hi all,
I got some issue with vpn pptp and Wingate.
Clients who are in the same network of the vpn server can easy connect to the windows server 2012 vpn services.
Clients who can connect to the vpn server got Wingate as the gateway.
But clients who got as gateway the cisco router cannot connect to the vpn server.
I already open the port tcp/udp 1723 and i opened also protocol 47 in the router and Wingate.
networks looks like this:
========================
Server VPN clients(those clients can connect to the vpn server)
| |
WingateServer(wingate is also the gateway)
|
| Clients(these cannot connect to the VPN server)
| |
Cisco Router 1841
===========WAN==========
I really don't know what to do anymore.
Greets Chrissyman.
Windows server 2012 VPN PPTP
Moderator: Qbik Staff
10 posts
• Page 1 of 1
Windows server 2012 VPN PPTP
by chrissyman » May 14 13 2:06 am
- chrissyman
- Posts: 2
- Joined: May 14 13 1:08 am
Re: Windows server 2012 VPN PPTP
by adrien » May 14 13 12:51 pm
Hi
how are the DMZ clients configured to connect to the VPN? They shouldn't need to go out through the cisco to get to the external interface of WinGate.
Regards
Adrien
how are the DMZ clients configured to connect to the VPN? They shouldn't need to go out through the cisco to get to the external interface of WinGate.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Windows server 2012 VPN PPTP
by Roberts » May 15 13 8:57 pm
I made a my own account, crissyman is a colleague account.
The DMZ clients are on the same network as the VPN server and they can connect.
But every client from the outside cannot connect to the VPN server Error 807.
here is a better view of the network
=================LAN==================(network 10.20.10.x/24)
VPN-server AC-DNS-DHCP
| |
| | ___ Client.1
| ||
====Wingate=======================(wingate WAN-address 192.168.1.2/24 LAN-address 10.20.10.1/24)
|
| wifi
| | client.2
| | |
======Cisco router================(network 192.168.1.x/24)(Cisco router LAN-address 192.168.1.1)
Client.1 network config
10.20.10.31
255.255.255.0
10.20.10.1
Client.2 network config
192.168.1.31
255.255.255.0
192.168.1.1 ( i try 192.168.1.2 but that doesn't work ether.)
Clients.1 in the 10.20.10.x can connect to the VPN server.
Clients.2 in the 192.168.1.x cannot connect to the VPN server.
Protocol 47 forward automatically if port 1723 is forwarded?
Regards,
Robert
adrien wrote:Hi
how are the DMZ clients configured to connect to the VPN? They shouldn't need to go out through the cisco to get to the external interface of WinGate.
Regards
Adrien
The DMZ clients are on the same network as the VPN server and they can connect.
But every client from the outside cannot connect to the VPN server Error 807.
here is a better view of the network
=================LAN==================(network 10.20.10.x/24)
VPN-server AC-DNS-DHCP
| |
| | ___ Client.1
| ||
====Wingate=======================(wingate WAN-address 192.168.1.2/24 LAN-address 10.20.10.1/24)
|
| wifi
| | client.2
| | |
======Cisco router================(network 192.168.1.x/24)(Cisco router LAN-address 192.168.1.1)
Client.1 network config
10.20.10.31
255.255.255.0
10.20.10.1
Client.2 network config
192.168.1.31
255.255.255.0
192.168.1.1 ( i try 192.168.1.2 but that doesn't work ether.)
Clients.1 in the 10.20.10.x can connect to the VPN server.
Clients.2 in the 192.168.1.x cannot connect to the VPN server.
Protocol 47 forward automatically if port 1723 is forwarded?
Regards,
Robert
- Roberts
- Posts: 4
- Joined: May 15 13 8:34 pm
Re: Windows server 2012 VPN PPTP
by adrien » May 15 13 11:36 pm
Hi Robert
yes GRE is forwarded along with TCP port 1720.
