VPN Fun

Dear all,

I have RRAS on a Windows 2003 Enterprise server to accept VPN connections. I
think it's configured properly - I can connect to it fine from inside my
LAN - but no joy from the Internet.

I get as far as "Verifying username and password...", but then get "Error
721: The remote computer did not respond"

I think the problem may lie with my router (3Com OfficeConnect,
3CRWE754G72-A, apparently), although the manual claims that "The Router
supports VPN passthrough, which allows VPN clients on the LAN to communicate
with VPN hosts on the Internet." I would take the router out of the
equation, but that's how the VPN server is connected to the Internet (but in
a DMZ), plus ultimately my client PC will still be behind it.

Accoridng to something I read somewhere (spent so much time on Google
recently that I can't remember exactly where), opening TCP port 1723 and UDP
port 500 will magically fix everything, but the only effect this seems to
have is that I only get as far as "Connecting to mydomain.com"

Any help or suggestions would be much appreciated.

Paul

You are really talking about two different things as if they were one.

First the port issue. This depends on how your server/firewall
connection is configured. If the server has a registered public IP on its
external interface you do not need to worry about port forwarding. The
client can connect directly to the server across the Internet. If the server
has only a private IP address, it cannot be reached from the Internet. In
that case, you need to forward a port from the firewall to the server (tcp
port 1723 for PPTP) and connect through the Internet to the firewall's
public interface. The port forwarding extends the connection to the server's
private IP.

VPN passthrough refers to what protocols the firewall will allow. The
encrypted data is the payload of a packet with a special header. For PPTP
this is GRE, or IP protocol 47. If your router blocks GRE, no data packets
are transferred and the connection closes, usually giving you an error 721 .

If your router/firewall supports VPN passthrough, check that it is
actually enabled. On some routers it is only supported in DMZ mode.

Dear all,

I have RRAS on a Windows 2003 Enterprise server to accept VPN
> connections. I think it's configured properly - I can connect to it
> fine from inside my LAN - but no joy from the Internet.
>
> I get as far as "Verifying username and password...", but then get
> "Error 721: The remote computer did not respond"
>
> I think the problem may lie with my router (3Com OfficeConnect,
> 3CRWE754G72-A, apparently), although the manual claims that "The
> Router supports VPN passthrough, which allows VPN clients on the LAN
> to communicate with VPN hosts on the Internet." I would take the
> router out of the equation, but that's how the VPN server is
> connected to the Internet (but in a DMZ), plus ultimately my client
> PC will still be behind it.
> Accoridng to something I read somewhere (spent so much time on Google
> recently that I can't remember exactly where), opening TCP port 1723
> and UDP port 500 will magically fix everything, but the only effect
> this seems to have is that I only get as far as "Connecting to
> mydomain.com"
> Any help or suggestions would be much appreciated.
>
> Paul