Topic: Workaround needed for PPTP VPN

[Dave]

I wanted to set up a PPTP VPN, but unfortunately my ISP won't allow protocal GRE 47 to pass through the router.  

Do I have any other options to setup VPN?

[Hans Pedersen]

I asked the same question a few weeks ago, but since I didn't get an answer, I suppose the GRE protocol is required.

[Franck]

Dave wrote:
>
> I wanted to set up a PPTP VPN, but unfortunately my ISP won't
> allow protocal GRE 47 to pass through the router.
>
> Do I have any other options to setup VPN?
The other option with SME is IPSEC (Freeswan is included in the distribution). BUT, IPSEC is using protocols 50 (ESP) and/or 51 (AH), and I doubt your ISP will allow these protocols to pass through your router.....

My final words will be : bad ISP, choose another ISP....

[Hans Pedersen]

/HansFranck wrote:

> My final words will be : bad ISP, choose another ISP....

... or spend some money on a router that supports the protocols in question.

[Dave]

Thanks for your input.  They did give me another option, and that would be to eliminate NAT, and just give public IPs to our entire network (12 computers).  If I agree to this, they will allow GRE, but that opens up a tonne of security issues.

Should I go with this option?  What should I consider?

[steve]

can you use ipsec instead?

[Dave]

No - just more ports that they won't allow me to use

[Dan G.]

Dave,

I have a complete solution based on a non-SME toolset, for exactly this kind of situation.  I had a client that needed every host on his LAN to be able to access IPSEC and/or PPTP VPNs, from any vendor, at any of their client sites.  It was a headache, but the solution worked.

In short, it's a Red Hat 2.4 kernel machine running IPTables, screening a big chunk of their private subnet --- all using routable/legal/non-RFC-1918 addresses, like your ISP suggested.  The Shorewall package at www.shorewall.net is the script set I used to manage the IPTables config  --- and I highly recommend it.

The whole solution is open source.  Let me know if you are interested, and I'll give you details off-list.

Good luck,

Dan

[Lazo]

does your problem is your router or your ISP?? if it is your router, is less expensive to change the router and continue with your services or update like your ISP said (for me, 12 IP public is very expensive, at least in my area, it could charge by this event, and you will be paying more by month)

did I explained my self clear?? sorry, I'm not very good in English!!