VPN Passthrough Not working

Discussion in 'Tomato Firmware' started by uffez, Jan 4, 2008.

    uffez

    Hi, I switched from DD-WRT to Tomato 1.13 - and I am really happy. Rock solid. BUT, I will have to switch back by tomorrow since I´m unable to provide VPN Passthrough to enable access from a wireless WinXP-machine to the office. The PC client uses SafeNet SoftRemote.
    This was working without any extra settings out of the box in DD-WRT v23 (where I believe there was a single manual tickbox to enable it) - but it constantly fails now. I´m able to connect, but as soon as I try even to browse the intranet through the tunnel it disconnects...

    Anyone knows a resolution?
    TerminatorHTK

    See the thread entitled '1.13 and PPTP Pass through'. I am having the same problem with GRE packets and PPTP passthru. I have tried manually entering the rules instead of using the GUI, and have not had any success. However, the author of that thread has made PPTP work with manual entries. You can try and see what your success is.

    I'm convinced there is a problem with the PPTP passthru (GRE packets) and will probably give up for now since I have workarounds. I'm using RDP forwarded to various PCs using different ports.

    Hopefully this can be fixed in a future version? Is there anyway to report this as a problem to try and get it fixed?
    Toxic

    email the author on his website
    TerminatorHTK

    OK...thx. I've sent email to him regarding this issue.
    uffez

    VPN Passthrough appears to be "magic" somehow. It works "out-of-the-box" using DD-WRT e.g. V23 SP3, but I have tried Tomato without any luck. I have also tested OpenWrt - same story. So, I guess the only way to succeed is to revert to DD-WRT - unfortunately, since I do prefer Tomato or even Openwrt....

    Would be interesting, though, to know what magic is actually happening in DD-WRT that apparently can not be done in other firmwares....
    ifican

    Thibor would work for you as well. There is no magic to it, as stated above that particular version of tomato, if passthru is not working as it should is not forward GRE packets correctly. It sounds as if the vpn passthru is not turned on as that is exactly how it would work then as well. Nat works by translating outgoing source ip's from your internal network to the internet (your routers ip that it gets from your isp) via source and destination port pair combination. VPN's no matter what flavor they are use standard ports but also use other protocols to connect, it is these other protocols that the router does not know what to do with so it drops them. I would venture to guess that if you put the ip of the machine you are using in the dmz, it might just work. Also turn on inbound logging and you should see the packets that i am talking about being dropped.
    uffez

    Have tried to change firewall rules with this setting:

    iptables -A input_wan -p esp -j ACCEPT
    iptables -A input_wan -p udp --dport 500 -j ACCEPT
    iptables -A input_wan -p udp --dport 4500 -j ACCEPT

    BUT, I can´t see that they are being set (using Tomato 1.13). Not visible in iptables --list nor in the "dump" from debugging menu. Have tried several reboots - doesn´t seem to "take"...
