Reply
New Visitor
Posts: 20
Registered: ‎07-15-2003
i was wondering, does comcast allow the use of VPN's? if so, i am unsure why mine wont work...

anyone have a good "walk through" as to how to set one up?

i have a linksys router that does support vpn supposivly.
Bronze Star Contributor
Posts: 110
Registered: ‎07-01-2003
You are allowed to use a VPN connection. The set up varies with the software you are using. Also check you routers documentation to verify how it needs to be configured.
Recognized Contributor
johnd
Posts: 4,409
Registered: ‎06-30-2003
The Linksys router should handle a single VPN session. Verify that on the "Filters" section of your router configuration that you have either IPSec or PPTP Pass Through enabled (depending on your VPN setup).
Did your VPN work before you had the router?
New Visitor
Posts: 20
Registered: ‎07-15-2003
yes, i did have both of those filters checked. i have not set up a vpn before. that is why i was wanting to double check that comcast did not filter out the specific ports i needed...

i guess the port forwarding and port triggering part is what i had messed up... does anyone here know the specific ports to forward and share?

what i had set up as software was simply Microsoft's "accept incoming connections". i successfully connected from my laptop to my pc, but could not connect from the other internet pc.

any suggestions would be greatly appreciated.

thanks again.
David.
Recognized Contributor
johnd
Posts: 4,409
Registered: ‎06-30-2003
Dave,

Are you trying to set up your own VPN (not connect to a "corporate" VPN)? If so, what operating systems are installed on the computers you are trying to connect?
New Visitor
Posts: 20
Registered: ‎07-15-2003
ok. i do cad work for a friend in south carolina. i want to be the "Server" of the VPN. i thought i had the VPN side set up correctly as i could connect from my laptop to my pc.

My pc is running Windows 2000 Proffesional.
My Friends PC is running Windows XP. (so is my laptop).

i believe that my router is failing the connection. as when i attempt to connect through the router, it seems to time out.

Do you have any idea what i might be missing? i attepmted to follow these instructions: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q308/2/08.ASP&NoWebContent=1
however, i ran into problems when it said to "Click Start, point to Administrative Tools, and then click Routing and Remote Access." i dont have that shortcut in the administrators toold. i did however start the service manually, and i did discover the service starts when i setup a network connection that "Accepts Incoming connections".

This is the linksys router i have. http://www.linksys.com/support/support.asp?spid=68

perhaps it is not compatable? i have the IPSEC and the PPTP forwarding enabled.

Any ideas? My mind is blown. im pretty computer literate (i run linux on another PC -> Mildly) so im not a total nub, and should be able to follow this if a technical answer follows.

Thanks again.
David.
Recognized Contributor
johnd
Posts: 4,409
Registered: ‎06-30-2003
HI Dave,

We may need help from a higher power here. I am probably around your level (just enough to be dangerous). I have XP Pro on my system.
In looking at Microsoft's Knowledge Base, it appears that the "Routing and Remote Access" feature is available in Win2k Server only. Maybe someone more familar with that area can confirm this. I sounds like you never got the VPN server set up if you did not get pass step 2.
I have another question. Do you have static IP addresses assigned to your local computers? I am not sure how your remote guy would get to your Win2k system if it did not know its address. Do you have both your router and your local PCs set to automatically obtain an IP address (this is the standard set up)? If yes, Comcast would dynamically assign an IP address to your router. The router dynamically assigns an address to your local PCs. Although the addresses may not change much, I am not sure how an outside computer would get through that layer. You can connect from your laptop to your Win2k system because they are on the same Local Area Network.

