Topic: VPN to another PPTP Server from behind SME

[Brave Dave]

I am finding that I can't connect to another PPTP server - not necessarily SME - but also SME, when I am behind an SME server (with WinXP SP2).

I am in all cases behind a router and the double nat scenario is in play

I am aware of Multilink flag, the SP2 patch etc, these aren't the issue. It came to a head today with a client having to connect through the ATO (Australia Tax) using the Cisco VPN client. It had been working previously - maybe the other end had upgraded something not sure.

In order to succeed I have to comment out the MASQUERADE line of 40masqLAN and allow the DSL router to do the nat, and place a route on the DSL router back through the external gateway to my local network. The effect is the remote PPTP immediately is active and stable where it failed - generally with 619 error

I wondering if there is a case here for a switch to disable MASQUERADE

appreciate any comments

[Brave Dave]

For the Record;
 Double NAT - where the SME Servers Access to the Internet is behind another NAT devices (ie. the DSL router) seems to be a major player in VPN reliability

My Experience
Dynalink RTA 300 - will not work
Netgear DG834 ? - will not work
Alcatel Speedtouch - no problem

[smeghead]

Hi David

I use a lot of DG834 routers and have few if any VPN issues (inc at 6 accountant clients) using Solution6/Viztopia & ATO Cisco VPN.

This being said the ATO originally sent out incorrect config info for the connection (going back say 6-9 months).

If you have trouble with the PPTP passthru then just port forward 1723 to the SME IP & have that take care of it.

HTH

[pistonpilot]

Try this.  Turn off the PPTP service on the server acting as your gateway.  

You'll find that when the VPN is off you can then make outbound VPN connections.  Many of them if you choose.

This is an oddity with SME 6.X