Windows VPN Server and DD-WRT v24-sp2 Based Router

[MoveOver]

We have a SOHO setup with Windows 2008 Server as DC.

 

The Server is configured as VPN Server as well (PPTP)

 

The setting was working perfectly and we had remote access outside the LAN through VPN to the internal resources.

 

For some reason the DSL router was reset to factory defaults.

 

Later everything is working apart from VPN. Both VPN Passthrough and Port forwarding have been configured but of no use.

 

VPN can be connected through local Ip but not through WAN Ip.

 

Help Needed!!!

 

 

 

 

 

[GreenMartian]

I'm not familiar enough with dd-wrt, as I'm using Tomato with built in PPTP server; but I remember from when I was using an old Cisco that I had to enable pass-through of another protocol.

 

Edit: Found it: GRE. http://blogs.technet.com/b/rrasblog/archive/2006/06/14/which-ports-to-unblock-for-vpn-traffic-to-pass-through.aspx

[TPreston]

Why don't you use SSTP ?

[MoveOver]

Here are the screenshots of the router web admin...

 

Am i missing something....

 

I cant change any settings on server, just need to configure the router settings after the factory reset.

 

192.168.10.1 is Local IP of Server

[+BudMan MVC]

And as mentioned where is your GRE forward.. Passthru is from the inside going out, not the outside going in.

I do believe you have to forward it via cmdline on the dd-wrt box

iptables -t nat -I PREROUTING -d `nvram get wan_ipaddr` -p 47 -j DNAT --to 192.168.10.1

iptables -I FORWARD -d 192.168.10.1 -p 47 -j ACCEPT

No that is not -p for port, but protocol you could also use -p gre in both lines.

You may need to verify that the modules are loaded, something like

/sbin/insmod xt_connmark

/sbin/insmod xt_mark

/sbin/insmod nf_conntrack_proto_gre

/sbin/insmod nf_conntrack_pptp

/sbin/insmod nf_nat_proto_gre

/sbin/insmod nf_nat_pptp

Should be good, also you do understand that 1723 is TCP, not tcp and udp ;)

And PPTP -- Really in this day and age, PPTP has been deprecated for YEARS!!

[MoveOver]

Budman please see if i am doing it right..

 

Should i copy paste the above 2 commands in the command shell and hit the run command button?

 

Do i need to restart the device?

 

PS: I know PPTP is ancient but there is nothing i can do about it at the moment,

[+BudMan MVC]

That should work sure, I would do one line at a time.. Why are you not just at a ssh/telnet prompt?

As to restarting the device - no I don't believe you should have to.. Been a long time since I played with actually using dd-wrt as edge router.. I run it currently, but only as AP.. I outgrew soho devices at my edge years and years ago ;)

They just do not have enough umph for my needs.. dd-wrt makes them useable for sure.

While your playing with your router - they released new build few days back.

ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2013/12-12-2013-r23082/

[MoveOver]

Unfortunately the script didn't work. Maybe my settings are not correct :(

[+BudMan MVC]

Saw your PM, see my reply -- can you post your rules, PM is fine.. also maybe `nvram get wan_ipaddr' didn't work.. Might have to use your actual wan IP in that.. You ran one at a time right, what was the response? I would really suggest you work at prompt vs that script gui thing.

I might be able to find some time later this morning to TV in. Have to run to work here in a bit. Do a google for dd-wrt forwarding GRE. There is no way it will work unless GRE is forwarded to your PPTP machine. Who setup the original working config? You sure they just didn't put the think in DMZ? I would not suggest that, nor would I really use my DC open to the public net either ;)

[MoveOver]

Thanks Budman, Let me work on the things you have suggested. I will reply later.

[+BudMan MVC]

I bet you he just DMZ'd it to be honest.. But creating the specific rules is best, or you expose every thing that DC is listening on.