1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN With WRT54GS ??? How to do

Discussion in 'Cisco/Linksys Wireless Routers' started by romsworld, Aug 31, 2005.

  1. romsworld

    romsworld Network Guru Member

    Hello,

    To create a VPN connection on WRT54GS, we have 2 solutions :

    1) Use a firmware with Server VPN.
    2) Use a VPN Microsft Server and open the port 1723

    I want to use the second.

    A lot of people search how to do ! And anybody found the solution.

    I seek people who succeeded has to make connect itself has their VPN to compare the configuration. (firmware, open port (1723), etc...)

    Exemple :

    Office = > Internet = > WRT54GS At home = > Microsoft SERVER VPN

    THE PB :

    When I launch connection VPN since work, I arrive until A the step of identification, but after I have error 619.

    I thus arrive has to communicate with my VPN server

    In my local area, it work perfectly, si is not a pb of login or password.

    Tks for request.
     
  2. 4Access

    4Access Network Guru Member

    In addition to port 1723 the router needs to be able to forward the GRE protocol (IP protocol 47 - note that this is NOT port 47!) to your VPN server as well. The stock firmware from Linksys does not give you this capability. You'll need to install custom firmware on your router (I'd suggest DD-WRT) so you can make some changes to the iptables rules from the command line.

    Once you've got the custom firmware installed (remember to reset to defaults and then reconfigure the router after the firmware upgrade) try entering the following rules:

    iptables -t nat -I PREROUTING 1 -i vlan1 -p 47 -j DNAT --to-destination <Your VPN Server IP>

    iptables -I FORWARD 2 -d <Your VPN Server IP> -p 47 -j ACCEPT


    If you have v1.x hardware you will probably need to change "vlan1" to "eth1"
     
  3. romsworld

    romsworld Network Guru Member

    humhum, tks for your request !

    I have a WRT54GS 2.0

    And i have Freeman firmware. Is it possible with this firmware ?

    Thanks !

    An other question :

    This is to enable p 47

    iptables -t nat -I PREROUTING 1 -i vlan1 -p 47 -j DNAT --to-destination <Your VPN Server IP>

    iptables -I FORWARD 2 -d <Your VPN Server IP> -p 47 -j ACCEPT


    Is it possible to disable it ? How ?? Add "no" before ?

    no iptables -t nat -I PREROUTING 1 -i vlan1 -p 47 -j DNAT --to-destination <Your VPN Server IP>

    no iptables -I FORWARD 2 -d <Your VPN Server IP> -p 47 -j ACCEPT
     
  4. 4Access

    4Access Network Guru Member

    Yes it should work.

    The above rules tell your router to forward the GRE protocol (needed by MS PPTP VPN's) to your VPN server. I guess in a sense you could think of this as "enabling" it.

    To reverse the changes you would need to delete the rules above or change them to REJECT or DROP the traffic.

    To delete the rules (assuming you haven't added any other custom rules that might change their order in the chain) simply change the "-I" (I for insert) to a "-D" (D for delete). For example:

    iptables -D FORWARD 2
    iptables -t nat -D PREROUTING 1

    (When deleting a rule you only have to specify the rule number.)
     
  5. romsworld

    romsworld Network Guru Member

    Thank a lot for your help ! It work perfectly :clap: :cheer: :thumbup: :thumb:
     

Share This Page