But you should be able to route between those 2 subnets rather than NAT?
in the port forward for port 1720, do you have the option enabled to not translate source IP? If so, then the VPN server would need to have a route back to the 192.168.1.x subnet via the WinGate computer.
Adrien
yes GRE is forwarded along with TCP port 1720.
But you should be able to route between those 2 subnets rather than NAT?
in the port forward for port 1720, do you have the option enabled to not translate source IP? If so, then the VPN server would need to have a route back to the 192.168.1.x subnet via the WinGate computer.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Windows server 2012 VPN PPTP
by Roberts » May 16 13 12:05 am
adrien wrote: yes GRE is forwarded along with TCP port 1720.
Do i need open port 1720 for PPTP?
Only port for PPTP i opened is 1723 TCP.
And this is how i opened the port.
WinGate->Control Panel->Extended Networking->Connections from the Internet to DMZ computers->port 1723 to 1723 TCP internet computers to DMZ-> Redirect packet to IP address 10.20.10.19 clock connection failures.
Got some else VPN working with Wingate and Windows server 2012?
Regards,
Robert
- Roberts
- Posts: 4
- Joined: May 15 13 8:34 pm
Re: Windows server 2012 VPN PPTP
by adrien » May 16 13 2:12 am
Hi Robert, sorry my bad, it is port 1723.
is the 192.168.1.x marked as external?
yes we have other customers running WinGate on 2k12. Haven't had any other reports about PPTP forwarding, but I don't know how much it is used. It should work same as NAT - e.g. if NAT is working, then this should work also.
Regards
Adrien
is the 192.168.1.x marked as external?
yes we have other customers running WinGate on 2k12. Haven't had any other reports about PPTP forwarding, but I don't know how much it is used. It should work same as NAT - e.g. if NAT is working, then this should work also.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Windows server 2012 VPN PPTP
by Roberts » May 16 13 2:26 am
adrien wrote: is the 192.168.1.x marked as external?
Yes 192.168.1.x is indeed marked as external network, 10.20.10.x is marked as internal network.
The Cisco router got NAT configuration and working, can internet browsing etc.
Does Wingate automatically NAT?
Regards,
Robert
- Roberts
- Posts: 4
- Joined: May 15 13 8:34 pm
Re: Windows server 2012 VPN PPTP
by adrien » May 16 13 2:37 am
Hi
yes WinGate will NAT if you have it enabled (it is on by default). the circumstances under which it will do address translation are:
1. traffic from internal network to DMZ or external network (as judged by adapter usage)
2. traffic from internal network where the destination matches a default route (so this allows for single NIC NAT)
3. port redirection. In this case it may translate source and/or destination
can you telnet on port 1723 to the PPTP server from the 192.168.1.x clients?
regards
Adrien
yes WinGate will NAT if you have it enabled (it is on by default). the circumstances under which it will do address translation are:
1. traffic from internal network to DMZ or external network (as judged by adapter usage)
2. traffic from internal network where the destination matches a default route (so this allows for single NIC NAT)
3. port redirection. In this case it may translate source and/or destination
can you telnet on port 1723 to the PPTP server from the 192.168.1.x clients?
regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Windows server 2012 VPN PPTP
by Roberts » Jun 13 13 8:45 pm
I'm sorry for my late reaction.
I replace the Wingate server for a cheap Linksys router (with dd-wrt rom) and forward port 1723, and clients reaches the vpn server.
I replace the Wingate server for a cheap Linksys router (with dd-wrt rom) and forward port 1723, and clients reaches the vpn server.
- Roberts
- Posts: 4
- Joined: May 15 13 8:34 pm
Re: Windows server 2012 VPN PPTP
by adrien » Jun 14 13 4:56 pm
Hi
We'll have another look into this, it should work without any issues and has done in the past, although I haven't personally tested it for a while.
Sorry you had to resort to the router.
Regards
Adrien
We'll have another look into this, it should work without any issues and has done in the past, although I haven't personally tested it for a while.
Sorry you had to resort to the router.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 98 guests