Posted: Sun Jul 20, 2014 17:59 Post subject: VPN and Windows 7, iPad or Droid
Bump
I've spent several hours reading Internet posts, FAQs and how-tos trying to get VPN access into my LAN using a Windows 7 laptop, iPad or Droid phone. I have an Asus RT-N66U router running v24-sp2 mega version. I went to Services, VPN and clicned the Enable radio button. For Server IP I entered 0.0.0.0 (from Internet posting) but that didn't work. Another posting said to use public IP address, I tried that but can't access. I entered a range of addresses in the Client-IP(s) field, have Local User Management checked and defined a CHAP-Secret ID * password * as instructions said. I did save the configuration AND rebooted the router. I took my Windows 7 laptop, created a VPN connection, specified my public IP address, entered the ID and password. When I try to connect I get an 800 error in Windows 7. The iPad and Droid phone also fail to connect to the VPN. I don't know what I'm missing. Do I need a VPN server (other than the Asus) on my LAN?
What is your setup? In other words, what cable/dsl modem are you using? Lay out for us the topography: Internet-->modem-->router,etc and be specific. I suppose there is a possibility that your modem is acting as some type of firewall as well and VPN requests are not being sent to your router.
I have cablevision for Internet, Asus RT-N66U running DD-WRT v24-sp2 (04/07/12) mega. I went to Services VPN, enabled OpenVPN server, Start Type WAN Up, Config via GUI, Server mode Router (TUN), Network 0.0.0.0, Netmask 0.0.0.0, port 1194, Tunnel Protocol UDP, Encryption Cipher Blowfish CBC, Hash Algorithm SHA256, nothing in remainder of boxes. I clicked apply, router spins hourglass. Tried connecting with Droid Thunderbolt, PPTP, entered username password, fails to connect. I've tried enabling the PPTP server, same parameters, similar failure. I did this more than a week ago and tried so many times I can't remember. Basically I want my iPad and Droid to look like it's on my LAN when coming in via VPN.
Alright, it's highly unlikely that the ARRIS modem is causing an issue BUT does that unit have 1 LAN port on the back or 4 LAN ports? Looking on Google I can't tell for sure which one you've got.
Great. We need to determine if the Arris modem or your ISP is blocking any incoming traffic into the router. Do you have port forwarding enabled for anything in DD-WRT-->QoS-->Port Forwarding?
If not, we may want to try enabling something like RDP in your Windows 7 computer and port forwarding 3389 to that computer just to see if it works. If it doesn't it could be an issue with your modem or ISP blocking traffic therefore causing other problems, like the VPN not working.
Yes I have ports forwarded, in fact, 27 ports. Many cameras, web sites, e-mail, etc. Ports are 21, 22, 25, 80-91, 110, 161, 443, 5900, 5901, 5080-5100, 5917, 5818, 8060 and 1723 which I read on DD-WRT forum was port for vpn. 1723 points to LAN 192.168.2.1.
Alright, cool. Now we are at EXTREMELY unlikely that the modem is blocking any of the VPN traffic. Let’s go through this stuff step by step and find out where it get’s us:
1. Get everything in the VPN page back to normal. That means all options for all the VPN sections should be Disable. PPTP Server, PPTP Client, OpenVPN Daemon, and OpenVPN Client should all be ticked on “Disable”
2. Apply Settings
3. Now let’s remove that port forward you have for port 1723. It doesn’t need to be there if you are using the DD-WRT Router for the VPN Server. DD-WRT doesn’t need to forward a port to itself or anyone else if it's handling the VPN. Any ports you have configured for port forwarding for the VPN shouldn’t be there (i.e 1723, 500, 4500, etc.) If you set them up previously for the VPN, take them out.
4. Once you get all that done let’s reboot the DD-WRT router by going to Aministration-->Reboot Router
5. When it reboots go to your Port Forwarding page and the VPN page to make sure all the things you took out or changed did actually change.
6. Go to Services-->VPN.
Alright, before proceeding any further when looking at your posts I assume that your DD-WRT Router IP is 192.168.2.1. I am also going to assume you are leasing IP addresses in the .100 range. If this isn’t right, post back and I’ll change the settings below. Otherwise, if you use the settings below it’s probably still not going to work.
7. For PPTP Server change it to Enable. Now here is what you want to fill in for each option:
- PPTP Server = Enable
- Broadcast support = Enable
- Force MPPE Encryption = Enable
- DNS1 = 192.168.2.1
- DNS2 = blank
- WINS1 = blank
- WINS2 = blank
- Server IP = 192.168.2.2 (note: this needs to be different than the IP of the router but of course it also needs to be unused on your network)
- Client IP(s) = 192.168.2.10-20 (note: these are going to be the IP addresses that get assigned to the devices that connect to the VPN.)
- Chap-Secrets = username * password * (note: this one can always get you as you need to enter in the username followed by a “space” followed be an asterisk followed by a “space” followed by the password followed by a “space” followed by another asterisk. This one seems to get everyone at some point. For example: jdoe * Itworks! *
8. Apply Settings
9. Again, for good measure go to Aministration-->Reboot Router
10. Time to test to see if it's working again. The best test would be to use your Windows 7 laptop and try to connect in from a different WAN address. In other words, you don't want to be connecting to the VPN while already connected to your LAN. In "theory" it should still work and let you connect if there is not some type of loopback issue (which happens a lot in DD-WRT). Best test would be to connect from outside your LAN.
Made changes, rebooted router, verified changes in effect, enabled PPTP with parameters specified, rebooted router, verified changes in effect after reboot. Tried Droid Thunderbolt over 4G with matching VPN settings, fails immediately. iPad doesn't have Internet other than via wifi so can't test that without leaving building. Will try Windows 7 laptop via PDANet.
Alright, if that doesn't work on the Windows 7 laptop when you try it I'll PM you my VPN stuff and you can try to connect to me just to make sure it's not something wrong on your client side.
If you can connect to me then you will have to determine where the problem is coming from in the DD-WRT firmware. This will suck! You will backup all your settings in the Router via Administration-->Backup and then reset the router to defaults. You'd configure the unit for your WAN (not sure if you have a WAN static IP, you probably don't) and then use my instructions to try and get only the VPN working. If it works, it means there is something lingering around in your existing backup settings that you'll have to isolate. I had to do this just last week to try and determine why I was having a local DNS problem at a client site. I was able to compare a working bin file with the non-working bin file using an online tool and SURE ENOUGH I forgot to uncheck something with "local DNS".
Went to remote location, Windows 7 professional desktop, configured VPN, tried connecting to my router over Internet, failed. Picture attached with failure message. Resetting router to defaults isn't option, I host web sites and e-mail for people.
Only help I can offer then is Sorry it didn't work out. If I had to take my best guess, you have something in there that you intentionally or unintentionally did that is causing the issue.
So you're telling me that you can NOT:
- backup the existing config of the router,
- reset it to defaults at a time where it is unlikely to cause big issues (like Sunday night at 11PM)
- quickly reset it to defaults,
- try the VPN stuff,
- see if it works,
- backup that config,
- restore your original config,
- compare the two config files when you have time to see where the problem can be.
If that's not an option...I'd say your SOL. Because at this point you're probably looking for a needle in a haystack.
Lastly, dude if you're hosting websites and email for people you seriously need to think about investing in another router like the one you have to troubleshoot issues like this in a "test" environment. What happens when (not if) that router goes Ka-Boom?
