• April 20, 2025, 11:20:44 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DIR-655 - Inbound VPN Connection Problems.  (Read 13165 times)

magnified

  • Level 1 Member
  • *
  • Posts: 3
DIR-655 - Inbound VPN Connection Problems.
« on: November 26, 2008, 10:15:48 AM »
We use a DIR-655 at our company as the router for the office. We previously used a DI-604 and it worked perfectly without any problems for a number of years. We wanted the upgrade to allow wireless connections etc.  Our DIR-655 is connected to our DSL Modem, and also to a Windows Server 2003 Standard Server, which we use as our VPN Server.

We set two forwarding rules:

1) Forward connections from Port 1723 -> VPN Server.
2) Forward all traffic type "47" (GRE) -> VPN Server.

We're seeing mixed results... Sometimes you can connect fine, and other times the client hangs on the "Verifying Username / Password" message.  Checking the log on the DIR-655 indicates that its blocked a GRE packet from xxx.xxx.xxx.xxx when the connection fails. When you connect successfully, the GRE message is not displayed in the log. It appears to pick and choose when it wants to block the GRE packets. Did I set up the port forwarding correctly for the GRE packets?

Has anyone seen this type of behavior before? I tried with FW 1.2 and FW 1.21, but have the same problem.

Any information, things to try would be appreciated.

Thanks.
Mike.
Logged

funchords

  • Level 3 Member
  • ***
  • Posts: 296
Re: DIR-655 - Inbound VPN Connection Problems.
« Reply #1 on: November 26, 2008, 10:59:28 AM »
I don't know why it didn't work, but it doesn't matter.  Delete the two rules you created.

Go to Advanced - Virtual Servers

Create a rule by choosing PPTP from the drop-down list (do not just type it in) and then hit the arrow button to the left of the drop-down list.  Similarly, choose the computer from the drop-down list and hit the arrow button.  Also, choose the activation checkbox for the rule the far left.  Now choose "Save Settings."

If that fails to work the first time, then go to Advanced - Firewall and

1.  Deselect SPI (not sure if this has anything to do with anything, but I have found that the ALG's have caused the ALGs to work incorrectly when SPI is on in some recent FW versions)
2.  Select PPTP in the Application Layer Gateway section (should be enabled for inbound PPTP);

Finally, some recent reports are that certain rules aren't firing if "DNS Relay" is active (and I've definitely seen other problems with it).  That checkbox is found in Setup - Network Settings. 
Logged

magnified

  • Level 1 Member
  • *
  • Posts: 3
Re: DIR-655 - Inbound VPN Connection Problems.
« Reply #2 on: November 26, 2008, 04:01:09 PM »
Thanks for your help.

I tried the steps as you mentioned, and I'm getting the same results unfortunately. It seems that the first connection into the router after being rebooted works without any problem. Subsequent connection attempts fail with the results I posted above.

Failed attempts give me the "Blocked incoming GRE packeting from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx" msg.

I tried different arrangements of the settings you mentioned also... Tick one, reboot.. try again, untick, tick the other etc.. all seem to give the same results.

Is it worth trying with an OLDER firmware? Which do you recommend? Where would I find that?
Logged

magnified

  • Level 1 Member
  • *
  • Posts: 3
Re: DIR-655 - Inbound VPN Connection Problems.
« Reply #3 on: November 26, 2008, 07:21:09 PM »
I installed the 1.10 firmware, set the Virtual Server rule for PPTP, and bingo, it worked.

Keeping everything crossed that this does the trick.

Will know tomorrow once we get a few users connecting in.

Thanks.
Logged