Can you pptp vpn behind another router?

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3  Next
Author Message
ciris
DD-WRT Novice


Joined: 29 Dec 2008
Posts: 40

PostPosted: Tue May 11, 2010 15:46    Post subject: Can you pptp vpn behind another router? Reply with quote
I think this may be a dumb question for some, but Im asking just to make sure.

Scenario:

My main router is a WNR3500 w/ddwrt. I just got a non dd-wrt supported router (DIR-655) to test which I placed as my main router and the WNR3500 is connected to it as a wireless bridge. I miss the PPTP VPN access that was built in ddwrt and wondered if this could still work (in some way) even though the device is not longer hosting my internet connection?

_________________
R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
Sponsor
ciris
DD-WRT Novice


Joined: 29 Dec 2008
Posts: 40

PostPosted: Fri May 14, 2010 5:34    Post subject: Reply with quote
Very Happy Got it figured out and working just fine! Wireless Client Bridge with PPTP VPN working from the 2nd router. DD-WRT rocks!
_________________
R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
joogle
DD-WRT Novice


Joined: 18 May 2010
Posts: 20

PostPosted: Tue May 18, 2010 21:22    Post subject: Reply with quote
Hi - can you post instructions on how you were able to accomplish this.

I have a main DIR 655 - but would like to setup a VPN as well, was thinking of buying a dd-wrt compatible router.

Thanks!
ciris
DD-WRT Novice


Joined: 29 Dec 2008
Posts: 40

PostPosted: Tue May 18, 2010 22:32    Post subject: Reply with quote
Here's a pic of the setup I wanted to accomplish. It's similar to the first line except that my DIR-655 is wirelessly bridged to the WNR3500 and the WNR3500 acts as the vpn endpoint. (if you dont have a dd-wrt capable router then youll have to use a computer or another device as the vpn endpoint)


Here's some links for reference to get you familiar:

1. Wireless Bridge
http://www.dd-wrt.com/wiki/index.php/Wireless_Bridge

2. Repeater Bridge
http://www.dd-wrt.com/wiki/index.php/Repeater_Bridge

3. Configuring PPTP VPN
http://www.hanselman.com/blog/ConfiguringPPTPVPNWithAlternateLinksysRouterFirmware.aspx

4. VPN Pass-through not working on D-Link DI-524 - Networking
http://fixunix.com/networking/37500-vpn-pass-through-not-working-d-link-di-524-a.html

5. Another related post I created at dlink forums
http://forums.dlink.com/index.php?topic=13056.0

Here's how I did it. (refer to links 1 & 2) I set my DIR-655 ip as 192.168.1.1 (you could set this to whatever you want), which will also be the default gateway address. Setup your DDNS service and anything else. For the wireless side you have to pick a specific wireless channel, channel width, encryption type, SSID and password, etc.

On the dd-wrt router (refer again to links 1, 2 & 3) set router address to 192.168.1.2 with the default gateway the ip address from the first router which was 192.168.1.1. On the wireless side while the router is in AP mode, setup the specific wireless channel, channel width, encryption type, SSID and password, etc exactly as the host AP. Setup your DDNS service if you wish (although I dont think it matters since the host router is setup with ddns already plus the ddns updates dont occur to the second router as it seems to not work going from wan to wireless lan). Under VPN the server ip will be the IP address of dd-wrt router since its hosting the VPN endpoint. For me it was 192.168.1.2 finally change it client bridge and save and apply settings.

Back to the hosting router the DIR-655. (refer to link 4) Youll need to forward ports or create virtual servers to allow the vpn traffic to come through. I chose the virtual server route as mentioned in the link.

on my router dir-655, you will need to set this in the virtual server list...

Gre:
Under traffic type, the protocol is "Other", and set to 4. The public and private field should greyed out. Ip, is ip to your server or vpn endpoint. For my case it was 192.168.1.2

pptp:
Under traffic type, the protocol is "TCP", and set to 6. The public and private field is set to 1723. Ip, is ip to your server or vpn endpoint.

Make sure your software firewall allows this. (you can disable it)
Make sure in the ALG section that pptp is checked. (all the options there should be already checked by default)

If everything is setup successfully youll should be able to create and connect to a vpn connection successfully (refer to link 3) In addition to this I have full access to both routers. I can type the ip address of either router and get to the router page successfully. I can also remote manage the routers as well.

_________________
R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
joogle
DD-WRT Novice


Joined: 18 May 2010
Posts: 20

PostPosted: Wed May 19, 2010 1:43    Post subject: Reply with quote
Thanks Ciris for the detailed response.

This is my setup at the moment.

1. I have a DIR 655 as the primary router (192.168.0.1)

2. I have WRT54GL with dd-wrt as Client Bridge setup (192.168.0.2)

3. I've registered with dyndns.com for the dns service.

4. Right now, both routers are functioning one in the main room, which is the main route, DIR 655.

The other, WRT54GL, is a Client Bridge setup wireless in another room for another PC.

I will have to change it to a 'Wireless Bridge' from what I understand.

5. I have a Windows Home Server running right now connected to the DIR 655.

6. From what I understand, I need to setup the DDNS service in the main router, DIR 655. My question here, which tab is that located under in the Administration menu.

7. After that, than I setup the DD-WRT router, under the VPN section a you identified.

8. Then I setup the DIR-655 based on your paragraph.


Do you think I've captured it all, I am wondering if I can leave the DD-WRT as a 'Client Bridge instead of a 'Wireless Bridge'

Thanks!
ciris
DD-WRT Novice


Joined: 29 Dec 2008
Posts: 40

PostPosted: Wed May 19, 2010 10:48    Post subject: Reply with quote
Im sorry, client bridge is the correct option. I dont think theres an option for "wireless bridge" in dd-wrt but you are right. And everything else you mentioned is correct. On the DIR-655 go to tools> dynamic dns. Set everything up there and I recommend you set the hours to 24, so that service checks for an ip change everyday to minimize your down time. Let me know how it works out.
_________________
R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
joogle
DD-WRT Novice


Joined: 18 May 2010
Posts: 20

PostPosted: Wed May 19, 2010 14:04    Post subject: Reply with quote
Hi criris - did you setup your DD-WRT router as a 'Repeater Bridge'?

