Question : Problem: VPN to home network troubleshooting

Hi,

I set up a windowx XP vpn server at home and tried to
connect to it from outside but failed. However, I'm
able to make vpn connection inside my home network.
Comparing the packet sequence between the success and
failed connection, it looks like VPN server cannot
tal GRE to outside VPN client. Could anyone point me
what the problem might be ? (router firmware ? setting ? ...)

Thanks !!

Vincent

Network configuration:

Home network: 216.101.10.101 (for explanation only, not real ip)

Router: Linksys NR041 (Network Everywhere,
firmware version 1, release 08)
- port 1723 forwarded to 192.168.1.108
- Black WAN Request: disable
- PPTP Pass Through: enable
- L2TP Pass Through: enable
- IPSec Pass Through: enable

VPN_Server: 192.168.1.108 (Windows XP Prof)

VPN_Client1: 192.168.1.101 (Windows VPN Client)

Hot Spot network:

VPN_Client2: 192.168.10.31 (Windows VPN Client)

I'm able to create VPN connection from VPN_Client1 to
VPN_Server through my home internet ip (216.101.10.101,e.g.)
within my home network. However, I'm not
able to make connection from VPN_Client2 from an outside
hotspot internet connection.

The following is the failed connection packet sequence:

****** Sequence I (failed) *

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0X00000000 SYN
Length : 62

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0X9BBFD18C SYN ACK
Length : 62

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XD413755F ACK
Length : 54

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XD413755F PSH ACK
Length : 210

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0X37C0D18C PSH ACK
Length : 210

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0X7014755F PSH ACK
Length : 222

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0XDFC0D18C PSH ACK
Length : 86

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0X9014755F PSH ACK
Length : 78

192.168.10.31 -> 216.101.10.101
IP: ID = 0x0125, Protocol = GRE, Length = 80(0x0050)
Length : 94

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0XF7C0D18C ACK
Length : 60

192.168.10.31 -> 216.101.10.101
IP: ID = 0x0126, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x0127, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x0128, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x0129, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x012A, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x012B, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x012C, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x012D, Protocol = GRE, Length = 80(0x0050)
Length : 94

192.168.10.31 -> 216.101.10.101
IP: ID = 0x012E, Protocol = GRE, Length = 80(0x0050)
Length : 94

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0XF7C0D18C PSH ACK
Length : 70

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XA014755F PSH ACK
Length : 202

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0X8BC1D18C ACK
Length : 60

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XA014755F PSH ACK
Length : 70

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0X9BC1D18C PSH ACK
Length : 70

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XB014755F FIN ACK
Length : 54

216.101.10.101:1723 -> 192.168.10.31:1056
TCP: src = 1723, dst = 1056, ack = 0X9CC1D18C FIN ACK
Length : 60

192.168.10.31:1056 -> 216.101.10.101:1723
TCP: src = 1056, dst = 1723, ack = 0XB114755F ACK
Length : 54

Sequence II (success) *******

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0X00000000 SYN
Length : 62

216.101.10.101:1723 -> 192.168.1.101:1426 62
TCP: src = 1723, dst = 1426, ack = 0X61AB68C6 SYN ACK
Length : 62

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0XDE2ADAE5 ACK
Length : 54

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0XDE2ADAE5 PSH ACK
Length : 210

216.101.10.101:1723 -> 192.168.1.101:1426
TCP: src = 1723, dst = 1426, ack = 0XFDAB68C6 PSH ACK
Length : 210

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0X7A2BDAE5 PSH ACK
Length : 222

216.101.10.101:1723 -> 192.168.1.101:1426
TCP: src = 1723, dst = 1426, ack = 0XFDAB68C6 ACK
Length : 60

216.101.10.101:1723 -> 192.168.1.101:1426
TCP: src = 1723, dst = 1426, ack = 0XA5AC68C6 PSH ACK
Length : 86

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0X9A2BDAE5 ACK
Length : 54

192.168.1.101:1426 -> 216.101.10.101:1723
TCP: src = 1426, dst = 1723, ack = 0X9A2BDAE5 PSH ACK
Length : 78

216.101.10.101:1723 -> 192.168.1.101:1426
TCP: src = 1723, dst = 1426, ack = 0XBDAC68C6 ACK
Length : 60

192.168.1.101 -> 216.101.10.101
IP: ID = 0x18E5, Protocol = GRE, Length = 80(0x0050)
Length : 94

216.101.10.101 -> 192.168.1.101
IP: ID = 0x8C4A, Protocol = GRE, Length = 97(0x0061)
Length : 111

192.168.1.101 -> 216.101.10.101
IP: ID = 0x18E6, Protocol = GRE, Length = 48(0x0030)
Length : 62

216.101.10.101 -> 192.168.1.101
IP: ID = 0x8C4B, Protocol = GRE, Length = 80(0x0050)
Length : 94

216.101.10.101 -> 192.168.1.101
IP: ID = 0x8C4C, Protocol = GRE, Length = 93(0x005D)
Length : 107

192.168.1.101 -> 216.101.10.101
IP: ID = 0x18E7, Protocol = GRE, Length = 48(0x0030)
Length : 62

216.101.10.101 -> 192.168.1.101
IP: ID = 0x8C4D, Protocol = GRE, Length = 93(0x005D)
Length : 107

Answer : Problem: VPN to home network troubleshooting

I would expect a remote system to show up as a natted IP public address, not as its original 192.168.10.31 IP..
Try this reg hack:
Reference:
http://support.microsoft.com/default.aspx?scid=kb;en-us;271731

If you want your PPTP client that is running either Windows XP SP1 or Windows 2000 SP4-or-later to permit a connection to a PPTP server that replies with a different IP address, you must turn off PPTP address validation. To do so, follow these steps. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate the following subkey, where <000x> is the network adapter for the WAN Miniport (PPTP) driver:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\<000x>
4. On the Edit menu, point to New, and then click DWORD Value.
5. Type ValidateAddress, and then press ENTER.

Note By default, the Data value is 0 (Off).
6. Quit Registry Editor.
7. Restart your computer.

Random Solutions

Problem: Why does Notorn Ghost mess up my OS image?

Problem: 20" Olevia "Out of Range"

Problem: Server will not boot after adding /PAE to boot.ini in order to use 16gb ram

Problem: WTF's up with my iSCSI network config ???

Problem: Where to find driver and firmware for the tape drive

Problem: Can I buy another wireless keyboard 'adaptor'

Problem: checking for xauth... no, configure: error: configuring with X but xauth not found - aborting

Problem: Power Supply Adapter Ratings and Country-Specific Voltages

Problem: Initial Config - Dell Powerconnect 6248p

Problem: Cannot get Itunes to go to Itunes store - iTunes could not connect to iTunes Store. Make sure you network connection is active and try again"