Long time lurker on this newsgroup, first time posting.
I've run into a problem that's stumping me. I have a D-Link DSA-3200
wifi portal device installed at my workplace. We've opened a second
location and I have a need to setup a VPN over the net. The problem
that I'm having is that I cannot for the life of me get the DSA-3200 to
pass TCP port 1723 to the VPN server. D-Link tech support has been
pretty worthless in helping me out with this, so I'm hoping someone
here has worked with one of these devices and can help me out.
On 2 Aug 2006 14:35:19 -0700, "Michael" <radius_sv@yahoo.com> wrote in
<1154554519.526173.61640@p79g2000cwp.googlegroups. com>:
> Hi there..
>
> Long time lurker on this newsgroup, first time posting.
Welcome. This isn't Talk Radio. :)
> I've run into a problem that's stumping me. I have a D-Link DSA-3200
>wifi portal device installed at my workplace. We've opened a second
>location and I have a need to setup a VPN over the net. The problem
>that I'm having is that I cannot for the life of me get the DSA-3200 to
>pass TCP port 1723 to the VPN server. D-Link tech support has been
>pretty worthless in helping me out with this, so I'm hoping someone
>here has worked with one of these devices and can help me out.
There aren't usually port issues on outbound connections, only on
inbound connections. Are you sure this product supports PPTP VPN? If
so, check to make sure PPTP VPN support is enabled.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
John Navas wrote:
> On 2 Aug 2006 14:35:19 -0700, "Michael" <radius_sv@yahoo.com> wrote in
> <1154554519.526173.61640@p79g2000cwp.googlegroups. com>:
>
> > Hi there..
> >
> > Long time lurker on this newsgroup, first time posting.
>
> Welcome. This isn't Talk Radio. :)
LMAO! That wasn't exactly what I was referring to, but ok. :)
> There aren't usually port issues on outbound connections, only on
> inbound connections. Are you sure this product supports PPTP VPN? If
> so, check to make sure PPTP VPN support is enabled.
That's my problem. According to the product documentation, the device
supports PPtP pass through. However, there are no specific options in
the configuration to allow VPN pass through other than to setup a
"virtual server" and forward requests on port 1723 to a specific
internal IP. D-Link tech support has been pretty useless with figuring
this out.
I'm not sure how long this device has been on the market. It really is
a useful little box for providing customers free (or pay) WiFi access
while segmenting off the private internal network. I'm hoping to find
someone with some experience with this device to help me out. :)
On 2 Aug 2006 16:09:02 -0700, "Michael" <radius_sv@yahoo.com> wrote in
<1154560142.645652.72950@b28g2000cwb.googlegroups. com>:
>John Navas wrote:
>> There aren't usually port issues on outbound connections, only on
>> inbound connections. Are you sure this product supports PPTP VPN? If
>> so, check to make sure PPTP VPN support is enabled.
>
> That's my problem. According to the product documentation, the device
>supports PPtP pass through. However, there are no specific options in
>the configuration to allow VPN pass through other than to setup a
>"virtual server" and forward requests on port 1723 to a specific
>internal IP. D-Link tech support has been pretty useless with figuring
>this out.
>
> I'm not sure how long this device has been on the market. It really is
>a useful little box for providing customers free (or pay) WiFi access
>while segmenting off the private internal network. I'm hoping to find
>someone with some experience with this device to help me out. :)
Again, there shouldn't be an issue with _outbound_ connections. Perhaps
the problem is at the other end (e.g., source IP authentication). Try
connections to some other server.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
John Navas wrote:
> On 2 Aug 2006 16:09:02 -0700, "Michael" <radius_sv@yahoo.com> wrote in
> <1154560142.645652.72950@b28g2000cwb.googlegroups. com>:
> Again, there shouldn't be an issue with _outbound_ connections. Perhaps
> the problem is at the other end (e.g., source IP authentication). Try
> connections to some other server.
Unfortunately, I don't have any known working VPN servers to test
with. I have tested the server I set up on our internal network by
connecting to it via our intranet and it does seem to work. This server
is behind the DSA-3200.
However, your statement made me realize that I may have overlooked
something obvious. The client location is running through an ISP
supplied DSL modem. IIRC, this modem has a built in hub/switch. If so,
then the modem most likely has NAT and firewall capabilities. Of
course, this also means that I will have to figure out how to open the
ports I need in that device.
When I get a chance in the next few days I'll have to run over to the
client location and double check all this. I'll report back what I
find.
dOn 3 Aug 2006 09:29:31 -0700, "Michael" <radius_sv@yahoo.com> wrote in
<1154622571.635711.287740@75g2000cwc.googlegroups. com>:
>John Navas wrote:
>> On 2 Aug 2006 16:09:02 -0700, "Michael" <radius_sv@yahoo.com> wrote in
>> <1154560142.645652.72950@b28g2000cwb.googlegroups. com>:
>
>> Again, there shouldn't be an issue with _outbound_ connections. Perhaps
>> the problem is at the other end (e.g., source IP authentication). Try
>> connections to some other server.
>
> Unfortunately, I don't have any known working VPN servers to test
>with. I have tested the server I set up on our internal network by
>connecting to it via our intranet and it does seem to work. This server
>is behind the DSA-3200.
That might be a different security zone. Does your server have IP
authentication on external security zones?
> However, your statement made me realize that I may have overlooked
>something obvious. The client location is running through an ISP
>supplied DSL modem. IIRC, this modem has a built in hub/switch. If so,
>then the modem most likely has NAT and firewall capabilities. Of
>course, this also means that I will have to figure out how to open the
>ports I need in that device.
For NAT/PAT the DSL device would be a router, not just a hub or switch.
Double NAT probably won't allow VPN pass-through (and is a bad idea in
general), so you'll probably need to configure the DSA-3200 as a
wireless access point instead of as a router (as described in the How To
wiki below).
> When I get a chance in the next few days I'll have to run over to the
>client location and double check all this. I'll report back what I
>find.
A private IP address on the WAN port of the DSA-3200 would be a dead
giveaway of a NAT/PAT router on the DSL service.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
VPN (PPtP) tunnel through D-Link DSA3200? 
Linear Mode
