BEFSR41 Linksys Router & VPN Setup

I've tried in the past but never really had solid results for vpn
setup. I have a BEFSR41 linksys router. Would like to understand the
vpn setup process for windows 2000/xp pro configuration.
Been reading alot on the net, obtaining bits and pieces here and there
but nothing real solid.
Please help.
snipped-for-privacy@ureach.com
Reply to
tvos
Loading thread data ...
I just setup another Windows 2003 server and tried to get the Linksys units (three of them) to pass PPTP/GRE inbound to the server so that I could RAS into it and never got it to work. In fact, I spent 2 hours with the MS Networking Support Team the other night, just to find that the Linksys units don't pass GRE outbound.
While searching on the Linksys site again, not that CISCO has take over and change the firmware, I found an interesting article that states you have to forward PORT 1723 BOTH to the server AND PORT 47 BOTH to the server. GRE is not a port, it doesn't use PORT 47, but it appears that Linksys has changed the PPTP sessions to require GRE to use PORT 47 in their latest firmware.
I didn't confirm the above, I bought a D-Link DI-808HV unit and it worked fine, heck, it can even act as a PPTP end-point if you want it too.
Reply to
Leythos
Someone there is confused. GRE is IP *protocol* 47, and has nothing to do with UDP or TCP, which are two other IP protocols, and "ports" are associated with UDP and TCP. The BEFSR41 has special PPTP passthrough support, but, as you say, that may be for inbound only. You might want to take this to the Linksys forum on dslreports:
formatting link

Reply to
CharlesH
I know that GRE is Protocol, but port 47, but the updated documents on Linksys's site indicate that to get it working you need to forward TCP/UDP 47 inbound to the VPN server hosted in your network.
Reply to
Leythos
Not too long ago I was considering a BEFSR41, and inquired of a friend who has been working in the "small" network realm for many years. I present an excerpt from one of his emails to me on the general subject of home networking, in which he refers to his own set up.
"I went with the Linksys BEFSX41 because in addition to the hardware firewall feature, it also supports VPN end-point which I need for work - the nearest competitive unit Netgear offered would only support VPN pass-thru, not enough for my needs. $60 retail, much less than the $360 I paid for the Webramp unit back in early 2000.
Linksys BEFSX41 review here:
formatting link
"
maybe this will help?
dj
Reply to
Dr. Cajones
When a router is used as a PPTP end-point in a peer-to-peer network, can the remote computer access a host computer within the network? Once the remote computer validates and connects to the router, how does that computer access another computer behind the router, if it can?
Reply to
mcp6453
OK, I have been setting up VPN here also... Today I succeded some what. Connection is between 2 BEFSX41 routers.
Net A (My net) running windows 2k pro Net B (His Net) running win XP
I get all my computers in his Network Places but I dont...
Now for MCP6453 the routers all handle the security and tunneling when you get a connection go to network properties and set up a conection for outside computers share the files you want and operate the system as if you added a new computer on you internal net.
I did find one Item that might be helpful... each router that does this end point MUST be on a different subnet.. IE: router A must have an address of say 192.168.1.1 and router B must have the address of 192.168.2.1
KK
Reply to
Kaptain Krunch
Those two addresses aren't necessarily on different subnets. It depends on the netmask being used.
Reply to
Bill M.
You are assigned an IP in the subnet of the LAN side of the router - you access anything you want in the LAN side subnet by IP.
Reply to
Leythos
I see. That makes a lot of sense. Can I use an XP machine to VPN into the router, or must I have two routers?
Reply to
mcp6453
The DI-804HV and DI-808HV can act as PPTP end-points, the Linksys units do not act as PPTP end-points.
Reply to
Leythos
Does that mean that an XP machine can initiate the tunnel, or do I have to have TWO routers providing an endpoint at each end?
Reply to
mcp6453
It means that you can connect to the router using Windows PPTP VPN.
If you were going to connect two VPN routers to each other, you would be better off using IPSec tunnels configured in each router.
Reply to
Leythos
255.255.255.0 that is just what the docs say "subnet", guess it would be more correct to say different addys, however, why wouldnt it work the same if they just had 2 different IP's?
KK
Reply to
Kaptain Krunch
You can use any 2000/xp machine to set up vpn, but there may be a problem with the router passing GRE. there is a doc on the M$ knowledge base...
formatting link

KK
Reply to
Kaptain Krunch
Thats funny, My BEFSX41 is a VPN end point.
KK
Reply to
Kaptain Krunch
2 machines can act as a tunnel,,, see the doc
formatting link

Reply to
Kaptain Krunch
You can set up a vpn. In fact, that's what I'm using right now. I'm sitting on my couch, with my notebook, to access my news reader program on my desk top system. Another thing I do, is use the vpn to send smtp mail when I'm away from home. My notebook is configured to access my isp's smtp server, only via the home network. This way, when connected to the internet elsewhere, I can appear to be accessing the smtp server, from home.
I use OpenVPN.
Reply to
James Knott
Coolness. I think I'll pick one up this weekend and play with it. Thanks for the info.
Reply to
mcp6453
I have a DSL account at my office that has access to an excellent news provider. My RoadRunner news server accessible at home is terrible. There is a way that I can set up a proxy server such that I can access my office news server through my home computer. The office DSL has a static IP. How can I access my office news server from home? I do not want to use pcAnywere or Remote Desktop Protocol because of speed.
I know that this can be done, because a guy in bellsouth.net.support.adsl was posting from outside BellSouth when the newsgroup was only available if you were accessing from a BellSouth account. He said that he had a proxy through a friend's computer that was on BellSouth. He has not been heard from in a year, so I cannot ask him for a better explanation.
Reply to
mcp6453

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.