1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PPTP passthrough problem

Discussion in 'Tomato Firmware' started by peterjohn, Aug 30, 2011.

  1. peterjohn

    peterjohn Networkin' Nut Member

    Hi,

    my Home-Network contains a Linksys WRT54GL router with the Tomato 1.28 firmware. Now i'm trying to connect a Synology NAS (with a PPTP VPN-Server on it) in this network, but from an external network. So i have tried the following router settings:

    [1] In Tomato webadmin i created a 'Port Forwarding' (Proto: tcp, Ext Ports: 1723, Int Address: 192.168.1.10 ... the NAS/VPN-Server) and 'NAT Helpers > GRE/PPTP' was checked

    [2] Under 'Scripts > Firewall' i made those additional rules:

    iptables -t nat -I PREROUTING -p tcp --dport 1723 -j DNAT --to 192.168.1.10
    iptables -I FORWARD -p tcp -d 192.168.1.10 --dport 1723 -j ACCEPT
    iptables -t nat -I PREROUTING -p 47 -j DNAT --to 192.168.1.10
    iptables -I FORWARD -p 47 -d 192.168.1.10 -j ACCEPT

    At no time i was able to establish an VNP connection from external networks to my home-network VPN-Server. The VPN-Client log contains:

    I do not understand why IP GRE is not forwarded correctly. TCP Forwards (e.g. port 8080) are working perfect. Does anyone have any idea how I could solve this problem?

    Thanks!
     
  2. Toxic

    Toxic Administrator Staff Member

    GRE is not a port that you can forward, its an IP protocol - not port 47

    try forwarding port 1723
     
  3. Toxic

    Toxic Administrator Staff Member

    also make sure PPTP Pass through is enabled.
     
  4. peterjohn

    peterjohn Networkin' Nut Member

    Thats true. So i had forwarded both, protocol 47 (i think that's GRE) and tcp-port 1723.

    Is there any other option than 'NAT Helpers > GRE/PPTP' in Tomato 1.28 web interface? I only checked this one.

    Telnet from external networks to the VPN-Server ('telnet ***.dyndns.org 1723') was successful, so i think there's a problem with GRE Forwarding.
     

Share This Page