Port forwarding not working for VPN

Question

Level 1

0 points

Port forwarding not working for VPN

Hi there,

I am at a loss as to what I am doing wrong with regards to setting up a VPN. I admit this is all completely new territory for me, and I am learning as I go along, so may have overlooked something very obvious.

I have openned up the VPN ports on the router (500, 1701, 4500 - UDP; 1723 - TCP), and can confirm from the logs that they are letting traffic in ok.

So that leaves the server itself - testing using an open port checking tool confirms all ports I have open in the router firewall, and active and accessible on the server, except the VPN ports and service, are indeed open and accessible.

The VPN service is running, and I have ensured the services are available within the firewall service for 'all', and all services available for the 192.168.1.xxx range.

I have indicated that the VPN should use the range - 10.0.0.1 to 200

The DNS and DHCP services on the server are running. At the domain resgitsrar, I have indicated that the subdomain I am using to access the server and its services via the web should point to the static IP I have from the ISP.

I should mention that if I use the local IP address of the server, I can connect ok, it is only when I use the static IP that I am unable to connect.

Every other port opens up successfully - FTP (21), Web (80/443), etc - just not the ones for the VPN, so I assume there is some sort of conflict between or within the the VPN/DHCP/DNS services or with the VPN service itself.

Any advice and potential solutions would be greatly appreciated, as I have spent quite a bit of time trying to figure this one out by myself.

Thanks in advance, and I hope to hear from folk soon.

Chris

Posted on Jan 10, 2012 4:08 AM

Reply

Answer 1

KingRT Author

Level 1

0 points

Jan 13, 2012 5:12 AM in response to KingRT

Is there anybody who can offer me some advice? I have looked at previous discussions, but have yet to find a solution.

If someone can please help me, I would really appreciate it!

Reply

Answer 2

KingRT Author

Level 1

0 points

Jan 16, 2012 5:22 AM in response to KingRT

To provide some more details, I carried out a Port Scan of the Mac Mini Server (10.6), using Network Utility, and it did not list ports 500, 1701 or 4500 - it listed all others I have opened in the Firewall, but not those ones!

I enabled PPTP within the VPN service, and it shows up in the Port Scan.

On my macbook pro, I get the following in the ppp.log file after I try and connect using the external static IP address:

Mon Jan 16 12:33:18 2012 : IPSec connection started

Mon Jan 16 12:33:28 2012 : IPSec connection failed

Please can someone provide me with some advice and support in order to deal with this problem.

Thanks in advance,

Chris

Reply

Answer 3

KingRT Author

Level 1

0 points

Jan 30, 2012 2:41 AM in response to KingRT

Can anyone help me please?! This is still ongoing, and not a single person has offered me any advice, or asked for more details in order to be able to offer some sort of advice.

Can someone please point me in the right direction at the very least.

Thanks in advance

Reply

Answer 4

tcsadmin

Level 1

31 points

Jan 30, 2012 7:19 AM in response to KingRT

One problem I had setting up my VPN was the ORDER of port traffic on my router. My VPN wasn't working because traffic was getting routed to the mail server before it ever had a chance to hit my VPN redirects. Moving VPN up the "stack" solved the problem.

I'm not sure this is your issue but it appears you have more traffic than just VPN being directed through your router?

Reply

Answer 5

Jun 16, 2012 3:40 AM in response to KingRT

Hi RT, I am having the same problem with my VPN server did you ever find a solution?

Reply

Answer 6

Apr 13, 2014 11:46 AM in response to KingRT

Have you ever found a solution because i now also have this problem?

Reply

Answer 7

tcsadmin

Level 1

31 points

Apr 14, 2014 6:08 AM in response to ethanvivario

Well, my VPN is working just fine. And I assume that the prior issue got resolved?

What, specifically, is your problem? What have you done so far?

Reply

Answer 8

Apr 14, 2014 6:13 AM in response to tcsadmin

Well I have forwarded the udp ports for vpn and they are still not opening but all other forwarded ports are open.

Reply

Answer 9

tcsadmin

Level 1

31 points

Apr 14, 2014 6:40 AM in response to tcsadmin

OK - here's how my router is configured:

NAT (Type = Destination) Public IP address to VPN Server IP address (I had a problem when I didn't have the NAT Type set properly)

I have a separate public IP address reserved for VPN traffic, but that's not necessary if you set up the order of the rules on your router properly. It's just easier to have a separate IP address.

These are the ports I have open:

UDP - 500

UDP - 1701

TCP - 1723

TCP - 3283

UDP - 3283

UDP - 4500

TCP - 5900

TCP - 5988

I have these ports open to accomodate remoting in via Apple Remote Desktop.

However, since Mavericks, I can't use ARD anymore. But I can use Back to My Mac and Screen Sharing (go figure!) to get to my server and then from the server I can use ARD within the network.

Don't know if that helps or not, but it works for me.

Reply