Koozali.org: home of the SME Server

SME VPN behind linksys router.

kokomi

SME VPN behind linksys router.
« on: April 07, 2005, 06:18:51 AM »
I am running SME in server mode behind a Linksys 802.11b wireless router.
I have PPTP pass-thru enabled and have forwarded TCP 1723 to my SME server.
This setup worked fine when my VPN server was a Win2003 box.  Now on my client, I receive an Error 619: A connection with the remote computer could not be established and in the SME log I have the following error:
Starting negotiation on /dev/pts/0
GRE: read(fd=6,buffer=80559a0,len=8260) from network failed: status = -1 error = Protocol not available
CTRL: GRE read or PTY write failed (gre,pty)=(6,5)
CTRL: Client 192.168.1.1 control connection finished
Modem hangup

It looks like the GRE data is not being passed.  I think this might be a router issue because I can connect fine if my client is also behind the firewall.  Like I said early though, I had no problem with the router and a Windoze VPN Server.
I really want to use SME, but if I can't get VPN to work, I will have to go back to Windoze.
Anyone have any ideas?
Thanks,

Offline raem

  • *
  • 3,972
  • +4/-0
SME VPN behind linksys router.
« Reply #1 on: April 07, 2005, 09:00:48 AM »
From earlier posts re VPN

to do VPN make sure the router is setup to forward TCP 1723, UDP 500, and protocol 47 to the sme box
...

duncan

SME VPN behind linksys router.
« Reply #2 on: April 07, 2005, 10:38:23 AM »
Hi,

For pptp - you only need to forward 1723. The protocol 47 is a furphy and 500 is IPSec. Not sure how to help except to say that I have exactly the same setup here using a netgear gateway and it works fine with only 1723 forwarded.

Regards Duncan

cc_skavenger

SME VPN behind linksys router.
« Reply #3 on: April 07, 2005, 02:21:41 PM »
make sure that you have vpn pass-through turned on in the linksys router.

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
SME VPN behind linksys router.
« Reply #4 on: April 07, 2005, 05:13:23 PM »
Quote from: "duncan"

For pptp - you only need to forward 1723. The protocol 47 is a furphy and 500 is IPSec. Not sure how to help except to say that I have exactly the same setup here using a netgear gateway and it works fine with only 1723 forwarded.


Your connection can only work if protocol 47 is automatically forwarded by your router (either as a side effect of it snooping TCP 1723, or in response to outgoing protocol 47). Other routers will require protocol 47 to also be forwarded. TCP 1723 is the PPTP control connection, protocol 47 carries the actual tunnel traffic.

You are correct that UDP port 500 is not required for PPTP VPN traffic. That's for IPSEC, which requires UDP 500 and protocol 50.

kokomi

Still having problems
« Reply #5 on: April 07, 2005, 08:16:16 PM »
Thanks for all you help, but I am already doing all of your suggestions so far.  Like I said initially, I have PPTP forwarding on the router turned on and I have port 1723 forwarded.  
It worked fine when the VPN server was a windows box.  The only things to change is the server is now an SME server.  I have not changed any of the router settings.  And yes, the new server has the same ip address as the old server.
Is there any setting that would limit VPN access from only certain networks?  Is VPN different on SME than on Windoze?  Anyone have any ideas?
I have even tried making my SME server the DMZ host, which means all traffic is forwared to it and I still have the same problem.
Thanks for your help!

CKConsulting

SME VPN behind linksys router.
« Reply #6 on: April 07, 2005, 09:57:17 PM »
I've had the same issues.  I removed my Linksys router and still had the issues.  What is odd it that it didn't work,  then I tried again after a couple months and it worked fine for several weeks, then one day it stopped again.  I hadn't made any changes to the server it just stopped.  You can always plug into the router and by pass the SME server when you need to VPN.

Rick

kokomi

Well, its working.
« Reply #7 on: April 09, 2005, 03:15:00 AM »
Well, just for shits, I had a friend try to VPN in and it worked.  It appears that it will just not allow me to VPN in via the wan link.  It must know that I am really inside.

sanchotai

SME VPN behind linksys router.
« Reply #8 on: May 23, 2007, 09:19:27 PM »
Ive been trying to do this for a while -

could anyone tell me how you forward protocol 47 - is this just port forwarding of port 47?

I have an sme server behind a netgear fvs318 router - have forwarded 1723 to the server and the router is supposed to do vpn passthru but I cannot connect.

any thoughts would be gratefully received.

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
SME VPN behind linksys router.
« Reply #9 on: May 23, 2007, 09:30:56 PM »
Quote from: "sanchotai"

is this just port forwarding of port 47?


No. port 47 is either port 47 of protocol 6 (TCP) or port 47 or protocol 17 (UDP). protocol 47 is just protocol 47, it's not a subset of protocol 6 or protocol 17.