0

I previously had successfully set up a VPN connection that allowed my computer (Windows 7 Professional) to connect to a remote server. Last week, we had to reset our Lynksys WRT54GL wireless router, after which the VPN connection doesn't work anymore.

The problem clearly lies with the WRT54GL router: I still can establish a VPN connection with a wired connection that bypasses the router, or on my home WIFI. OTOH, when attempting either wireless or wired via the WRT54GL router, the message "port opened" is followed for a long time by "connecting to [vpn address] using WAN Miniport (PPTP)", next "connecting to [vpn address] using WAN Miniport (SSTP)", and finally "connecting to [vpn address] using WAN Miniport (L2TP)". In the end, an error code 800 is returned.

I'm no sysadmin wizard at all, and can't see what should have changed in the router configuration. Any help much appreciated, it's driving me crazy.

Ron

rvdb
  • 319
  • 1
  • 5
  • 14

1 Answers1

0

WRT54GL, that's a consumer router, right? Have you checked that there's a VPN passthrough option and that it's enabled?

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Thanks for your suggestion. Yes, it has a VPN Passthrough option: all of its options (IPSec, PPTP, and L2TP Passthrough) are enabled. Tried by disabling its firewall, but that made no difference either. It's frustrating to know it has definitely worked before with this router. The only difference I see is that previously the 'DHCP Server' setting was disabled, IIRC. Still, disabling it now breaks all internet connectivity as well. Do you reckon DHCP can be a factor for VPN (apologies for my vagueness)? – rvdb Aug 09 '11 at 07:34
  • It could be if there are no ip addresses available in the DHCP pool to assign to the VPN client. It might also be that the DHCP service on the router is "competing" with an internal DHCP server. Do you have an internal DHCP server or are your internal ip addresses static? What is your VPN server? – joeqwerty Aug 09 '11 at 11:27
  • Well, the wifi router gets its IP address from another router, which is probably set up for DHCP (all computers' IP addresses are dynamic). When I connect directly to the non-wireless router, VPN works. When I connect via the wifi router (which also has a 'DHCP Server' option enabled), it doesn't. OTOH, internet connection via the wifi router apparently requires this 'DHCP Server' option, since disabling it results in 'no internet access'. Still, I recall that the DHCP option used to be switched off before the reset... – rvdb Aug 09 '11 at 11:54
  • Maybe you're confusing things a bit. There are genreally 2 DHCP settings available on a SOHO router like you have: 1. The connection type for the router has an option for the router to get it's ip address via DHCP (from the upstream network, which is the ISP), which is for the WAN port of the router. 2: The DHCP service on the router, which allows it to act as a DHCP server for clients connected on the LAN port. – joeqwerty Aug 09 '11 at 12:22
  • If the router is acting as a DHCP server for the internal clients (number 2 above) then that means that if you disable the DHCP service on the router then your clients would lose the ability to connect to the internet as they would most likely lose the DG and DNS settings that are being provided by the router. Is the DHCP pool on the router (assuming number 2 above) large enough for the LAN clients and the VPN clients? – joeqwerty Aug 09 '11 at 12:27
  • Thanks for the clarification: I guess that's an exact description of our situation. The connection type of the wifi router is DHCP, and it acts as a DHCP server. A range of 50 IP addresses is configured for the wifi router: 192.168.1.100 to 149. Less than 10 computers are connected to this wifi router, so I guess the pool will be large enough (or am I misunderstanding your question)? – rvdb Aug 09 '11 at 13:45
  • No, you've understood me perfectly. Now I've got a better idea of what you're dealing with. At this point I might suggest running a packet capture program on the VPN server (if possible) and start a capture while making a VPN connection going through the router and another capture for a VPN connection not going through the router and compare the two captures. – joeqwerty Aug 09 '11 at 14:16
  • Ok, I noticed I have tcpdump on our remote server (accepting the VPN connection). I've created a log when connected, started another log when still connected, then disconnected and attempted to reconnect through the wifi router (unsucessfully, of course). After reconnecting via the wire, I closed the log. Problem is, I can't make much of the info logged. Is there something in particular I should look for? – rvdb Aug 09 '11 at 15:38
  • Maybe you can post the log or link to a screenshot of the log. – joeqwerty Aug 09 '11 at 19:01
  • Thanks, I have zipped 3 versions [](http://ctb.kantl.be/download/tcpdump.zip): 2 with working VPN configurations (ending in '(ok)'), 1 with the non-working wifi router (ending in '(no vpn)'). If it is relevant, the VPN server's IP address is 172.31.20.86. – rvdb Aug 09 '11 at 22:39
  • OK, my apologies. I've looked at the files but I've never used tcpdump and there's alot of info in those files and I can't make heads or tails of it. Maybe someone else here can make sense of it. – joeqwerty Aug 09 '11 at 23:13
  • Ok, thanks anyway for your help and time. Much appreciated! – rvdb Aug 10 '11 at 09:00
  • Hmm, humble follow-up: apparently, there's more than 1 way to connect a wifi router. Instead of the ethernet port, its UTP cable should have been plugged in a WAN port, and its 'DHCP Server' option switched off. That way, the wifi router just passes on the IP address it receives, without assigning a new one. Makes perfect sense, but only after hitting the wall. Sorry for the noise; if you want to formulate an answer from this info, I'd gladly accept it or give whatever credit I owe you for your efforts... – rvdb Aug 10 '11 at 13:50
  • Not a problem. Glad you sorted it out. This was a good "learn it by doing it" problem. If you're OK with it, just accept this answer and that will be that. – joeqwerty Aug 10 '11 at 14:08