Tuesday, September 11, 2007

WGR614 & PPTP

If you're not a nerd, or not looking for information on setting up a VPN over PPTP with a Netgear WGR614 (v5), you're probably not going to want to read this post. 

I'm writing this post because I spent hours on multiple occasions trying to figure out why my VPN connection to work had stopped working, seemingly spontaneously. ( I don't use the VPN all that often, so I couldn't figure out when it may have stopped working, and what I might have done. ) I'm hoping that this post will save someone who runs into it on Google.

It turns out that it was a silly change in my Netgear WGR614's settings that I had made to play a game online, compounded with other futile attempts to solve the problem. In essence, you need the following to make a PPTP VPN connection work with this router:
  1. Setup an Address Reservation for your VPN Client machine. ( This isn't strictly necessary, but it makes the next step much more reliable, since your DHCP address won't be changing all the time. )
  2. Add a port forwarding rule for PPTP to the address you just reserved for your client machine. This will make all traffic on port 1723 get past the router and to the client machine.
  3. Make sure that there is no port triggering related to PPTP or port 1723 setup! ( I had tried to set this up, and forgotten about it ( because of the crappy Netgear UI ), and it blocked me for a long time! ).
  4. On the WAN Setup page, ensure that the "Disable SPI Firewall" checkbox is UNCHECKED. ( Some games, in my case GuildWars, require this to be checked to work properly. I now have to switch back and forth on this setting to play GuildWars or use the VPN. Ugh. )
Don't bother trying to setup Port Forwarding or Port Triggering for GRE (protocol 47) or ESP (protocol 50). It won't do any good since the type of traffic you're trying to use there isn't TCP/IP or UDP traffic, and it may actually cause some harm. You also don't need the "Respond to ping on internet port" setting enabled either.

I hope this helps someone sometime in the future. Let me know if it does, or if you need further assistance in getting your setup to work.

15 comments:

  1. oh my goodness...i love you

    this solved my problem - i was about to throw this router against teh wall

    ReplyDelete
  2. Man, this is a killer. I can still not connect to my PPTP VPN behind this router. It just will not authenticate. I removed the 47 GRE from port forwarding, just added it there for kicks. How about the NAT filtering setting, secured or open? MTU size? ARgh.

    ReplyDelete
  3. Man, this is a killer. I can still not connect to my PPTP VPN behind this router. It just will not authenticate. I removed the 47 GRE from port forwarding, just added it there for kicks. How about the NAT filtering setting, secured or open? MTU size? ARgh.

    ReplyDelete
  4. Man, this is a killer. I can still not connect to my PPTP VPN behind this router. It just will not authenticate. I removed the 47 GRE from port forwarding, just added it there for kicks. How about the NAT filtering setting, secured or open? MTU size? ARgh.

    ReplyDelete
  5. I also have an WGR614 v5 (firmware version V1.0.9_1.0.6). Your solution, for some reason, didn't worked for me. What worked at the end was to enable the SPI Firewall (uncheck the "disable SPI firewall" checkbox). I found this tip here (described for v6):

    http://forums.speedguide.net/showthread.php?t=193882

    ReplyDelete
  6. Pure Gold! Worked like a charm - thanks. Perfectly named post too, showed right up at the top of Google!

    ReplyDelete
  7. Nice one!!! Worked a charm

    ReplyDelete
  8. I don't think the port forwarding part (1-3) is necessary. But thanks for pointing out the bit about SPI - I've been trying to get this working for about 2 hours now - thought the server was at fault!!

    ReplyDelete
  9. Excellent tip! Thanks, Ben

    ReplyDelete
  10. Thanks very much for these useful posts. I have a WGR614 v7 and found I could only get my PPTP VPN to work by ENABLING the SPI firewall (Disable SPI Firewall = unchecked). I also used the following settings:

    - Respond to Ping on Internet Port = disabled
    - NAT Filtering = Secured
    - NO port forwarding or port triggering
    - No LAN address reservations

    These settings were compatible with the PPTP VPN, but I think the VPN would also work if they were changed. The real trick seemed to be enabling the SPI firewall.

    ReplyDelete
  11. Thanks! It was step 2 that fixed it for me (Windows XP VPN to a Windows 2008 server running RRAS).

    Initially step 2 did not make sense as I'm the VPN client and not the server. In thinking about it - I recall an explanation about the IP header where the source IP for packets from the remote VPN server may change during the VPN setup. It meant the router was rejecting some inbound traffic as it was not part of an established session.

    ReplyDelete
  12. This worked for me, but I not until I rebooted.

    ReplyDelete
  13. this worked for me on the v6. great - i can use super-fast rdp protocol instead of stupid slow logmein!

    yey!

    ReplyDelete
  14. Thanks, you're a life-saver - I got mine (WGR614v7) working by unchecking "Disable SPI Firewall".

    ReplyDelete
  15. March 2012 and it still works! I have been trying to fix this for months. Thank you for a clear post that works.

    ReplyDelete