I just setup another Windows 2003 server and tried to get the Linksys units (three of them) to pass PPTP/GRE inbound to the server so that I could RAS into it and never got it to work. In fact, I spent 2 hours with the MS Networking Support Team the other night, just to find that the Linksys units don't pass GRE outbound.
While searching on the Linksys site again, not that CISCO has take over and change the firmware, I found an interesting article that states you have to forward PORT 1723 BOTH to the server AND PORT 47 BOTH to the server. GRE is not a port, it doesn't use PORT 47, but it appears that Linksys has changed the PPTP sessions to require GRE to use PORT 47 in their latest firmware.
I didn't confirm the above, I bought a D-Link DI-808HV unit and it worked fine, heck, it can even act as a PPTP end-point if you want it too.
Someone there is confused. GRE is IP *protocol* 47, and has nothing to do with UDP or TCP, which are two other IP protocols, and "ports" are associated with UDP and TCP. The BEFSR41 has special PPTP passthrough support, but, as you say, that may be for inbound only. You might want to take this to the Linksys forum on dslreports:
Not too long ago I was considering a BEFSR41, and inquired of a friend who has been working in the "small" network realm for many years. I present an excerpt from one of his emails to me on the general subject of home networking, in which he refers to his own set up.
"I went with the Linksys BEFSX41 because in addition to the hardware firewall feature, it also supports VPN end-point which I need for work - the nearest competitive unit Netgear offered would only support VPN pass-thru, not enough for my needs. $60 retail, much less than the $360 I paid for the Webramp unit back in early 2000.
When a router is used as a PPTP end-point in a peer-to-peer network, can the remote computer access a host computer within the network? Once the remote computer validates and connects to the router, how does that computer access another computer behind the router, if it can?
OK, I have been setting up VPN here also... Today I succeded some what. Connection is between 2 BEFSX41 routers.
Net A (My net) running windows 2k pro Net B (His Net) running win XP
I get all my computers in his Network Places but I dont...
Now for MCP6453 the routers all handle the security and tunneling when you get a connection go to network properties and set up a conection for outside computers share the files you want and operate the system as if you added a new computer on you internal net.
I did find one Item that might be helpful... each router that does this end point MUST be on a different subnet.. IE: router A must have an address of say 192.168.1.1 and router B must have the address of 192.168.2.1
You can set up a vpn. In fact, that's what I'm using right now. I'm sitting on my couch, with my notebook, to access my news reader program on my desk top system. Another thing I do, is use the vpn to send smtp mail when I'm away from home. My notebook is configured to access my isp's smtp server, only via the home network. This way, when connected to the internet elsewhere, I can appear to be accessing the smtp server, from home.
I have a DSL account at my office that has access to an excellent news provider. My RoadRunner news server accessible at home is terrible. There is a way that I can set up a proxy server such that I can access my office news server through my home computer. The office DSL has a static IP. How can I access my office news server from home? I do not want to use pcAnywere or Remote Desktop Protocol because of speed.
I know that this can be done, because a guy in bellsouth.net.support.adsl was posting from outside BellSouth when the newsgroup was only available if you were accessing from a BellSouth account. He said that he had a proxy through a friend's computer that was on BellSouth. He has not been heard from in a year, so I cannot ask him for a better explanation.