+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 36
How do you do....it? Thread, IPSec SSL VPN p2p tunnel w/o Hardware in Technical; Cool, glad it worked, just found this http://examples.oreilly.de/english_e.../C13624221.pdf which is a book chapter that seems to go quite indepth on ...
  1. #16

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,984
    Thank Post
    850
    Thanked 2,650 Times in 2,250 Posts
    Blog Entries
    9
    Rep Power
    763
    Cool, glad it worked, just found this http://examples.oreilly.de/english_e.../C13624221.pdf which is a book chapter that seems to go quite indepth on the different options and their advantages/disadvantages if your interested.

  2. #17

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    thanks, i think more reading is required for sure. I disconnected and reconnected and now now pings are working. Also, before I disconnected even though pings were OK no other protocol was communicating either way.

  3. #18

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    this was working fine since my last post, both subnets talking to each other..

    But about 3 weeks ago it stopped working. I can dial from siteA to site B and it will connect, but while it is connected site B cannot dial and connect to site A.

    If i disconnect site A from B, then B will dial and connect to A. I don't understand what has changed. Also routing seems to have stopped as clients on A cant contact B when A is connected to B (although I think that only worked when both sites were connected to each other so might be why)

    In the event logs, it looks like it establishes the connection but then it immediately drops.

  4. #19

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    any ideas?

    this is the event log that appears after the entry about successfull connection:

    Code:
    Log Name:      Application
    Source:        RasClient
    Date:          23/10/2012 3:19:16 PM
    Event ID:      20227
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      sydney.domain.co.uk
    Description:
    CoId={F1F408A7-4514-4930-91D3-50161AE4582A}: The user SYSTEM dialed a connection named To Glasgow which has failed. The error code returned on failure is 800.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="RasClient" />
        <EventID Qualifiers="0">20227</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2012-10-23T04:19:16.000000000Z" />
        <EventRecordID>198578</EventRecordID>
        <Channel>Application</Channel>
        <Computer>sydney.domain.co.uk</Computer>
        <Security />
      </System>
      <EventData>
        <Data>{F1F408A7-4514-4930-91D3-50161AE4582A}</Data>
        <Data>SYSTEM</Data>
        <Data>To Glasgow</Data>
        <Data>800</Data>
      </EventData>
    </Event>

  5. #20

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,984
    Thank Post
    850
    Thanked 2,650 Times in 2,250 Posts
    Blog Entries
    9
    Rep Power
    763
    Quote Originally Posted by RabbieBurns View Post
    any ideas?

    this is the event log that appears after the entry about successfull connection:
    Could be something to do with NPS, are the certs all up to scratch and the times synced across the sites, can you connect to the tunnel locally from a client inside the router from each site.

    Domain Authentication Without Certificates

  6. #21

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    it wasnt using certs it was just using pptp i think. The times were out of sync, thats the first thing i fixed a few weeks ago after i noticed had stopped working but it didnt start working again so i thought it must be something else.

    how do i create a dun in windows 7 to test cant find it :embarrassed:

  7. #22

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,984
    Thank Post
    850
    Thanked 2,650 Times in 2,250 Posts
    Blog Entries
    9
    Rep Power
    763
    Quote Originally Posted by RabbieBurns View Post
    it wasnt using certs it was just using pptp i think. The times were out of sync, thats the first thing i fixed a few weeks ago after i noticed had stopped working but it didnt start working again so i thought it must be something else.

    how do i create a dun in windows 7 to test cant find it :embarrassed:
    Network and sharing centre > connect to a network > connect to a network at my workplace (VPN) > etc.


  8. Thanks to SYNACK from:

    RabbieBurns (22nd October 2012)

  9. #23

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    A win7 client in sydney can connect to glasgow, even if glasgow server is already connected to sydney
    A 2008r2 with just a dial up connection client in glasgow cannot connect to sydney at all

    I dont have a win7 client in gla to test with just yet but ill make a VM to test with whenever I get a chance.

    I might try just rebooting both servers at both ends see if that fixes anything.

    The only other thing I can think of is I had to change the adsl modem/router at the sydney end recently and it may co-incide with when this stopped working. I have forwarded the 1723 or whatver the pptp port is exactly the same way the old one was so i dont know if that will be related just figured it is worth mentioning.

  10. #24

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,984
    Thank Post
    850
    Thanked 2,650 Times in 2,250 Posts
    Blog Entries
    9
    Rep Power
    763
    Quote Originally Posted by RabbieBurns View Post
    A win7 client in sydney can connect to glasgow, even if glasgow server is already connected to sydney
    A 2008r2 with just a dial up connection client in glasgow cannot connect to sydney at all

    I dont have a win7 client in gla to test with just yet but ill make a VM to test with whenever I get a chance.

    I might try just rebooting both servers at both ends see if that fixes anything.

    The only other thing I can think of is I had to change the adsl modem/router at the sydney end recently and it may co-incide with when this stopped working. I have forwarded the 1723 or whatver the pptp port is exactly the same way the old one was so i dont know if that will be related just figured it is worth mentioning.
    It's not just 1723, there is also the GRE protocol which is not even on a port so the modem needs to support it going both ways and it needs to be passed through. VPN passthrough is usually an option but depending on how dodgey the software is it may only be one way or only support one tunnel to one location before crashing and needing a reset (Consumer grade Dynalink and some Netgear). The network stack in them literally binds up the mapping and any further connections break till the modem itself is rebooted.

