Topic: VPN not getting through

[brian read]

Here's a problem that has been vexing me for a few weeks now, sorry its a bit long.

I have two clients who appear to have the same problem.

Thjey both have ADSL lines with a router/modem (different types) to connect to the ADSL line.  Both do NAT and DHCP on the internal side, which is wired direct (via a cross over cable), to the Internet NIC on the SMEserver (v5.5U2), configured as a gateway and server.  Both have the VPN count parameter set to 1 in the server manager panel.

The SMEServer is configured to pick up its IP address for the Internet NIC from the router, which seems to work fine.

In both case email, web etc works fine, but I cannot get a VPN through to the SMEServer.

I have opened and forwarded port 1723 on the routers to the SMEServer, but an examination of the SMEServer "meesages" log shows that the VPN request does not seem to get to the SMEServer.

I am using my XP system from my office to try to connect, either via my own ADSL line or through a dial up connection.  Neither works, but I can connect to my own VPN via the dial up connection (here I have an IPcop firewall forwarding the connections).

Anyone got any bright ideas?

cheers

Brian

[Bill Talcott]

You also need forward GRE (protocol 47).

[brian read]

Bill

Yes, I know about that, but have been unable to foind anything about forwarding it on either of the routers.

One is an OEM Conexant router, and the other is a Zyxtel Prestige 650.  Do you (or anyone else) have any experience with these?

cheers

Brian

[Charlie Brady]

brian read wrote:

> One is an OEM Conexant router, and the other is a Zyxtel
> Prestige 650.  Do you (or anyone else) have any experience
> with these?

Do you need to use a router? Using a simple ADSL modem will avoid the problem.

Charlie

[brian read]

Yes, but in both cases the customer or the ISP supplied it without my control.

It seems to me that modems and routers are very close these days anyway, they all seem to do DHCP and NAT, whether you want them or not, and there does not seem to be a cost advantage either.  In this case both only have 1 NIC slot for the internal side, so I'm not sure if you would call them routers or not.

cheers

Brian

[Julie Random]

Not all routers allow IP Forwarding, a lot only allow TCP/UDP

Your routers will most probably be able to be driven as a Ethernet
modem. This involves playing with the router settings. Another NIC for
the SME box, server and gateway mode


OR if you'd rather play with just your SME box

If they don't allow IP Forwarding they usually have the ability to forward
all external traffic to an internal IP (DMZ).
This would require another NIC for the e-smith box
server and gateway mode
and creating a subnet between the router and the SME server.
(Which sounds like what you already have)
Look for and alter the router DMZ setting.