1

I have a Windows Server 2003 box installed on an ESXi server (with a bridged connection) connected to a Linksys RV042 router. The Server 2003 install is configured with the RRAS role. I think my policy is set correctly since I can connect to it directly across the LAN. My RV042 is forwarding TCP port 1723 to the Server 2003 box (and I've also tried putting the Server 2003 box on the DMZ). I don't see any options to forward GRE, but following these instructions about disabling the SPI, I had hope.

Nonetheless, I'm unable to connect to the VPN over the WAN. portqry tells me the box is listening on 1723, but I still get an error 800 when I try to connect myself.

Any tips on trying to troubleshoot this?

Thanks!

Update: Just also wanted to mention that under "VPN Passthrough" the "PPTP Pass through" et al are Enabled.

mrduclaw
  • 429
  • 1
  • 8
  • 16

2 Answers2

1

On most SOHO routers that I've seen there's a specific option to allow VPN passthrough that needs to be enabled.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • @joeqwerty, the "allow PPTP passthrough" etc options are all enabled. I thought that was for outbound connections though? – mrduclaw Dec 04 '09 at 21:33
  • AFAIK, it's for inbound connections as the firewall should by default allow all outbound traffic and wouldn't care if it were PPTP, IPSEC, etc. – joeqwerty Dec 04 '09 at 21:36
  • @joeqwerty, sounds good to me. :) But with it enabled, it's still error 800ing me. – mrduclaw Dec 04 '09 at 21:38
  • This article from MS (sparse as it is) suggests a firmware update on the router to fix the problem. http://support.microsoft.com/kb/319108 – joeqwerty Dec 04 '09 at 21:56
  • @joeqwerty just wanted to update you that this did not solve the issue. Thank you for the suggestions though :) – mrduclaw Dec 10 '09 at 06:40
1

I had the same quirky issue with an RV082 and a Server 2003 RRAS box. You are correct in noticing that there is no option to forward GRE and according to the LinkSys documents that I read, "PPTP pass through" does not have anything to do directly with GRE like it would most logically seem. I did, however, get this to work. How? I have no idea! =)

After much frustration and wondering if it was even possible, it simply started working! I did not update the firmware, I did not make any option changes beyond the obvious port forwarding rules and I did not change the PPTP Server's options. You may want to reboot the router and see what happens. Many times with my RV082, rebooting was the "answer" to many problems. My extended recommendation would be to ditch that flaky thing and get something like a SonicWall TZ series. I did and suddenly many of my worries concerning the network's firewall went away.

For more concrete information, install a packet capture utility on the RRAS server and the remote client that is trying to connect to the PPTP VPN and watch the traffic stream to see what is and is not making it to the RRAS server. You could compare it to the traffic seen when attempting to connect to the RRAS server from a machine on the LAN.

Wesley
  • 32,690
  • 9
  • 82
  • 117
  • Nonapeptide, this didn't work for me, but I didn't go so far as to install a packet capturing device to check. Instead I installed a pfsense box and it *appears* to be working correctly so far. Since you suggested getting a new device, I'm accepting this answer as that was the solution I used. :) Thanks! – mrduclaw Dec 10 '09 at 06:42
  • Thanks for the update! It's not often that I beat out JoeQwerty to an answer. =) – Wesley Dec 10 '09 at 14:55
  • @Non: Well done, grasshopper! ;) One step ahead of me as usual... – joeqwerty Dec 11 '09 at 00:39