Re: PPTP through NAT device

Keep in mind you need both TCP Port 1723 open and the router must pass GRE
Protocol 47 traffic. As you noted some routers call that "PPTP Pass
Through".

In my experience it is highly dependent on firmware version and if they in
fact pass GRE Protocol 47 traffic. For example with my old Linksys BEFSR41
(V1) some firmware versions worked while some did not. My current Buffalo
WBR-G54 does not pass GRE Protocol 47 traffic with any firmware version and
lastly I have a Network Everywhere NR041 that works very well passing GRE
Protocol 47 traffic.

There is a test detailed in the "PPTP Ping" and "VPN Traffic" sections on
this page to help determine if your firewall/router is passing GRE Protocol
47 traffic correctly or not...

http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx

If you can't get PPTP VPN to work through your current router you might...

1. Depending on the specific router possibly use third-party firmware like
the DD-WRT release to flash to a custom version.
2. Use something like OpenVPN (my current work around) or Secure Shell
(SSH).
3. Purchase a new router that is know to pass PPTP VPN traffic correctly or
acts as a VPN end-point.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"Tom" <Tom@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A446655A-40D4-4680-A3E5-E47197FF3C38@xxxxxxxxxxxxxxxx
Anyone know if WinXP PPTP VPN client will work through a NAT device (i.e.
Linksys router)? I have read a few conflicting statements online regarding
the feasibility of PPTP through a NAT device (some say yes, others say
no).
The Linksys has PPTP passthrough enabled but still not able to connect
with
it in place, not even on a DMZ port. Pull the NAT device and get a public
IP
directly on Win XP and its good to go. I can see TCP 1723 traffic going
out,
nothing coming back in on the Linksys. Am I beating a dead horse (i.e. it
will never work no matter what) or is this a Linksys issue solely? Thanks.


.

Relevant Pages

  • RE: VPN to SBS through Comcast router
    ... The only thing I can find is to open TCP/UDP port 47 ... "What's GRE?". ... >> workaround for the hardware router which is not supporting PPTP connection. ... GRE is a client protocol of IP ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN connection not passing the password auth stage.
    ... The Generic Route Encapsulation protocol is used ... One thing I want to clarify is that GRE protocol is based on Internet ... We can also use PPTP Ping utility to determine whether any hardware router ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Authentication timeout
    ... Yes, protocol 47 is GRE, or sometimes called pptp passthrough, and is ... Often the router manufactures have helpful information such as a FAQ ...
    (microsoft.public.win2000.networking)
  • Re: VPN with W2K client and XP Pro host
    ... Apparently you can manually add a Protocol number in the Protocol field. ... Its very possible, as Robin mentioned, the device does not support PPTP VPN at all inbound... ... >> incoming connections, but there are no incoming connections. ... >>>>> The router has been configured to allow TCP and GRE ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Problems Logon on Ras Server
    ... my Router Zyxel 652, is also a firewall. ... In the the protocols list that i enable to pass trought firewall check, ... >> On my firewall,I have open ports for PPTP and GRE. ... > protocol. ...
    (microsoft.public.win2000.ras_routing)
Loading