Posted: Tue May 11, 2010 15:46 Post subject: Can you pptp vpn behind another router?
I think this may be a dumb question for some, but Im asking just to make sure.
Scenario:
My main router is a WNR3500 w/ddwrt. I just got a non dd-wrt supported router (DIR-655) to test which I placed as my main router and the WNR3500 is connected to it as a wireless bridge. I miss the PPTP VPN access that was built in ddwrt and wondered if this could still work (in some way) even though the device is not longer hosting my internet connection? _________________ R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
Got it figured out and working just fine! Wireless Client Bridge with PPTP VPN working from the 2nd router. DD-WRT rocks! _________________ R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
Here's a pic of the setup I wanted to accomplish. It's similar to the first line except that my DIR-655 is wirelessly bridged to the WNR3500 and the WNR3500 acts as the vpn endpoint. (if you dont have a dd-wrt capable router then youll have to use a computer or another device as the vpn endpoint)
Here's some links for reference to get you familiar:
Here's how I did it. (refer to links 1 & 2) I set my DIR-655 ip as 192.168.1.1 (you could set this to whatever you want), which will also be the default gateway address. Setup your DDNS service and anything else. For the wireless side you have to pick a specific wireless channel, channel width, encryption type, SSID and password, etc.
On the dd-wrt router (refer again to links 1, 2 & 3) set router address to 192.168.1.2 with the default gateway the ip address from the first router which was 192.168.1.1. On the wireless side while the router is in AP mode, setup the specific wireless channel, channel width, encryption type, SSID and password, etc exactly as the host AP. Setup your DDNS service if you wish (although I dont think it matters since the host router is setup with ddns already plus the ddns updates dont occur to the second router as it seems to not work going from wan to wireless lan). Under VPN the server ip will be the IP address of dd-wrt router since its hosting the VPN endpoint. For me it was 192.168.1.2 finally change it client bridge and save and apply settings.
Back to the hosting router the DIR-655. (refer to link 4) Youll need to forward ports or create virtual servers to allow the vpn traffic to come through. I chose the virtual server route as mentioned in the link.
on my router dir-655, you will need to set this in the virtual server list...
Gre:
Under traffic type, the protocol is "Other", and set to 4. The public and private field should greyed out. Ip, is ip to your server or vpn endpoint. For my case it was 192.168.1.2
pptp:
Under traffic type, the protocol is "TCP", and set to 6. The public and private field is set to 1723. Ip, is ip to your server or vpn endpoint.
Make sure your software firewall allows this. (you can disable it)
Make sure in the ALG section that pptp is checked. (all the options there should be already checked by default)
If everything is setup successfully youll should be able to create and connect to a vpn connection successfully (refer to link 3) In addition to this I have full access to both routers. I can type the ip address of either router and get to the router page successfully. I can also remote manage the routers as well. _________________ R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
1. I have a DIR 655 as the primary router (192.168.0.1)
2. I have WRT54GL with dd-wrt as Client Bridge setup (192.168.0.2)
3. I've registered with dyndns.com for the dns service.
4. Right now, both routers are functioning one in the main room, which is the main route, DIR 655.
The other, WRT54GL, is a Client Bridge setup wireless in another room for another PC.
I will have to change it to a 'Wireless Bridge' from what I understand.
5. I have a Windows Home Server running right now connected to the DIR 655.
6. From what I understand, I need to setup the DDNS service in the main router, DIR 655. My question here, which tab is that located under in the Administration menu.
7. After that, than I setup the DD-WRT router, under the VPN section a you identified.
8. Then I setup the DIR-655 based on your paragraph.
Do you think I've captured it all, I am wondering if I can leave the DD-WRT as a 'Client Bridge instead of a 'Wireless Bridge'
Im sorry, client bridge is the correct option. I dont think theres an option for "wireless bridge" in dd-wrt but you are right. And everything else you mentioned is correct. On the DIR-655 go to tools> dynamic dns. Set everything up there and I recommend you set the hours to 24, so that service checks for an ip change everyday to minimize your down time. Let me know how it works out. _________________ R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
Hi criris - did you setup your DD-WRT router as a 'Repeater Bridge'?
I changed the DD-WRT I had yesterday from a 'Client Bridge' to a 'Repeater Bridge', will do the rest of the steps tonight.
Not sure if I want to keep it as a Repeater Bridge, since I know now having two SSID the bandwidth for wireless clients is cut in half.
I think only Repeater Bridge mode would work, since I am not sure how the DD-WRT would point to the Windows Home Server IP (192.168.0.100) -- Let me know what you have your setup as whether it is 'Client Bridge' or 'Repeater Bridge'.
I have mine setup as client bridge. No need to repeat the original signal if its already strong throught your space. _________________ R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
6. From what I understand, I need to setup the DDNS service in the main router, DIR 655. My question here, which tab is that located under in the Administration menu.
I mentioned it before in the previous post. (you must be sleepy...) _________________ R8000 stock
WNDR3700v1 w/gargoyle
2 x WNDR3700v4 modded w/external attennas w/dd-wrt
TEW-673GRU w/dd-wrt
WNDR3300 w/dd-wrt
WNR3500_v2 w/dd-wrt mini
WRT350N_v1 modded w/WPCN600 card w/dd-wrt mega
1. One question I have is in the DIR-655 menu under Tools --> DDNS, what is the username/password? Is that the username/password to log into www.dyndns.org?
I have the following settings there:
Server Address: www.DynDNS.com (Free)
Host Name: xxx.dyndns.org
username: Is the username I login to dyndns.com
password: Is the password I login to dyndns.com
Timeout: 24 hours
Status: Connected
Wait - I guess the DIR setting is fine since it says the status is connected.
So that is not the Issue then.
This is the error i get in Windows 7 when trying to connect.
When I connect it says Port opened - verifying username/password -- then it says Connection to xxx.dyndns.org using 'WAN miniport (PPTP)', then it fils with this error:
"Connection to xxx.dyndns.org using "WAN miniport (L2TP)"
Error 800: The remote connection was not made because the attemped VPN tunnels failed. The VPN server might be unreachable. IF this connection attempting to use an L2TP/IPsec tunnel. If the security parameters required for IPsec negotiation might not be configured properly."
Following your steps further in the Windows Firewall in the Exceptions, I created a entry for VPN, port 1723 under TCP in the Windows Home Server OS.
Still now luck
"
Make sure your software firewall allows this. (you can disable it)
Make sure in the ALG section that pptp is checked. (all the options there should be already checked by default) "
"on my router dir-655, you will need to set this in the virtual server list...
Gre:
Under traffic type, the protocol is "Other", and set to 4. The public and private field should greyed out. Ip, is ip to your server or vpn endpoint. For my case it was 192.168.1.2
pptp:
Under traffic type, the protocol is "TCP", and set to 6. The public and private field is set to 1723. Ip, is ip to your server or vpn endpoint."
I realized I had set the IP to be my Windows Home Server which is 192.168.0.100 instead of the VPN Endpoint, which is the DD-WRT router 192.168.0.2
Now, I get this error after it connects:
Error 619: A connection to the remote computer could not be established, so the port used for this connection was closed.