ddrueding
Fixture
I get to be an expert at setting up a microsoft VPN on Monday. Any particular suggestions on where to start?
Microsoft VPN stuff?
- Thread starter ddrueding
- Start date
CougTek
Hairy Aussie
ddrueding
Fixture
Thanks, now for the server part 
ddrueding
Fixture
Mercutio
Fatwah on Western Digital
Hope you aren't trying to do L2TP. Many SOHO routers can't forward IP by protocol, which is something L2TP needs to work.
Yet another reason to set up a Smoothie I guess.
Yet another reason to set up a Smoothie I guess.
ddrueding
Fixture
I love smoothwalls; but in this instance they think they want a Microsoft VPN solution. Therefore I need to at least prove my competence at that before explaining why a smoothie is better. So L2TP is out, will PPTP work better?
time
Storage? I am Storage!
I hope you're talking about teleworker access rather than site-to-site VPN. I just checked your link, and AFAIK M$ still doesn't support permament connections - i.e. the client has to dial the server and the VPN drops when you logout.
I think the main reason PPTP isn't widely used is because it is insecure. Isn't it only an authentication protocol without data or header encryption? (I may be way off base here).
Lastly, you're talking about two Windows PCs trying to keep it together with a Microsoft software-based solution while facing the uncertain conditions of the Internet. The couple of implementations I've seen were not reliable, although you may well have the advantage of a decent telecomms infrastructure.
Having said all that, it should be relatively easy to make it work.
I think the main reason PPTP isn't widely used is because it is insecure. Isn't it only an authentication protocol without data or header encryption? (I may be way off base here).
Lastly, you're talking about two Windows PCs trying to keep it together with a Microsoft software-based solution while facing the uncertain conditions of the Internet. The couple of implementations I've seen were not reliable, although you may well have the advantage of a decent telecomms infrastructure.
Having said all that, it should be relatively easy to make it work.
ddrueding
Fixture
Yay! Draytek routers and teleworker access! Someone around here liked the Drayteks...was it in the Aussie crowd? Anything I should know about?
time
Storage? I am Storage!
Yeah - they actually work. How about sharing a teensy bit more info?
ddrueding
Fixture
The client purchased a Draytek 33-something. Apparently with support for v-lans and 4 WAN connections? Anyway, as part of a larger setup I'm doing on this thing, I need to set it up for users to use the standard windows VPN client to connect with the thing. Is L2TP an option or would household routers on the client side still break things?
time
Storage? I am Storage!
The Draytek Vigor 3300 is a fairly serious piece of hardware, eg, up to 200 IPSec tunnels! Yes, it supports either 3 or 4 WAN connections, depending on model.
AFAIK, L2TP should work through any reasonable consumer router. It's a while since I tried it, so I'm a bit vague now - you may have to redirect ports to effect passthrough. Draytek provide a software utility to help configure the Windows client, if you need it.
It all sounds like fun. Go forth and tunnel.
AFAIK, L2TP should work through any reasonable consumer router. It's a while since I tried it, so I'm a bit vague now - you may have to redirect ports to effect passthrough. Draytek provide a software utility to help configure the Windows client, if you need it.
It all sounds like fun. Go forth and tunnel.
ddrueding
Fixture
Sounds like a lot of fun; I like playing with new hardware. But the pressure will be on on this one. This Tuesday I have to walk into the client's office and act like I already know what I'm talking about.
time
Storage? I am Storage!
You've probably thought of this, but you can download the manuals.
You can also take a test drive, which is very cool. 8)
You can also take a test drive, which is very cool. 8)
ddrueding
Fixture
Well, everything seemed to go like a charm. Unfortunatly, it doesn't actually work. The Draytek's interface is relatively straightforward, with just a few syntactical PITAs that were quickly sorted. I went into:
VPM-PPTP-General Setup
...and set
Active
MS-CHAPv2
MPPE 40 bits / 128 bits
Local Auth
VPM-PPTP-Group Table
...and set the reserved IP range
VPM-PPTP-User Profile
...and added a few users
I just can't get the connections to work. Thoughts? Are there other settings elsewhere that are necissary?
VPM-PPTP-General Setup
...and set
Active
MS-CHAPv2
MPPE 40 bits / 128 bits
Local Auth
VPM-PPTP-Group Table
...and set the reserved IP range
VPM-PPTP-User Profile
...and added a few users
I just can't get the connections to work. Thoughts? Are there other settings elsewhere that are necissary?
Mercutio
Fatwah on Western Digital
Do you have a Draytek at each end point or are you connecting to something else?
Just curious, since I have no Draytek experience.
Just curious, since I have no Draytek experience.
ddrueding
Fixture
This is for remote users, and is supposed to be using the microsoft VPN client. I have also tried their client without success.
time
Storage? I am Storage!
It's not a client, it's just a 'wizard' to configure the Windows client.
Draytek has posted firmware update 2.5.7 on their website in the last few days (May 15). The release notes include this:
It may or may not be relevant, but it sounds like a firmware upgrade may be in order, especially since this router is a completely new design with a new user interface. In particular, the multiple WAN interfaces probably complicate things.
Draytek has posted firmware update 2.5.7 on their website in the last few days (May 15). The release notes include this:
It may or may not be relevant, but it sounds like a firmware upgrade may be in order, especially since this router is a completely new design with a new user interface. In particular, the multiple WAN interfaces probably complicate things.
time
Storage? I am Storage!
Also, have you looked at the Application Notes? There are 41 so far for the 3300; 8 are about VPNs and one is titled "VPN PPTP Host-to-LAN by Smart VPN Client".
Have you tried turning off encryption and enabling PAP on the Windows client (unencrypted password)?
Sorry I can't give more precise help, but I've never used a 3300. As before, I'd be more than happy to help you debug it - just PM me.
Have you tried turning off encryption and enabling PAP on the Windows client (unencrypted password)?
Sorry I can't give more precise help, but I've never used a 3300.
As before, I'd be more than happy to help you debug it - just PM me.
ddrueding
Fixture
Thanks Time. I did do the firmware update, and I'll try the things you suggested on Monday. If they don't work, perhaps I'll get you some router time?