Posted: Mon Feb 13, 2012 21:56 Post subject: PPTP Server/Client nightmares
I'm attempting to link my home router and my office router with a PPTP connection so make accessing files and doing remote backups easier.
I'm running an Asus RT-N16 with v24-sp2 8/7/10 mega at home, hooked up to a cable modem with a public IP. It's configured for DDNS. This is configured as the server.
The office has a Buffalo WHR-HP-G54, running v24-sp2 8/7/10 standard. It's behind a Comcast SMC8013 which I've set to forward ports 1723, 1792, and GRE to the Buffalo's IP address. This is configured as the client.
I'm able to establish a VPN connection between the two, but it doesn't behave as expected. From home, I can ping the office router, and access its configuration page in my browser. I cannot ping any of the remote computers or their hostnames, let alone access their shares.
From the office, I cannot ping the router, but, for whatever reason, I CAN access its configuration page from within my web browser. I cannot ping any of the remote computers or their hostnames, or access shares.
My basic config details:
Home/Server
PPTP settings:
Server IP: 192.168.1.1
Client IPs: 192.168.25-39 (do not overlap with any local IPs)
Kernel routing table:
Code:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.11.1 * 255.255.255.255 UH 0 0 0 ppp0
69.14.16.1 * 255.255.255.255 UH 0 0 0 vlan2
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.11.0 192.168.11.1 255.255.255.0 UG 0 0 0 ppp0
69.14.16.0 * 255.255.240.0 U 0 0 0 vlan2
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default d14-69-1-16.try 0.0.0.0 UG 0 0 0 vlan2
The more I think about it, the more I'm concerned it's due to the double-NATing from the SMC turdbox. Even if I DMZ the office router, I'm not sure if that'll get me out from behind its nonsense.
Has anyone had success with a router's PPTP client working behind an SMC8013 without a static IP?
Just tried setting this up from another location with a public IP, hoping to eliminate the Comcast equipment from the equation. No joy. Still totally unworkable, except for the odd fact I can ping and access the routers from the other sites but none of the shared systems (except for the ones that I CAN ping by IP but can't ping by hostname).
Is there anybody running PPTP on two routers and getting it to work? If so, I'd really like to know how the hell you did it.
I don't have quite the same config but I created a configuration similar to yours where the CLIENT must go through 2 outbound routers, in my case, an E4200 (internal fw) running stock firmware and a CellPIPE 7130 (VDSL firewall) connecting to a Windows 7 running the PPTP server. I was able to connect successfully and see devices on the other end. I did *not* add any special forwarding to the CellPIPE router.
I wondering if you remove the forwards that you put in the Comcast router ? As long as it has the PPTP option enabled, then it should work...
When testing the client config at the other location yesterday, that eliminated the Comcast stuff from the equation, and I basically had the same issues, unfortunately.
It seems like the PPTP connection is establishing but any ability to route is stopped at the DD-WRT devices.
I've reset both of these things and reconfigured from scratch using the PPTP Tunnel wiki guide. Absolutely no joy.
Is there any sort of routing on the ISP side that could be causing this? My server site is serviced by Wideopenwest (WOW) and so was the test location I was at yesterday.
I'm about 10 hours deep in trying to get this to work and I'm pulling my hair out. If anyone would like to compare screenshots of config pages, I'm wondering if there's settings beyond what's described in the wiki that are either necessary or detrimental to a functioning PPTP setup.
What are you using as the client ? dd-wrt ? if so, then try using a windows 7 client instead. It is very easy to setup and it works (this I use everyday). See if that works...
Another idea. If you have a spare hub, then disconnect from your internet provider and config your server router with a static IP. Then connect this router's WAN port to a hub. On that hub, connect a PC with another static IP. See if you can VPN to the router. YOu should be able to given that both devices are on the same hub. Then, expand on the test...
If I use Windows 7 or Windows XP VPN client to connect to the home server, things work fine. I can ping via hostname and IP address any computer on the network.
So the problem must be the client side code on the DD-WRT routers I'm using.
So far I've tried a Buffalo WHR-HP-G54, WHR-HP-G300N, and a Linksys WRT54G. I don't have the version numbers of the routers or the DD-WRT version they were running, so I'll have to double-check that. I'm aware there's some client problems on DD-WRT above 149xx, so I think they were all running 14929 or below, but I wasn't sure if that was inclusive to 149xx or only beginning at the 15xxx mark.
Then, I think you have a routing problem. Have you tried to ping from the client router ? (not from a device on the client router side but from the client router interface ) ???
I would do that but I have absolutely no idea how. I've tried running a ping command from the web interface in the command shell box and hitting run command, but every syntax for pinging that I've tried has resulted in no feedback.
I've done my Google diligence, getting absolutely nowhere closer to finding out how to ping within dd-wrt using a number of search attempts. "ping within ddwrt" "ddwrt command ping" "ddwrt ping syntax" and a half-dozen other combinations lead to no useful results. Most of the stuff is about setting up a command line ping to aid with debricking.
I need a handhold here, how the hell do you ping within DDWRT?
In the Administration / Management page, enable "Telnet Management" and leave the port set to 23.
Then, if telnet to your router's internal ip address, probably, 192.168.1.1. For the login name, enter root, and enter the administrative password you set when you installed dd-wrt. Note that you must be on the internal network. The telnet server does not accept connections from the wan interface.
You will then be in a shell on your router.
Use the standard ping command to check connectivity. Or any linux command such as traceroute, ...
If you have a Windows 7 client, the telnet program is no longer installed by default. Go to Control Panel / Programs and Features and select 'Turn Windows features on or off'. In the dialog box which shows up, check the Telnet Client line and click OK. Then open a Command Prompt to use the command.