I changed the DD-WRT I had yesterday from a 'Client Bridge' to a 'Repeater Bridge', will do the rest of the steps tonight.

Not sure if I want to keep it as a Repeater Bridge, since I know now having two SSID the bandwidth for wireless clients is cut in half.

I think only Repeater Bridge mode would work, since I am not sure how the DD-WRT would point to the Windows Home Server IP (192.168.0.100) -- Let me know what you have your setup as whether it is 'Client Bridge' or 'Repeater Bridge'.

Thanks!
ciris
DD-WRT Novice


Joined: 29 Dec 2008
Posts: 40

PostPosted: Wed May 19, 2010 16:54    Post subject: Reply with quote
I have mine setup as client bridge. No need to repeat the original signal if its already strong throught your space.
_________________
R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
joogle
DD-WRT Novice


Joined: 18 May 2010
Posts: 20

PostPosted: Wed May 19, 2010 23:38    Post subject: Reply with quote
Hi ciris - can you help me with pointer # 6

6. From what I understand, I need to setup the DDNS service in the main router, DIR 655. My question here, which tab is that located under in the Administration menu.
ciris
DD-WRT Novice


Joined: 29 Dec 2008
Posts: 40

PostPosted: Thu May 20, 2010 3:25    Post subject: Reply with quote
ciris wrote:
On the DIR-655 go to tools> dynamic dns.


I mentioned it before in the previous post. (you must be sleepy...)

_________________
R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
joogle
DD-WRT Novice


Joined: 18 May 2010
Posts: 20

PostPosted: Thu May 20, 2010 4:24    Post subject: Reply with quote
Thanks - sorry I read to fast and missed it.

I did the settings today but it failed.

1. One question I have is in the DIR-655 menu under Tools --> DDNS, what is the username/password? Is that the username/password to log into www.dyndns.org?


I have the following settings there:

Server Address: www.DynDNS.com (Free)
Host Name: xxx.dyndns.org
username: Is the username I login to dyndns.com
password: Is the password I login to dyndns.com
Timeout: 24 hours
Status: Connected

Wait - I guess the DIR setting is fine since it says the status is connected.

So that is not the Issue then.

This is the error i get in Windows 7 when trying to connect.


When I connect it says Port opened - verifying username/password -- then it says Connection to xxx.dyndns.org using 'WAN miniport (PPTP)', then it fils with this error:


"Connection to xxx.dyndns.org using "WAN miniport (L2TP)"

Error 800: The remote connection was not made because the attemped VPN tunnels failed. The VPN server might be unreachable. IF this connection attempting to use an L2TP/IPsec tunnel. If the security parameters required for IPsec negotiation might not be configured properly."

Thanks!
joogle
DD-WRT Novice


Joined: 18 May 2010
Posts: 20

PostPosted: Thu May 20, 2010 4:37    Post subject: Reply with quote
Following your steps further in the Windows Firewall in the Exceptions, I created a entry for VPN, port 1723 under TCP in the Windows Home Server OS.

Still now luck

"
Make sure your software firewall allows this. (you can disable it)
Make sure in the ALG section that pptp is checked. (all the options there should be already checked by default) "

Where is the part of the ALG section?

Thanks!
joogle
DD-WRT Novice


Joined: 18 May 2010
Posts: 20

PostPosted: Thu May 20, 2010 4:42    Post subject: Reply with quote
Ok I found the ALG section in DIR 655 under Adanced --> Firewall Settings --> ALG

All of the checkboxes are checked.
joogle
DD-WRT Novice


Joined: 18 May 2010
Posts: 20

PostPosted: Thu May 20, 2010 4:52    Post subject: Reply with quote
I re-read your instructions on this part:

"on my router dir-655, you will need to set this in the virtual server list...

Gre:
Under traffic type, the protocol is "Other", and set to 4. The public and private field should greyed out. Ip, is ip to your server or vpn endpoint. For my case it was 192.168.1.2

pptp:
Under traffic type, the protocol is "TCP", and set to 6. The public and private field is set to 1723. Ip, is ip to your server or vpn endpoint."

I realized I had set the IP to be my Windows Home Server which is 192.168.0.100 instead of the VPN Endpoint, which is the DD-WRT router 192.168.0.2

Now, I get this error after it connects:

Error 619: A connection to the remote computer could not be established, so the port used for this connection was closed.

ciris - what am I missing?

Thanks!
joogle
DD-WRT Novice


Joined: 18 May 2010
Posts: 20

PostPosted: Thu May 20, 2010 5:20    Post subject: Reply with quote
I have now disabled the firewall on my Windows 7 machine, I still get a error saying:

Connection failed with error 619

A connection to the remote computer could not be established, so the port used for this connection was closed.


I am not sure what i am missing, i have a DIR 655 as the main router and the WRT54G as the dd-wrt 'Client Bridge'.

In the DD-WRT router under the VPN settings, I enabled the PPPT server.

The Server IP I have as the DD-WRT router IP, which is 192.168.0.2

Client IP I have as '192.168.0.200-210 '

This is because my DHCP in the main DIR 655 router is 192.168.0.1 - 192.168.0.199

and I have a simple CHAPS username/password for now.

Plus I entered the DDNS settting in the DD-WRT router as well.

Ugh - not sure what is being missed
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum