VPN Connection to Win7 machine

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
Daffie
DD-WRT Novice


Joined: 14 May 2012
Posts: 2

PostPosted: Mon May 14, 2012 7:16    Post subject: VPN Connection to Win7 machine Reply with quote
Hi there,

At home I have a TP-Link TL-WR1043ND with DD-WRT Build 14896. I have several computers connected to that router, and one of them I use as a server. It's a Windows 7 x64 machine with loads of files on it, you know the drill.

Recently I set up VPN (the built-in one) on that server, however I can't connect to it. I've forwarded port 1723 to the server, PPTP, IPSec and L2PT Passtrough are all enabled, the Windows firewall allows VPN connections, but still it doesn't work.

What I find strange is when I put my server in the router DMZ, it does work. So it seems that the router is still blocking something.

When I try to connect from my work, it gives me error 806, which tells me that one or more devices between the VPN client and Server are not configured to allow GRE (Generic Routing Encapsulation). The problem is, I can't find any config page on DD-WRT on how to enable it.

Has anyone encountered this problem before and/or has a solution?
Sponsor
rizla7
DD-WRT User


Joined: 11 May 2012
Posts: 117

PostPosted: Mon May 14, 2012 23:13    Post subject: Reply with quote
#1: ipsec end-to-end communications (transport mode) requires NAT-T on the client, router and server (winxp+up).

#2: ipsec in transport mode requires UDP 4500, ISAKMP requires UDP 500.

#3: transport mode isn't recommended for traversal over a public network like the internet. it's not really a huge issue for a personal network, but IP addresses and packet lengths can be determined to build a map of your network. this is because the IP header cannot be encrypted or it would not work with NAT-T.

#4: pptp doesn't work over ipv6. not a huge concern at the moment since most ipv6 routers are setup with 6to4.

#5: pptp requires you to forward GRE (protocol 47). this can be done using iptables/telnet in dd-wrt i think, but not through the GUI. don't ask me how, i really hate providing linux support.

#6: pptp has known vulnerabilities. ipsec is difficult to configure. choose your poison.

http://www.dd-wrt.com/wiki/index.php/Iptables_command
Daffie
DD-WRT Novice


Joined: 14 May 2012
Posts: 2

PostPosted: Mon May 21, 2012 10:06    Post subject: Reply with quote
So basicly what you're saying is that PPTP is kind of a no-go, and IPSEC is pretty difficult to implement?
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17348
Location: Hesse/Germany

PostPosted: Mon May 21, 2012 11:40    Post subject: Reply with quote
openvpn.net
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
_________________
Andreas Baumert: "Kundige Menschen befragen Fachleute, ohne ihnen auf die Nerven zu gehen. Sie stellen keine Fragen, die sie mit etwas Fleiß und Lektüre selber beantworten können. Sie wissen, auf welche Quellen es ankommt,und wie man sich Zugang zu ihnen verschafft."
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum