Thread: VPN to Linux server behind NAT router from XP Home?
View Single Post

  #7 (permalink)  
Old 09-28-2005
Postmaster
 
Posts: n/a
Default Re: VPN to Linux server behind NAT router from XP Home?

"Gary Dale" <garydale@rogers.com> wrote in message
news:ZuydnXCjRvSiTKTenZ2dnUVZ_tKdnZ2d@rogers.com.. .
> James Knott wrote:
>> Steve Horsley wrote:
>>
>>
>>>>Thanks for any assistance you can provide!
>>>
>>>I have done this with openvpn (www.openvpn.net). The hardest part
>>>is creating the certificates. It all uses a single UDP port and
>>>provided you can get this in through the router, it will survive
>>>NAT.
>>>
>>
>>
>> A TCP port can also be used, though UDP is preferred.
>>
>
> I've been trying to follow James Cameron's Debian Howto found through the
> poptop.org site. I'm not sure about testing it however. I've set up a
> Windows XP box to go through PPTP to my router (which actually means going
> out and coming back in through its WAN address). This didn't work and
> there is no indication of where the problem actually resides.
>
> My router, an SMC7008ABR, allows PPTP but it appears to assume you are
> going out, not coming in. It has fields for PPTP account, PPTP password,
> service name, My IP Address, My Subnet Mask and Server IP address, but
> doesn't really define them. For example, is "My", the machine I want to
> connect to inside my router, the router WAN address, or what?
>
> Similar problems reside in the pptpd.conf file. What is the local IP as
> opposed to the remote IP? Is the local IP the actual local IP of my server
> and are the remoteip addresses ones that will be assigned to incoming
> connections? The documentation I've found doesn't really spell it out.
>
> Then there's the cryptic 800 error from M$'s VPN connection.
>
> Anyway, I've also tried other settings in the router to open port 1723 for
> both TCP and UDP. It doesn't allow other protocols. Still no luck.
>
> So, is my testing procedure feasible? Can I go out on one machine and
> connect back to my server back through the router?
>
> Can the SMC router allow incoming PPTP connections?
>
> Can anyone explain the various IP addresses to me (which ones are used for
> what)?
>
> Sorry for the tall order, but I can't figure this out on my own. ;(

Gary,

My guess is that you will have to configure the NAT/Router
to forward Proto 47 and TCP port 1723 to your poptop
VPN server. The IP address that external clients will use
will be the IP address of your public side of your router.

The other possibility would be to put the Poptop VPN server
in the DMZ for the router and then close down all ports
accept TCP 1723. ( on the VPN server ) Again, the
public side clients would believe the IP address is the
IP address of the public side of the router.


Enjoy,
Postmaster


Reply With Quote