Help!!! WRT54GS v1.0 w/ DD-WRT v.24 SP1 VPN - Not working

[NightOps]

As stated above...I have a Linksys WRT54GS V1.0 running DD-WRT v.24 SP1 VPN.
I have a Windows 2003 R2 Server running DHCP/DNS for the LAN
Router is the VPN Server, with PPTP/IPSec/L2TP pass-through enabled.
I also have Port Forwarding setup for 1723, 500, 50-51 to the router IP (192.168.1.1)
Under PPTP Server I have the following:
Server IP: 192.168.1.1
Client IP: 192.168.1.151-160 (outside of the server's IP Pool range)
CHAPS-secret user * password *

Loopback: disabled

I have even set the router as the DMZ...still no luck

I am using the Windows XP Network Connection client.

When I go to connect, it hops right to Verifying username/password, but after about 15 seconds, it throws an Error 619, port was closed.

I've heard odd stories about a lack of true VPN support on the WRT54G/GS models that cause GRE packets to not get passed properly. I'm half tempted to get the DIR-655, but I want to check all possibilities before I go out and buy a $100 piece of hardware that may have the same issue(s).

I've verified that my IP address that I'm connecting from @ work does not fall within the range of IPs potentially assigned by the VPN.

Also, if I'm sitting @ home, I can connect on VPN locally without any problems on my Vista x86 machine.

Thanks!

 

[NightOps]

Bump! Now considering using Himachi

 

[NightOps]

Bump

 

[Wrench00]

Firstly Install Syslogd server(kiwi enterprises have a really good syslog server thats free) Configure your router to dump syslog so you can see what is going on. I doubt its the router cause I have an VPN server on a Win2k boxen running behind a DD-WRT firewall everything works fine. I didn't port foreward anything. I am using Linksys WRT54G V2.2.

Did you try VPNing directly on the lan to see if your PPTP config is even working properly?

BTW PPTP sucks. I would make the router the VPN server. Use the build in OpenVPN Daemon. Download and install OpenVPN (32 bit only atm, 64 bit didn't work that well on my vista boxen.) I see your using the DDWRT VPN version why wouldn't you USE the features of that particular Firmware.

You could also setup your router to do be Dynamic DNS. Then you go access to you whole network with not real fancy setups plus its very VERY easy to configure.

 

[NightOps]

Install it...on my 2k3 Server? Isn't it a Linux/Unix tool? Or do you mean to enable it inside of the DD-WRT firmware?

As for local VPN - as I noted in my post - it works fine.

Yup...PPTP sux.... IPSec is tons better, but PPTP requires 0 additional software. I toyed with OpenVPN, but probably didn't stick with it long enough. I think I stumbled onto Himachi not to long after installing OpenVPN.

As for your comment: "I see your using the DDWRT VPN version why wouldn't you USE the features of that particular Firmware." I have no clue what you mean. My DD-WRT router running the VPN flavor IS the VPN Server, as noted in my initial post. My router's IP is 192.168.1.1. My 2k3 box is static @ 192.168.1.10 and runs DHCP/DNS/IIS/File Server. I have no intention of relying on RRAS if I don't *need* to.

Yup..No-IP is running. Using it to dynamically pull the IP for my C-Name entry that I actually use. This way I can pick up my equipment, drop it at another location with broadband, and I don't have to do squat.

 

[fwei]

The dd-wrt VPN version includes OpenVPN. That's the only difference between the VPN flavor and the STD flavor (removal of some uneeded services to make space, too).

Try using OpenVPN. Its pretty amazing.

 

[NightOps]

How many tunnels/concurrent users will it support? I have to admit...for ease of use - I'm still leaning towards Hamachi.

 

[fwei]

Not many. It actually depends on the power of the system. On a standard wrt54gs router, probably 3 users for reasonable speeds. If you overclock it, then 4 or 5.
If you have openvpn running on a computer, then its a lot more.

 

[YeOldeStonecat]

What is the wrt54g sitting behind on the WAN side?

 

[NightOps]

Huh? What is the wrt54g sitting behind on the WAN side? Well, it's (as I note in the title of the tread) a Linksys WRT54GS v1.0 using DD-WRT Firmware v24 SP1 (VPN flavor). EDIT: Technically, it's not sitting behind anything on the WAN side except my ISP. My connection is Cinergy MetroNet Fibre Optic.

If you are asking WHY, it's not sitting behind anything. It goes from my fiber line through standard Cat5e straight into my WRT54GS. From there, I actually pass it through a 24-port unmanaged Linksys switch and all DHCP/DNS goes through my 2k3 server. The WRT54GS is there to primarily act as my initial point of connection from the oustide world, and to filter traffic from going directly to my 2k3 Server. Not to mention, it's to provide wireless access inside my house.

 

[YeOldeStonecat]

I realize (from the name of the device)..that..well, I already know what the device is. I didn't ask "What is the make/model/firmware of your router"..I can see that. I'm quite familiar with DD and Linky routers.

I asked what it's sitting behind...meaning what's plugged into it on the WAN interface. Seeing you finally mention that it's plugged into a fiber line which plugs into.....

ah N/M, smart alec replies like "as I noted" make me lose my patience to assist.

Huh? What is the wrt54g sitting behind on the WAN side? Well, it's (as I note in the title of the tread) a Linksys WRT54GS v1.0 using DD-WRT Firmware v24 SP1 (VPN flavor).

If you are asking WHY, it's not sitting behind anything. It goes from my fiber line through standard Cat5e straight into my WRT54GS. .

 

[NightOps]

Not trying to be rude, but if your question had been clearly stated, you would have gotten an answer without any 'smart alec' reply. Also, I cannot 'make' you lose your patience...you chose to lose it on your own. I appreciate the fact that you did view the thread and decided to take a stab at helping. I apologize if I offended you, as it was not my intention - I was left guessing at what you meant by your reply and decided to answer any potential information I felt I might have possibly excluded that might pertain to what I was guessing was your question.

As I see that you have contributed many times to countless threads involving networking and etc, I would appreciate your assistance if you feel so inclined.