. The Dial-in property had 'Deny Access' as default. Maybe that was why the client couldnt find any DC. I checked it to 'Grant Access'. I now have to check from the client again

Report •

#45
October 9, 2009 at 12:00:24
Why is there an entry for any dyndns in your DNS?
I didn't get that.
The name "mancosa.dyndns.org" is used only to find the home address of your network, where your server is located, to establish the VPN connection.
If VPN connection is established, you can use the server name, as you where connected to the local network.

Report •

#46
October 9, 2009 at 12:33:38
Thanks for your time and reply.

I followed the wizard:

1) Create a forward lookup zone
2) Create a primary forward lookup zone
3) Entered 'mancosa.dyndns.org' in the 'Zone name:' field because it asks the portion of the DNS namespace for which this server is authoritative.
4) Allow only secure dynamic updates (recommended for Active Directory)
5) Should this DNS server forward queries?
Yes: 216.146.35.35, 216.146.36.36 (got these from ipconfig /all for DNS servers)

So I ended up with a mancosa.dyndns.org in my DNS server.

- Is that correct?
- Could you explain to me like you did in your previous post how when a user wants to connect to my VPN server, what happens?
- How do I test if my DNS has been setup properly? Some articles say use nslookup yourdomain...

Thanks


Report •

#47
October 9, 2009 at 12:59:27
Look, the DNS server, you're using is authorative for your inhouse DNS zone. All other DNS queries, just like dyndns, your server is not responsable for.
So you simply have to configure the forward lookup zone with your ISPs DNS servers.
So if one queries a domainname like google.com or dyndns.org or whatever, your server can't resolve the name to it's ip address and forwards the query to the DNS servers, listed in the forward lookup zone, in this case, the DNS servers of your ISP.

If one from the internet tries to connect to your server, he uses macosa.dyndns.org to find your current public ip address.
The DNS server of the users ISP gets the query, sees the dyndns.org and forwards to dyndns.org.
The DNS servers of DynDNS search for the name mancosa.dyndns.org, and if found, sends the result back to the users ISPs DNS server.
This DNS server forwards the reply to the user and here we are. We got the current public ip address of your router.
Now the VPN client of the user uses this ip address to connect to your router. Your router forwards the connection to port 1723 to the internal server address (192.168.1.11) and the connection will be established.

Hope you get, what I'm trying to explain.


Report •

#48
October 9, 2009 at 13:06:40
I am not sure this is the right way but it is what I do to test the DNS. First I do a IPCONFIG /FLUSHDNS then a IPCONFIG /REGISTERDNS then I ping the FQDNs that I know should be in the DNS. If they do not reslove to IPs then there is a problem. You could also do a IPCONFIG /DISPLAYDNS but it is a pain to scroll though it. Also I think you can use an NSLOOKUP to see what server is set as the Certificate of Authority. Also if you do a NSLOOKUP yourservernamehere, it will show your the resolutions that are set from that computers point of view.

I guess asking how you test DNS is kinda open ended. :-p


Report •

#49
October 9, 2009 at 13:23:37
Thanks for the explanation. It was very clear and concise. Appreciate it very much. Yes I did try those commands for the DNS tests you mentioned and I did get a long list of resolved addresses, so that means it is working, I suppose. :)

a) Ok, for the forwarded zone to my ISP, as I said, I used ipconfig /all to get my DNS servers. But when inserted them in the forwarded zones, in the logs file, it says

'The DNS server encountered an invalid domain name in a packet from 216.146.36.36. The packet will be rejected. The event data contains the DNS packet.'

So I changed the ISPs IP to another 202.123.2.6, and now its not giving me those errors, so this address should be correct then.

b) When I am changing the Preferred DNS setting for my internet connection to point to my static IP server address '192.168.1.50', its resetting itself to another IP each time I test it again. Why is that??


Report •

#50
October 9, 2009 at 13:33:18
Dont reply to part b). It was because my router was assigning the IPs. Once I turn it off and point the connection to use server DNS, it stays the same. You can try test the connection, I've stopped DHCP at router.

