Hi
I'm trying to set up incoming VPN connections on an XP Pro Machine.
I have it all working with the XP firewall disabled, but not with it enabled...
I have opened port 1723/tcp but how do I open IP port 47 ie GRE protocal?
Thanks for any help
Dave
According to Microsoft you don't have to open IP protocol (not port) 47:
"Any PPTP traffic that uses a GRE header to encapsulate Point-to-Point Protocol (PPP) frames will pass directly through Windows Firewall. Non-PPTP traffic that uses GRE is filtered by Windows Firewall."
Triffid
This is not port 47, but protocol 47 of the transport layer. If you don't understand the difference, please don't offer services to the Internet at all, but first learn much more about networking in general and about the TCP/IP network protocol family.
A good starting point would be "TCP/IP" from Craig Hunt, or at least:
Yours, VB.
The OP says it works until he turns on Windows Firewall, so he suspects Windows Firewall is the problem (you snipped that part).
Are you saying his PPTP traffic may have been mangled by a NAT appliance such that Windows Firewall doesn't recognise it as PPTP?
Triffid
Many cheap NAT devices don't properly handle PPTP inbound, some don't properly handle it outbound.
If you want to PPTP inbound to a device behind a NAT appliance, there is a workaround where you Forward PORT 47 inbound the the VPN device. Yea, it isn't pretty, but that's how Linksys and others get around their broken PPTP firmware.
No, I did miss the Windows Firewall part - and it's the NAT appliances the mangles GRE that I was addressing.
Thanks for your replies....
XP firewall must operate differently to 2k3 Server.... I actually have a VPN running on a 2K3 server machine without any problems - didn't even need to make any exceptions for the firewall....
I've actually read some MS documentation that actually states - to use the vpn of xp, you have to disable the firewall - how stupid is that!!
So I think my plan now, is to experiment with third party firewalls - preferably free ones... Anyone got any experience on this front?
Gonna try ZoneAlarm first.....
Cheers
Just for anyone that wants to know - the way I got round this was to install Norton Personal Firewall 2006 and put the remote IP address in the trusted zone.
Theres only one remote user and they are on a fixed IP, so this soltion works, but MS really should make their firewall work with their own software!
Long version
Short version.
Duane :)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.