|
|
| Outsider 2003-07-19, 10:09 pm |
| If i want to connect a remote user to a RRAS server using VPN over an internet connection, does that server have to have a web presence???
Will I have to use the dial-up method to logon to a private network? | |
| Tarzanboy 2003-07-19, 10:55 pm |
| The reason for using VPN is normally to allow access to your internal network using the Internet as a medium. Hence, they could use whatever ISP and you would not need a dial-up number.
1. You would need to make sure that they had the IP address of your VPN server. So if you have a router, it would need to forward the relevant IP protocols and TCP/UDP ports to the correct server.
2. You would need to make sure that you have your VPN server installed configured properly as well as verifying that it is not filtering out important ports and protocols.
3. You would also need to ensure that the correct client software and configuration to access the VPN was on the client systems.
Cheers,
TB | |
| Outsider 2003-07-20, 12:31 am |
| Here's my setup:
I have Router setup with 3 PC's connected to it. I am using static IP for each of my computers. The computer that i am using for my VPN is a domain controller and has an IP of (eg. 192.168.168.123).
I called a friend and asked him to try connecting to my PC with 192.168.168.123 as the address. I gave him the username and password. He said he wasn't able to connect. Am i supposed to change the port settings on my router and if so what port to I have to allow for a VPN connection.
I don't know if it makes a difference but i was able to establish a VPN connection from one of my other computers. | |
|
|
| adam salam 2003-07-20, 6:54 am |
| quote:
Originally posted by Outsider
Here's my setup:
I have Router setup with 3 PC's connected to it. I am using static IP for each of my computers. The computer that i am using for my VPN is a domain controller and has an IP of (eg. 192.168.168.123).
I called a friend and asked him to try connecting to my PC with 192.168.168.123 as the address. I gave him the username and password. He said he wasn't able to connect. Am i supposed to change the port settings on my router and if so what port to I have to allow for a VPN connection.
I don't know if it makes a difference but i was able to establish a VPN connection from one of my other computers.
first of all, you should use a public ip address assigned from your isp on the public "internet" interface of your rras.
seems to me you are using a private ip address. | |
| Outsider 2003-07-21, 2:32 am |
| Actually, yes I am using a private IP. I am using a Linksys Router. So once I get a public IP I would have to configure my router to forward my public IP to my private IP? Am I correct? | |
| adam salam 2003-07-21, 3:37 am |
| quote:
Originally posted by Outsider
Actually, yes I am using a private IP. I am using a Linksys Router. So once I get a public IP I would have to configure my router to forward my public IP to my private IP? Am I correct?
to connect to your VPN server from a remote machine you should configure internet interface with a public ip address, before that you can't.
private ip addresses:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
don't work outside LANs (for internal, private use only, don't work on the internet).
 | |
| Outsider 2003-07-21, 6:31 pm |
| okay, now it's all clear to me. So with a VPN you can secure a wireless network by letting users "Dial-In" to your VPN server for authentication, and then being able to share files. Am I on the right track?
Since I've heard that WEP has it's vulneralabilities. | |
| adam salam 2003-07-22, 3:57 am |
| quote:
Originally posted by Outsider
okay, now it's all clear to me. So with a VPN you can secure a wireless network by letting users "Dial-In" to your VPN server for authentication, and then being able to share files. Am I on the right track?
Since I've heard that WEP has it's vulneralabilities.
yes, VPN provids a secured authenticated ppp tunnel from client to the vpn server.
regarding security, if you interest on encrypting data in w2k you can choose between PPTP with MPPE, or L2TP with IPSec. | |
| Outsider 2003-07-23, 1:03 am |
| HHHEEELLLPPP!! Man, I still can't get a connection from a remote node. I don't know if it is my router settings or the VPN client settings. I am using the Network and Dial-Up Settings from my client machine.
Right now my WAN Connection type is set to automatic. Under filters, should I check/uncheck certain options? And then for Port Forwarding, do I use Port Range Forwarding or UPnP Forwarding?? I forwarded requests to my Private IP 192.168.X.X through Port 1723, is that the right port or is there anymore. I am using a Linksys BEFSR41 router with 3 PC's hooked up to it. | |
| adam salam 2003-07-23, 4:00 am |
| quote:
Originally posted by Outsider
HHHEEELLLPPP!! Man, I still can't get a connection from a remote node. I don't know if it is my router settings or the VPN client settings. I am using the Network and Dial-Up Settings from my client machine.
Right now my WAN Connection type is set to automatic. Under filters, should I check/uncheck certain options? And then for Port Forwarding, do I use Port Range Forwarding or UPnP Forwarding?? I forwarded requests to my Private IP 192.168.X.X through Port 1723, is that the right port or is there anymore. I am using a Linksys BEFSR41 router with 3 PC's hooked up to it.
what's the number you dial from the remote machine, did you get a public address to dial? or you still test from inside your LAN? | |
| Tarzanboy 2003-07-23, 3:09 pm |
| You will need to forward port 1723 to your VPN server that is hosting the PPTP connection.
Cheers,
TB | |
| Outsider 2003-07-23, 5:24 pm |
| I opened up Port 1723. Am I supposed to open IP Port 47 too?
What i did was used one of my private PC's to connect to my WAN IP to see if it would forward the request to my VPN. I get error 721. I can see my VPN server network status lights blinking, so i think it is trying to initiate a connection, but then it get's cut off.  | |
| Tarzanboy 2003-07-23, 6:17 pm |
| Yes, for PPTP to work, port 47 needs to be opened if it isn't already.
Cheers,
TB | |
| Ngittins 2003-07-25, 7:29 am |
| Example:
Your hardware Routers Public address
210.9.20.1
Your VPN servers private address.
192.168.168.X
Add fowarding rules to your router too the VPN server.
192.168.168.X:1723
1723 is PPTP
1701 is L2TP
L2TP, needs a certificate, which you need a CA, well I find this tricky to setup, but I think it's best to setup PPTP first.
(Has anyone setup L2TP with IPSEC? man I'm having problems)
Then get your mate to create a VPN client on his computer, tell him your public IP address of your HW router, tell him the username and password of the VPN account on the VPN server.
Make sure the security protocols are configured exactly the same as each other, and make sure your remote policys on the RRAS are set to grant access.
Then this should work. Now if the fowarding rules dont work on the HWR, it could be the GRE protocol is unable to pass through the HWR, remove the fowarding rules in the HWR, then place the VPN's private IP address in the DMZ, this will place that server on the internet. |
|
|
|