VPN Router under another router

[drbitboy]

I tried all the telnets you suggest and in all of them it says cant open connection on port X , error in connection.

hmmm


wireshark time?

 

[joaco1993]

hmmm


wireshark time?

what should i look for ??

I installed it and pinged the ip 192.168.0.200 and in the line of source (my pc ip) and destination (192.168.0.200) it says

echo ping request no response found

 

[drbitboy]

what should i look for ??

I installed it and pinged the ip 192.168.0.200 and in the line of source (my pc ip) and destination (192.168.0.200) it says

echo ping request no response found

Ping PC2 from PC4, and sniff packets on the 192.168.0.0/255.255.255.0 LAN; you will see packets coming from Router2 192.168.0.200.

 

[ojz0r]

Many routers and firewalls are set to not respond to WAN pings, for security reasons. You dont want to make port scans and sweeps to easy for a potential attacker.



According to the allknowing wikipedia the standard port for PPTP is 1723, not 1732.

A suggestion would be to obfuscate the WAN facing port number by using a random port like 51069 and then bridge it internally to port 1723. That way if there is a brute force attempt they atleast have to know the correct port instead of trying the standard one.

 

[joaco1993]

OK, so i could get to ping the WAN port from PC2. There was an error in the static routing.

Now, in router 1, I forwarded port 1723 to 192.168.0.200 port 1723

However if i try to connect to the VPN from outside, still not working.

Should I forward somethin else ?? or do something else in any of the routers ?

One thing i didnt say is that before router 1 I have a modem from the ISP which is in bridged mode.. so I think this doesnt interfiere with nothing..

Thanks!

 

[drbitboy]

Should I forward somethin else ?? or do something else in any of the routers ?...

It depends on the VPN implementation. There may be other ports that need to opened or even forwarded. The best place to find this would be in the VPN documentation.

 

[BachPhi]

change the subnet to 255.255.254.0

 

[Phil Buchanan]

While it is possible to do this with a lot of work please don't. Somebody else is going to need to come behind you and support this at some point.

Just replace the existing router with the new router with VPN functionality and it will be a common and straight forward setup.

It's not hard to replace a router. Just backup the existing router and remove and install the new one. If you have major issue for some reason which you should not then just up the old one back in place.

If the existing router is doing DHCP then document the pool and setup the new router the same way and document and setup any reservations if any are applied. Same applies for DNS.

This is one of those thing that just because it can be done doesn't make it a good idea.

 

[Dravik]

^ Agreed -

Also, think about what you are asking it to do.
WAN1 - router 1 wan side
WAN2 - router 2 wan side
LAN1 - router 1 lan side
LAN2 - router 2 lan side.

You are trying to forward ports from the WAN side of router 1 to the WAN side of router 2. To accomplish this, you've put WAN2 on the same subnet as LAN1.

So, *if* you get this working, now you need to pass through WAN1, LAN1, WAN2, VPN onto LAN2, back out WAN2 to LAN1. But, devices on LAN1 don't know how to talk BACK to LAN2, that is unless you config port forwarding or DMZ on WAN2.

Just.. Don't.