JohnD
New Visitor
Posts: 3
Registered: ‎07-19-2003
Windows NT4 SP2 + higher and WIN2K both require another box be configured as the VPN "Server". The workstation cannot "serve" and receive. It's hard-wired into the code. Either the guy in South Carolina needs to setup a dedicated VPN server or you do. I don't recall the specific setup, but a relatively benign box running at 350MHz or higher should do it. If I find the specific data in my searches this weekend, I'll come back with some links. Remember, VPN is "dial-up" to NT4 and Win2k. Keep that in mind when skimming over your search results. RAS and other components/services all relate. Alternatively, just install WinXpPro... :-)
New Visitor
Posts: 20
Registered: ‎07-15-2003
hm

i guess i dont understand what it is i i need to do then. i need a machine that is on my network as a VPN machine? if thats all, no problem. i have a linux machine (and old 166) that i could set up to solve that problem. perhaps i need more info on how to set that up.

so how does the VPN work?

You have a Computer A you authenticate to on Network A, and it can be any machine (dedicated VPN machine) and then you have comptuer B on Network A that can talk back and forth becuase they are ont he same network. THen you have Computer C on Network B that talks to Computer A on Network A, but can bridge over to Computer B on Network A becuase of the VPN software that Computer A is running.

Ok did i confuse everyone? Or just myself...?
New Visitor
Posts: 20
Registered: ‎07-15-2003
to clearify an earlier question posted to me, i failed to answer. I am using static IP's behind the linksys router. i have a dynamic ip from comcast that changes, when it feels like it i guess.

if i host a VPN on my linux box, i should be able to make this work then right?

Sweet.
New Visitor
Posts: 9
Registered: ‎07-21-2003
Lots going on here! Let's start at the beginning...
1. A VPN involves a VPN client talking to a VPN server. From this thread, I gather you want to be a VPN server. Fine. It should be running on Windows 2000 Server, although you could run Professional.
2. A VPN invovles a protocol. There are two main protocols for VPNs (not dial-up, as some respondent above mentioned) - PPTP and IPSec. PPTP is much easier to configure, but harder to secure. Both protocols are supported by Windows 2000 and by the Linksys. You need to pick which you are going to use, and on the VPN Server, run the wizard or manually configure for that protocol, and on the Linksys use port forwarding for the correct port for PPTP or IPSec - they are different, and you need to look that up. For some Linksys models you can just check a passthough box. One important difference, IPSec does not work easily over NAT.
3. Forget the Linksys for the moment. Set up your VPN internally. Configure your VPN server as you think it should be, then take another computer on your home network and configure a VPN client on it. You should be able to talk PPTP or IPSec from that client to that server internally over your TCP/IP LAN. If you can't you haven't set up your server and client right. Don't move to the router and cablemodem troubleshooting until this works! Once this works...
4. Remove the cablemodem from the connection to the Linksys. Put the VPN client you used in the previous step where the cablemodem was. (You may need to change the cable from a std to a crossover or vice versa). You also will need to change your IP address on your repositioned client to look like a box on the Internet - use an IP address in the subnet of the external address of the Linksys. If your Linksys got its address via DHCP, reconfigure the Linksys to use a static address - not one on your Internal network! Then you should be able to talk from your newly positioned VPN client through the Linksys to the internal VPN server. If not, you either messed up the settings on the VPN client, or on the Linksys. Keep trying. Do not go on to reconnect the cablemodem until this works! Once this works...
5. Reconfigure the Linksys for DHCP if necessary, and plug the cablemodem back into the Linksys. At that point, take your VPN client (hopefully a laptop) to Kinko's or somewhere and use it to create a VPN connection back to your home. If that doesn't work, you may have an issue with Comcast. Do not attempt to get your friend to connect via VPN to your home until you can connect to it with a known good VPN client. If this does work, then you can start to do over-the-phone troubleshooting with your friend!
6. I have done all of the above before myself with Windows 2000 Server and the Linksys BEFSR11, so I can vouch that it does work. I haven't used Windows 2000 Professional in years, so I am not sure whether it works as well as a VPN server. It does allow you to accept incoming VPN connections, so I suspect that the wizard configures the RRAS service just the way you need it.
Good luck!
/ss