Report •

#51
October 9, 2009 at 13:37:52
What is the order set to on each DNS server entry. I don't know how to check this from the command prompt but if you go the the Control Panel -> Network Connection -> IPv4 TCP/IP click Advanced and check the DNS tab you can switch the order of your preferred DNSs.

(oops never mind then. glad you found it)

I'm not sure if this will fix it though. Like I said above that I had no end to problems with DNS through VPN that I stopped using it and went to using the HOST files on my client computers. Probably why I am so interested in this post because if you get it solved then I might change how I have my virtual office employee computers setup.


Report •

#52
October 9, 2009 at 14:05:45
@kpeeroo
For the PPTP, read the following site at microsoft.com
http://technet.microsoft.com/de-de/...

For L2TP, read this site at microsoft.com
http://support.microsoft.com/?scid=...


Report •

#53
October 9, 2009 at 14:35:27
@kpeeroo
I guess, the mancosa.dyndns.org is not up to date.

Report •

#54
October 9, 2009 at 14:43:18
no my router could not connect to the ISP...just got connected now! sorry about that, but sometimes these net problems...

Report •

#55
October 9, 2009 at 15:26:52
Tried to connect again with same result. Error 800.
Check the microsoft sites I mentioned above and compare your PPTP installation and settings.

Report •

#56
October 9, 2009 at 15:29:51
Ah another thing.
Have you also forwared the UDP port 500 or 4500?

Report •

#57
October 9, 2009 at 15:34:51
Very interesting read. I think it corresponds to what I got there. But one thing is it mentions the IP 47 through the router along with port 1723. Its that GRE Protocol 47 right? How do I set this on the router?

On the DNS console, I have a new folder in the tree 'Cached Lookups' now with a list of top level domains:org,net,com, etc...so this means the dns is correctly updating right? It wasnt there before.

PS: just UDP 500...should port 4500 also be forwarded?


Report •

#58
October 9, 2009 at 15:48:13
Checked whether UDP 500 was opened on auditmypc.com but it is not!! It was not activated in my router. I activated it just now. Let me know about the 4500 as well.

Report •

#59
October 9, 2009 at 15:48:47
It's not port 47, it's protocol 47 and yes. it's GRE.

UDP 500 or 4500 depends on the router and whether the network is NATed.
L2TP uses IPsec, but PPTP uses IKE.


Report •

#60
October 9, 2009 at 15:55:35
I can see a NAT interface in the router configuration but I see only ppp0 activated while a list of all other interfaces disactivated.

Report •

#61
October 9, 2009 at 15:56:58
I bet, NAT is activated and that's ok so far.
Therefore, you do the forwardings to the server.

Report •

#62
October 9, 2009 at 15:57:29
"ts that GRE Protocol 47 right? How do I set this on the router?"

What do you mean? If you did not have the GRE Protocol opened on your firewall then you would not be able to establish a VPN tunnel. Have you established a tunnel yet where you can at least ping the server's IP address from the client? I was under the assumption you have.


Report •

#63
October 9, 2009 at 16:03:10
Yes!! i could ping the server from the client so a big UFFF there :)...It did ping the server IP + the domain. Ok am resetting router now after activating ports you mentioned.

Report •

#64
October 9, 2009 at 16:32:25
welcome paulsep :)))))

Report •

#65
October 9, 2009 at 16:33:11
Yes here we go !!!!

:=))


Report •

#66
October 10, 2009 at 16:00:38
Huge connection problems arose just now I dont know why from the server. Cant even connect to LAN on another ethernet port or to internet. It was conneting when switched on but when I changed the LAN settings to point the DNS to server rather than router, it does not connect no more, even to my router's interface! Tried connecting over LAN over 2nd ethernet port but to no avail again.

Report •

#67
October 10, 2009 at 16:23:37
Ok no worries. This thing is weird. Had to disable and configure RAS again and now its okay.

Report •


Ask Question