1. Home
  2. Virtual Private Networks
  3. XP VPN server behind Linksys error 721

XP VPN server behind Linksys error 721

I'd like to run the XP pro VPN server (accept incomming connections) behind a Linksys WRT54G router temporarily until I get a better VPN endpoint. When I try using the stock firmware, there's no way to allow GRE (protocol 47) to pass from outside to inside, and so I get the Error 721 error from the Windows VPN client.

I installed HyperWRT + Thibor-15c firmware and enabled telnet. Can somebody please explain how to:

  1. Change rules to allow this VPN client & server e.g. # iptables -A INPUT -p 47 -j ACCEPT # iptables -A OUTPUT -p 47 -j ACCEPT But then I need port forwarding, etc. Can someone please help me with these iptables statements?

  1. How to save this so that it will be permanent accross reboots?

  2. I read somewhere that the IP addresses handed to the client can't be within the same network/mask (e.g. if I run
192.168.1.0/255.255.255.0, then perhaps the clinet gets 192.168.50.x). Is this true?

Thanks for any help!

(Please excuse the 'burp' when replying (b))

Reply to
Jaz
Loading thread data ...

Hi, Can't help with the iptables stuff sorry. Point 3, the client should get an IP address in the same subnet, the problem is that their home subnet shouldn't be in the same subnet as yours. Most home routers are either on 192.168.0.x 192.168.1.x or

192.168.2.x so if you can make sure you avoid these for the central site. I use a class C out of the 172.18.192 private address range which is pretty free from home users subnets. simon
Reply to
Simon

Error 721 is a clear indicator of GRE not being transmitted properly.

I have a WRT54g with several versions of Firmware, it will not allow PPTP in or out properly, even the latest firmware does not fix this.

I have several other units that work fine, but, generally, 721 is always GRE problems.

Switch from Linksys to D-Link and your problems should go away.

You might also consider using an access point instead of an all-in-one box setup.

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.