Question : Problem: VPN to home network troubleshooting

Hi,

I set up a windowx XP vpn server at home and tried to
connect to it from outside but failed. However, I'm
able to make vpn connection inside my home network.
Comparing the packet sequence between the success and
failed connection, it looks like VPN server cannot
tal GRE to outside VPN client. Could anyone point me
what the problem might be ? (router firmware ? setting ? ...)

Thanks !!

Vincent

Network configuration:

Home network: 216.101.10.101 (for explanation only, not real ip)

Router: Linksys NR041 (Network Everywhere,
firmware version 1, release 08)
- port 1723 forwarded to 192.168.1.108
- Black WAN Request: disable
- PPTP Pass Through: enable
- L2TP Pass Through: enable
- IPSec Pass Through: enable

VPN_Server: 192.168.1.108 (Windows XP Prof)

VPN_Client1: 192.168.1.101 (Windows VPN Client)

Hot Spot network:

VPN_Client2: 192.168.10.31 (Windows VPN Client)

I'm able to create VPN connection from VPN_Client1 to
VPN_Server through my home internet ip (216.101.10.101,e.g.)
within my home network. However, I'm not
able to make connection from VPN_Client2 from an outside
hotspot internet connection.

The following is the failed connection packet sequence:

****** Sequence I (failed) *

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0X00000000 SYN
Length : 62

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0X9BBFD18C SYN ACK
Length : 62

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XD413755F ACK
Length : 54

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XD413755F PSH ACK
Length : 210

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0X37C0D18C PSH ACK
Length : 210

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0X7014755F PSH ACK
Length : 222

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0XDFC0D18C PSH ACK
Length : 86

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0X9014755F PSH ACK
Length : 78

192.168.10.31 -> 216.101.10.101
IP: ID = 0x0125, Protocol = GRE, Length = 80(0x0050)
Length : 94

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0XF7C0D18C ACK
Length : 60

192.168.10.31 -> 216.101.10.101
IP: ID = 0x0126, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x0127, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x0128, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x0129, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x012A, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x012B, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x012C, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x012D, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x012E, Protocol = GRE, Length = 80(0x0050)
Length : 94

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0XF7C0D18C PSH ACK
Length : 70

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XA014755F PSH ACK
Length : 202

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0X8BC1D18C ACK
Length : 60

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XA014755F PSH ACK
Length : 70

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0X9BC1D18C PSH ACK
Length : 70

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XB014755F FIN ACK
Length : 54

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0X9CC1D18C FIN ACK
Length : 60

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XB114755F ACK
Length : 54

Sequence II (success) *******

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0X00000000 SYN
Length : 62

216.101.10.101:1723 -> 192.168.1.101:1426 62
TCP: src = 1723, dst = 1426, ack = 0X61AB68C6 SYN ACK
Length : 62

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0XDE2ADAE5 ACK
Length : 54

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0XDE2ADAE5 PSH ACK
Length : 210

216.101.10.101:1723 -> 192.168.1.101:1426
TCP: src = 1723, dst = 1426, ack = 0XFDAB68C6 PSH ACK
Length : 210

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0X7A2BDAE5 PSH ACK
Length : 222

216.101.10.101:1723 -> 192.168.1.101:1426
TCP: src = 1723, dst = 1426, ack = 0XFDAB68C6 ACK
Length : 60

216.101.10.101:1723 -> 192.168.1.101:1426
TCP: src = 1723, dst = 1426, ack = 0XA5AC68C6 PSH ACK
Length : 86

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0X9A2BDAE5 ACK
Length : 54

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0X9A2BDAE5 PSH ACK
Length : 78

216.101.10.101:1723 -> 192.168.1.101:1426
TCP: src = 1723, dst = 1426, ack = 0XBDAC68C6 ACK
Length : 60

192.168.1.101 -> 216.101.10.101
IP: ID = 0x18E5, Protocol = GRE, Length = 80(0x0050)
Length : 94

216.101.10.101 -> 192.168.1.101
IP: ID = 0x8C4A, Protocol = GRE, Length = 97(0x0061)
Length : 111

192.168.1.101 -> 216.101.10.101
IP: ID = 0x18E6, Protocol = GRE, Length = 48(0x0030)
Length : 62

216.101.10.101 -> 192.168.1.101
IP: ID = 0x8C4B, Protocol = GRE, Length = 80(0x0050)
Length : 94

216.101.10.101 -> 192.168.1.101
IP: ID = 0x8C4C, Protocol = GRE, Length = 93(0x005D)
Length : 107

192.168.1.101 -> 216.101.10.101
IP: ID = 0x18E7, Protocol = GRE, Length = 48(0x0030)
Length : 62

216.101.10.101 -> 192.168.1.101
IP: ID = 0x8C4D, Protocol = GRE, Length = 93(0x005D)
Length : 107

Answer : Problem: VPN to home network troubleshooting

I would expect a remote system to show up as a natted IP public address, not as its original 192.168.10.31 IP..
Try this reg hack:
Reference:
http://support.microsoft.com/default.aspx?scid=kb;en-us;271731

If you want your PPTP client that is running either Windows XP SP1 or Windows 2000 SP4-or-later to permit a connection to a PPTP server that replies with a different IP address, you must turn off PPTP address validation. To do so, follow these steps. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate the following subkey, where <000x> is the network adapter for the WAN Miniport (PPTP) driver:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\<000x>
4. On the Edit menu, point to New, and then click DWORD Value.
5. Type ValidateAddress, and then press ENTER.

Note By default, the Data value is 0 (Off).
6. Quit Registry Editor.
7. Restart your computer.

Random Solutions

Problem: Replaced motherboard/keyboard problems

Problem: HP digital sender scanner

Problem: Does a USB Pendrive make system changes?

Problem: HP 2510 Scan Wirelessly

Problem: Is there such thing as "RAID Ready" Hard drive?

Problem: Windows Vista opening sound chime distorted

Problem: Insufficient online or nearline media is available to start job

Problem: Routing between 2 NICs on the Windows 2003 Server R2

Problem: Issues with Itunes

Problem: 10/100mbps NIC card only works at 10mbps on a 10/100mbps hub?