Reply

Incoming VPN

xd40c
Novice

Incoming VPN

Can the R7000 be configured to allow incoming VPN connections?

I'm trying to connect to a 2008 r2 server that is behind the R7000.

Laptop-Internet-Cable Modem-r7000-2008r2 Server

Spent 2 hours on the phone tonite with NetGear tech support, but still no joy.

Thanks...
Chris
Message 1 of 9
fordem
Mentor

Re: Incoming VPN

You should be able to do it by simply forwarding the appropriate port(s) to the Windows server - I have not specifically tested this with either the R7000 or Server 2K8, however I have done it with several other consumer grade routers and NT4, Server 2K & 2K3. I no longer use this approach as I have found it more convenient to use IPsec and terminate my VPN on the router itself - your approach is fine if all you need is remote access to the Windows server, but if you need access to any other network host you'll probably find you get better results terminating the VPN on the router (which may require a different router).

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 2 of 9
xd40c
Novice

Re: Incoming VPN

I am forwarding TCP/UDP Port 1723 to the IP of the secondary card on the Server.

I can RDP into the server nominally, and have been doing so for ages. (On port 3389 to the primary card of the server.)

I am continually getting an error 807 now.

I have read several places about GRE protocol 47. I'm thinking this need to be running or enabled to use PPTP. I don't know for sure, but I'm thinking this may be a part of me problem. I can't find anything anywhere about enabling this protocol on the R7000.
Message 3 of 9
fordem
Mentor

Re: Incoming VPN

First - did you create a service to forward port 1723 or did you use the existing pptp service? Second - why do you have two NICs in the server - have you tried this with the primary NIC? Multiple NICs in a single server on the same LAN need to be handled very carefully.

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 4 of 9
xd40c
Novice

Re: Incoming VPN

I have tried forwarding TCP on port 1723 to 192.168.1.13 and forwarding TCP/UDP to same. I also attempted to forward to 192.168.1.106. Neither worked. These are the two IP addresses on the two NICs in the server. Not being IT, I can't give a definitive answer on why two NIC cards. But everything I've read the last few days rather emphatically states that two cards are needed for VPN server. The server I'm using was purchased with two cards. "To be configured as a VPN Server, the server needs to contain two network cards. This makes it a multihomed computer (a fancy name for a computer with two or more network cards), which could also be configured as a router. One network card provides the IP address that the VPN Clients will use to connect to the VPN server (which can be a NIC that is configured with a public IP address for connection to the Internet); the other network card is the VPN server's connection to the local area network." Source: Sams Teach yourself Windows 2008 Server Pg 393 "Setting up a VPN connection requires the server to have at least two network cards installed on the system. This is because the VPN connections must be coming from one network and subsequently passed into a second network, such as from a demilitarized zone (DMZ) network in the internal network." Source: Windows Server 2008 R2 Unleashed Pg 477 This afternoon, after some further investigation, I getting a message the IP is online, but not responding. This is in conjunction with error 807. Thanks! Chris
Message 5 of 9
fordem
Mentor

Re: Incoming VPN

Try using the existing Netgear pptp service rather than creating a custom service for the port forwarding and see what happens. And FWIW, Sams is clueless - you do NOT need two NICs in a Windows server in order to use it as a VPN server, I have done it many times using a single NIC. If you want good books on Windows, try Mark Minasi's Mastering Windows Servers series - I have the NT4, 2000 & 2003 versions on my shelf, I haven't bothered to get the 2008 & 2012 books. Setting up a pptp VPN with Windows RAS (Remote Access Server) lets you connect a remote client (or server, because you can build a VPN between two servers) connect securely to the server - the traffic will flow from the remote network through the pptp tunnel to the server without being passed into any other network, and does not have to be allowed into the "internal" network unless you choose to allow it. I should point out here, that although you can use the Windows server to allow a connection from the remote client through the server to the internal network, you're likely to find the throughput distinctly disappointing - which is the reason I no longer build my VPNs that way. The are few valid reasons to have multiple NICs in a server - apart from "NIC teaming" for increased throughput or redundancy, the only other reason would be if you have a specific need for the server to be on more than one network - for example - it was common with Small Business Server to use the server as the firewall, a configuration I do NOT recommend - this requires two NICs, one for the internal LAN, and the other for the WAN connection.

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 6 of 9
xd40c
Novice

Re: Incoming VPN

I did get this running last night. After I asssigned a static IP pool in RRAS and assigned a static IP in Active Directory Users and Computers, I was able to successfully login.

I was accessing through my iPhone, so it was hardly a speedy connection. I'l take a road trip up to the Starbucks later today and see how the speed looks from there.
Message 7 of 9
xd40c
Novice

Re: Incoming VPN

One other thing, you were correct. The second NIC was not required.
Message 8 of 9
xd40c
Novice

Re: Incoming VPN

Well it appears I have spoken too soon.

Today, I tried to reconnect via the VPN that seem to be working perfectly fine last night, and no luck. Nothing was unplugged or turned off overnight, though the laptop did eventually go into Sleep mode.

I even went to the local library today, to see if getting a better outside line would help

Not only would the VPN not connect, but neither will RDP.

Back to the drawing board. (Or should we now say "Back to Autodad"?)
Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 3125 views
  • 0 kudos
  • 2 in conversation
Announcements