Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[patliz]

In a nutshell

replaced a bad router (It was constantly dropping the connection but I could vpn into it) with the 330 router
westall modem--> router (v1.2)--> MS 2003 server
set the vpn settings as
   PPtp
   VPN server ip is set to the server ip address as 192.168.0.150
   remote ip range is 192.168.0.130-132
   authentication protocol is MS-chapv2
   128 bit encryption
   

Do I need to set up the group1 with the user names that I want to use such as client1 pwclient1 or use the domain login username and password? I want to be able to map to a drive on the server.

any other settings that I should be aware of?

Thanks.

[Fatman]

Fill in an authentication group on this router with credentials, ensure that group is the one used by your PPTP server.

As far as being able to map a drive, please be aware that L2 broadcast traffic is not going to egress across this tunnel and that you will therefore need to reference the server by IP if you do not have a NBNS on your network referenced from your PPTP client.

[patliz]

I setup the group1 with a username and password and still can't get in.  I need clarification on this statement "ensure that group is the one used by your PPTP server."  Should the ip address be set to 192.168.0.1 which is the router or to the MS server which is 150? I can ping the router and that works find Thanks.

[Fatman]

It should be the router, I don't know when or why an MS server came into this discussion.

I mean that on your PPTP server configuration in the DIR-330 you need to ensure that the selection for authentication group shows your group.

[patliz]

I still can't get in. Now I get to the verifying username and password and times out with error 721. Settings are now as follows:

Router IP Address :192.168.0.1
Enable DNS Relay is checked
Disable DHCP Server (I prefer to have each machine have a static ip)

VPN Enable setting : checked
Name : xxxxxxxxx
Connection type :     PPTP   
Enable L2TP over IPSec     no
VPN Server IP : 192.168.0.1
Remote IP range :     192.168.0.130-133   
Authentication Protocol :     MSCHAP v2 
MPPE Encryption Mode :     128 bit
Authentication database :      Group1   I have 2 users in group1

port forwarding:
    name-pptp   public port 1723~1723 type tcp
   ip address--our ms 2003 server   private port 1723~1723

I do have dynamic ddns turn on, but right now I am using the ip address directly on the client vpn


do I need to make any changes to the firewall? there is a setting but it is greyed out. it was a setting I put in some time ago to allow port 1723, but I want to delete it and I can't. plus how do you put in a range of ip addresses and if so what ip addresses should go there.

[Fatman]

Why are you trying to port forward PPTP if you are using your DIR-330 as your VPN endpoint.  Remove the port forwards, you don't need any firewall rules for a PPTP VPN either.

[patliz]

I have a ms 2003 server that I want to be able to connect to a shared drive once I get connected with the vpn. I have been able to do this with another client of mine, (ms server 2003, w/ remote access, domain and dns installed) but he uses a different router. If I still don't need to forward anything then I will get rid of it.  I have the remote access installed on the server and domain and dns are installed. But usually I log in using the username and password that are set up on the server. I was able to do this with the previous router that was connected until it crapped out and replaced with a temporary netgear router that I had laying around.

 But I can't delete one of the firewall settings that I setup earlier, it is greyed out and I can't uncheck it. Is there anyway to delete it besides resetting the router which I really can't do offsite.

Thanks.

[Fatman]

Yes, delete the port forward, it is creating the firewall rule.

[patliz]

Still stuck on verifying name and password. Then I went back to square one and looked at my other server and router setup and realized that I am not usng the router as the vpn server, but rather the ms 2003 server as the vpn server by enabling the Routing And Remote Access service. and that the router's vpn service was turned off, but the pptp passthrough was enabled. So I went back to the 330 and disabled the vpn setup on the router. The client's server has the routing and remote access service installed and as far as I can tell it is setup exactly like the other server. I setup 2 firewall protocols on the 330- one to open port 1723 and port 3389 for remote access.. I was still stuck on the verifying name and password. I then tested the link between the server and my computer using the pptpsrv.exe and pptpclnt.exe programs and it showed that the port was opened, but I did not finish the test to make sure protocol 47 was being sent back. So I will test that. But I have a feeling it isn't. IS there a way to allow protocol 47 on the router without turning on the vpn., in other words to allow pptp pass through?
    If I am understanding this correctly--the server is acting as the router for the vpn server.

Or should I have disabled the RRAS on the server if using the dir-330 vpn setup?

[Fatman]

Ok, this is why I was digging into the MS server earlier.  This router does not do PPTP passthrough because it is designed to be your endpoint.

[patliz]

That is what I was afraid of. So I disabled the RRAS and reconfigured the router for VPN and now I am able to get in. Now the issue is when I access the files on the server through word or a special database, it is very slow in opening. Any ideas as to what to check to resolve this issue--mtu is set for 1492. Thanks

[Fatman]

If you are referencing it by DNS or NBNS name make sure you have a valid DNS or NBNS name server set up for that client.  Your best bet is to reference it by IP only.