    So it could easily be the modem as PPTP is quite an old protocol and uses the routers stack quite heavily for passthrough hence other options like SSL or IPsec are both more secure and more reliable if many times more complicated.

  11. #25

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Also watch out if the router has VPN support enabled on itself. It may hold onto the ports and/or filter GRE even if you disable it.

  12. #26

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    this new one (a newer TP Link than the old TP Link that failled) has the following which the old one never did:

    Code:
    This page allows you to enable or disable gateway of application layer.
    
    Virtual Private Network(VPN)
    
    PPTP Passthrough:Enable Disable
    
    L2TP Passthrough:Enable Disable
    
    IPSec Passthrough:Enable Disable
    
    Application Layer Gateway(ALG)
    
    FTP ALG:Enable Disable
    
    TFTP ALG:Enable Disable
    Should I enable or disable the vPN stuff?

  13. #27

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,984
    Thank Post
    850
    Thanked 2,650 Times in 2,250 Posts
    Blog Entries
    9
    Rep Power
    763
    Quote Originally Posted by RabbieBurns View Post
    this new one (a newer TP Link than the old TP Link that failled) has the following which the old one never did:

    Code:
    This page allows you to enable or disable gateway of application layer.
    
    Virtual Private Network(VPN)
    
    PPTP Passthrough:Enable Disable
    
    L2TP Passthrough:Enable Disable
    
    IPSec Passthrough:Enable Disable
    
    Application Layer Gateway(ALG)
    
    FTP ALG:Enable Disable
    
    TFTP ALG:Enable Disable
    Should I enable or disable the vPN stuff?
    EEEEEEEWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWW!!

    TP-Link ...

    Anyhow, you want to enable PPTP passthrough but that is usually for internal clients opening channels out and may not help with inbound channels. Also check to see if it can run a different firmware like OpenWRT which features a full and predictable network routing stack.

    Check in the pinhole/virtual host/firewall config to see if there is a preconfigured one for PPTP which should include the nessisary GRE passthrough commands and point it at the server if it is not already then make sure that the router has been rebooted and no-one else is using PPTP through it as it may foul the channels.
    Last edited by SYNACK; 23rd October 2012 at 01:12 PM.

  14. #28

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    is tplink not a good brand? The VPN Passthrough option is enabled and the port forwarding I used was using the existing pptp entry. Still no dice

  15. #29

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,984
    Thank Post
    850
    Thanked 2,650 Times in 2,250 Posts
    Blog Entries
    9
    Rep Power
    763
    Quote Originally Posted by RabbieBurns View Post
    is tplink not a good brand? The VPN Passthrough option is enabled and the port forwarding I used was using the existing pptp entry. Still no dice
    It is highly variable as a brand and they make some really shocking stuff in some of their lines, I have wasted several days of my life cleaning up after their hardware.

    Anyway, Have you tried setting up the test Windows 7 VM as a PPTP endpoint
    Setup a VPN &ndash; PPTP Host On Your Home Windows 7 PC [How-To] | groovyPost

    then pipeing the traffic from the router to that instead, that should isolate out the server as being the cause. It that does not work then I'd look are rebooting then replacing that router with something different. DrayTek - search at PriceSpy is generally a decent brand that can handle multiple traffic streams.

    Some providers have also been known to block inbound and even outbound PPTP unless you are on their Uber business plans (Vodafone NZ) so that's another reason to double check with a different VPN host just to make sure.

  16. #30

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,510
    Thank Post
    1,319
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    I dont think its my provider as the connections work in and out just not at the same time (and were working previously)

    Ive just bought this TP Link, cant really afford to replace it again just yet might see if I can get my hands on a different one to test with though. The one I replaced was a TP Link though as well which is strange.

    I will try using win7 as an endpoint, cheers for that.

    This is the current router info if its any use:

    Code:
    Firmware version:0.6.0 0.11 v0005.0 Build 120802 Rel.68426n
    
    Hardware version:TD-W8968 v1 00000000
    Edit: Seems im not on the current firmware, ill try updating that and see if it makes a difference:

    http://www.tp-link.com/en/support/do...968&version=V1
    Last edited by RabbieBurns; 24th October 2012 at 11:52 PM.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Sonicwall SSL VPN 200 Problem
    By FN-GM in forum Wireless Networks
    Replies: 0
    Last Post: 4th August 2009, 11:22 PM
  2. [Wanted] Sonicwall SSL VPN
    By FN-GM in forum Classified Adverts
    Replies: 4
    Last Post: 4th February 2009, 11:46 PM
  3. SSL VPN
    By stevegwernyfed14 in forum Wireless Networks
    Replies: 12
    Last Post: 27th November 2007, 10:42 AM
  4. L2TP/IPSEC based VPN using ISA Server
    By Norphy in forum Wireless Networks
    Replies: 2
    Last Post: 22nd June 2007, 02:13 PM
  5. ePortal and SSL VPN
    By stitch in forum MIS Systems
    Replies: 7
    Last Post: 18th May 2007, 02:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •