Multiple VPN connections from behind a NAT - Netgear and L..

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,

I have a Netgear router at home and my home network is behind the NAT
network provided by this router. I connect from this home network to
work using Windows XP's built in VPN software. What I am finding is
that if two client machines from my home network start VPN tunnels to
outside, only one of them works. The other one does not. A single VPN
tunnel works perfectly.

Is this problem with Netgear equipment (WGR614v4)? They claim that
they can do 2 VPN passthrough tunnels through the router. Do other
routers out there support multiple VPN passthrough tunnels?

From reading the protocol specs and problems of IPSec through NAT, it
seems like it would be impossible for routers to do more than one
unless the router itself initiates the VPN tunnel.

Thanks
-Pawan
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Maybe it means 1 PPTP Tunnel and 1 IPSEC/L2TP tunnel? Some routers
specifically support multiple tunnels while others don't... Try
looking at the Netgear support forum at
http://www.broadbandreports.com to see if others have come up with a
solution (maybe a firmware update, perhaps) for your particular
router.

Jeffrey Randow (Windows Net. & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On 24 Apr 2004 16:06:44 -0700, k2k2e6@yahoo.com (Pawan Singh) wrote:

>Hi,
>
>I have a Netgear router at home and my home network is behind the NAT
>network provided by this router. I connect from this home network to
>work using Windows XP's built in VPN software. What I am finding is
>that if two client machines from my home network start VPN tunnels to
>outside, only one of them works. The other one does not. A single VPN
>tunnel works perfectly.
>
>Is this problem with Netgear equipment (WGR614v4)? They claim that
>they can do 2 VPN passthrough tunnels through the router. Do other
>routers out there support multiple VPN passthrough tunnels?
>
>From reading the protocol specs and problems of IPSec through NAT, it
>seems like it would be impossible for routers to do more than one
>unless the router itself initiates the VPN tunnel.
>
>Thanks
>-Pawan
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

> I have a Netgear router at home and my home network is behind the NAT
> network provided by this router. I connect from this home network to
> work using Windows XP's built in VPN software. What I am finding is
> that if two client machines from my home network start VPN tunnels to
> outside, only one of them works. The other one does not. A single VPN
> tunnel works perfectly.

The Linksys Etherfast routers seem to have problems with more than one PPTP
connection to the _same PPTP server_, as it seems the router doesn't know
how to tell the difference between packets from one PPTP client and from the
other. Or maybe it's the server that can't tell the difference because it's
ignoring other tokens placed in the IP packets by the NAT router. All the
server sees, after all, is GRE (Protocol 47) packets coming from some IP
address, but it's the IP address of the router and not the stations behind
it.

If I need to use a scenario like this, I tend to jump from Linksys right to
Snapgear, and have the Snapgear router perform the PPTP connection instead
of the stations behind it. Snapgear can NAT the PPTP connection so you
don't need to route a network back to the Snapgear, but Win2K and Win2K3
Server PPTP supports that if you want.

--
PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
What's a PGP Key? See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>
 

Bob

Distinguished
Dec 31, 2007
3,414
0
20,780
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On 24 Apr 2004 16:06:44 -0700, k2k2e6@yahoo.com (Pawan Singh) wrote:

>I have a Netgear router at home and my home network is behind the NAT
>network provided by this router. I connect from this home network to
>work using Windows XP's built in VPN software.

You should specify which VPN: PPTP or IPSec. Later you do mention
IPSec so the reader has to presume you meant IPSec from the outset.

>What I am finding is
>that if two client machines from my home network start VPN tunnels to
>outside, only one of them works. The other one does not. A single VPN
>tunnel works perfectly.

Are both tunnels connecting to the same VPN Server or different VPN
Servers?

I believe MS VPNs only support one connection at a time, so if you are
trying to connect two VPN Client machines to one remote VPN Server,
that may be the problem.


--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

After extensive research on the web, I will post this for future
user's benefit:

1. Most home user routers do not support multiple IPSec or PPTP or
L2TP passthroughs through the NAT.

2. Most companies tech support agent are clueless about problem #1 - I
personally was on the phone with Level 2 tech support guys at Linksys,
Netgear and Dlink and none of them knew much. They knew only to
regurgitate the product data sheets which simply claim VPN
passthroughs without letting you know how many you can pass through.

3. Number of passthroughs are important only if you have multiple
adult workers working remotely from home and need to join separate
VPNs. The solution in this case is to buy more expensive routers which
do multiple passthroughs or buy routers which actually "terminate" an
IPSec, L2TP or PPTP tunnels. Even here, you will find many expensive
routers (> $150) which terminate IPSec tunnels, but very few of them
terminate L2TP or PPTP tunnels.

4. It is very hard to find information about routers which do #3. Most
of the time you will find routers which terminate IPSec tunnels. But
many users like me want routers which terminate PPTP or L2TP and
information on that is very hard to come by. Someone in this email
chain pointed Snapgear which can terminate PPTP or L2TP but I am
assuming it will be an expensive router.

If anyone knows about a sub $150 router which can terminate multiple
IPSec or multiple PPTP or multiple L2TP connections and also do
multiple IPSec passthroughs and multiple PPTP passthroughs and
multiple L2TP passthroughs, please reply on this post because Google
search will help future users.

Please do not reply if you are not well versed in this field because
it will only confuse future users who search these forums looking for
information.

-Pawan


spam@spam.com (Bob) wrote in message news:<408bc45a.86543272@news-server.houston.rr.com>...
> On 24 Apr 2004 16:06:44 -0700, k2k2e6@yahoo.com (Pawan Singh) wrote:
>
> >I have a Netgear router at home and my home network is behind the NAT
> >network provided by this router. I connect from this home network to
> >work using Windows XP's built in VPN software.
>
> You should specify which VPN: PPTP or IPSec. Later you do mention
> IPSec so the reader has to presume you meant IPSec from the outset.
>
> >What I am finding is
> >that if two client machines from my home network start VPN tunnels to
> >outside, only one of them works. The other one does not. A single VPN
> >tunnel works perfectly.
>
> Are both tunnels connecting to the same VPN Server or different VPN
> Servers?
>
> I believe MS VPNs only support one connection at a time, so if you are
> trying to connect two VPN Client machines to one remote VPN Server,
> that may be the problem.
 

jrc

Distinguished
Apr 22, 2004
7
0
18,510
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I find it interesting that you consider anything over $150 "expensive",
considering the functionality you seek. I also doubt you will find many
self-respecting manufacturers terminating L2TP or PPTP.

By the way, what kind of wacky setup do you have where you need to support
L2TP, PPTP and IPSec all at the same time?



"Pawan Singh" <k2k2e6@yahoo.com> wrote in message
news:79c5552.0404252119.5a7e0d00@posting.google.com...
> After extensive research on the web, I will post this for future
> user's benefit:
>
> 1. Most home user routers do not support multiple IPSec or PPTP or
> L2TP passthroughs through the NAT.
>
> 2. Most companies tech support agent are clueless about problem #1 - I
> personally was on the phone with Level 2 tech support guys at Linksys,
> Netgear and Dlink and none of them knew much. They knew only to
> regurgitate the product data sheets which simply claim VPN
> passthroughs without letting you know how many you can pass through.
>
> 3. Number of passthroughs are important only if you have multiple
> adult workers working remotely from home and need to join separate
> VPNs. The solution in this case is to buy more expensive routers which
> do multiple passthroughs or buy routers which actually "terminate" an
> IPSec, L2TP or PPTP tunnels. Even here, you will find many expensive
> routers (> $150) which terminate IPSec tunnels, but very few of them
> terminate L2TP or PPTP tunnels.
>
> 4. It is very hard to find information about routers which do #3. Most
> of the time you will find routers which terminate IPSec tunnels. But
> many users like me want routers which terminate PPTP or L2TP and
> information on that is very hard to come by. Someone in this email
> chain pointed Snapgear which can terminate PPTP or L2TP but I am
> assuming it will be an expensive router.
>
> If anyone knows about a sub $150 router which can terminate multiple
> IPSec or multiple PPTP or multiple L2TP connections and also do
> multiple IPSec passthroughs and multiple PPTP passthroughs and
> multiple L2TP passthroughs, please reply on this post because Google
> search will help future users.
>
> Please do not reply if you are not well versed in this field because
> it will only confuse future users who search these forums looking for
> information.
>
> -Pawan
>
>
> spam@spam.com (Bob) wrote in message
news:<408bc45a.86543272@news-server.houston.rr.com>...
> > On 24 Apr 2004 16:06:44 -0700, k2k2e6@yahoo.com (Pawan Singh) wrote:
> >
> > >I have a Netgear router at home and my home network is behind the NAT
> > >network provided by this router. I connect from this home network to
> > >work using Windows XP's built in VPN software.
> >
> > You should specify which VPN: PPTP or IPSec. Later you do mention
> > IPSec so the reader has to presume you meant IPSec from the outset.
> >
> > >What I am finding is
> > >that if two client machines from my home network start VPN tunnels to
> > >outside, only one of them works. The other one does not. A single VPN
> > >tunnel works perfectly.
> >
> > Are both tunnels connecting to the same VPN Server or different VPN
> > Servers?
> >
> > I believe MS VPNs only support one connection at a time, so if you are
> > trying to connect two VPN Client machines to one remote VPN Server,
> > that may be the problem.
 

Bob

Distinguished
Dec 31, 2007
3,414
0
20,780
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Mon, 26 Apr 2004 06:58:35 -0400, "JRC" <pooh@jrehmconsulting.net>
wrote:

>By the way, what kind of wacky setup do you have where you need to support
>L2TP, PPTP and IPSec all at the same time?

Clearly some third-world garage shop.

Although all Level 1 tech support is worthless for serious technical
inquiries - and Linksys is no exception - they do have an extensive
knowledge base which explains how to set up their routers for VPN.

Google is not the place to be asking VPN questions.

--

Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/

"You can all go to hell, and I will go to Texas."
--David Crockett
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Or getting L2TP working with NAT... :)

Now of course, there is the Linksys router out there that can be
reprogrammed with different firmware (linux kernel) that could
possibly support this under your $150 limit...

Jeffrey Randow (Windows Net. & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Mon, 26 Apr 2004 06:58:35 -0400, "JRC" <pooh@jrehmconsulting.net>
wrote:

>I find it interesting that you consider anything over $150 "expensive",
>considering the functionality you seek. I also doubt you will find many
>self-respecting manufacturers terminating L2TP or PPTP.
>
>By the way, what kind of wacky setup do you have where you need to support
>L2TP, PPTP and IPSec all at the same time?
>
>
>
>"Pawan Singh" <k2k2e6@yahoo.com> wrote in message
>news:79c5552.0404252119.5a7e0d00@posting.google.com...
>> After extensive research on the web, I will post this for future
>> user's benefit:
>>
>> 1. Most home user routers do not support multiple IPSec or PPTP or
>> L2TP passthroughs through the NAT.
>>
>> 2. Most companies tech support agent are clueless about problem #1 - I
>> personally was on the phone with Level 2 tech support guys at Linksys,
>> Netgear and Dlink and none of them knew much. They knew only to
>> regurgitate the product data sheets which simply claim VPN
>> passthroughs without letting you know how many you can pass through.
>>
>> 3. Number of passthroughs are important only if you have multiple
>> adult workers working remotely from home and need to join separate
>> VPNs. The solution in this case is to buy more expensive routers which
>> do multiple passthroughs or buy routers which actually "terminate" an
>> IPSec, L2TP or PPTP tunnels. Even here, you will find many expensive
>> routers (> $150) which terminate IPSec tunnels, but very few of them
>> terminate L2TP or PPTP tunnels.
>>
>> 4. It is very hard to find information about routers which do #3. Most
>> of the time you will find routers which terminate IPSec tunnels. But
>> many users like me want routers which terminate PPTP or L2TP and
>> information on that is very hard to come by. Someone in this email
>> chain pointed Snapgear which can terminate PPTP or L2TP but I am
>> assuming it will be an expensive router.
>>
>> If anyone knows about a sub $150 router which can terminate multiple
>> IPSec or multiple PPTP or multiple L2TP connections and also do
>> multiple IPSec passthroughs and multiple PPTP passthroughs and
>> multiple L2TP passthroughs, please reply on this post because Google
>> search will help future users.
>>
>> Please do not reply if you are not well versed in this field because
>> it will only confuse future users who search these forums looking for
>> information.
>>
>> -Pawan
>>
>>
>> spam@spam.com (Bob) wrote in message
>news:<408bc45a.86543272@news-server.houston.rr.com>...
>> > On 24 Apr 2004 16:06:44 -0700, k2k2e6@yahoo.com (Pawan Singh) wrote:
>> >
>> > >I have a Netgear router at home and my home network is behind the NAT
>> > >network provided by this router. I connect from this home network to
>> > >work using Windows XP's built in VPN software.
>> >
>> > You should specify which VPN: PPTP or IPSec. Later you do mention
>> > IPSec so the reader has to presume you meant IPSec from the outset.
>> >
>> > >What I am finding is
>> > >that if two client machines from my home network start VPN tunnels to
>> > >outside, only one of them works. The other one does not. A single VPN
>> > >tunnel works perfectly.
>> >
>> > Are both tunnels connecting to the same VPN Server or different VPN
>> > Servers?
>> >
>> > I believe MS VPNs only support one connection at a time, so if you are
>> > trying to connect two VPN Client machines to one remote VPN Server,
>> > that may be the problem.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

"Pawan Singh" <k2k2e6@yahoo.com> wrote in message
news:79c5552.0404252119.5a7e0d00@posting.google.com...

> 4. It is very hard to find information about routers which do #3. Most
> of the time you will find routers which terminate IPSec tunnels. But
> many users like me want routers which terminate PPTP or L2TP and
> information on that is very hard to come by. Someone in this email
> chain pointed Snapgear which can terminate PPTP or L2TP but I am
> assuming it will be an expensive router.

Snapgear? Expensive? There's a reason people call it "The Poor Man's
Cisco." A Snapgear LITE2 costs about $350.00 Canadian, and is fine for DSL
or cable modem use.

> If anyone knows about a sub $150 router which can terminate multiple
> IPSec or multiple PPTP or multiple L2TP connections and also do
> multiple IPSec passthroughs and multiple PPTP passthroughs and
> multiple L2TP passthroughs, please reply on this post because Google
> search will help future users.

I'd stick the LITE2s. Not $150 but still comparably cheap. It also won't
pass through more than one PPTP tunnel to the same server, but it can tunnel
itself and NAT the connection which gets you the same end result. It also
supports multiple tunnels to multiple locations, limited only by its onboard
memory. If you want more, go for the SME530s.

I replaced a client's leased lines with cheap broadband and Snapgear-based
VPNs. I also remotely administer them by tunneling directly - they are also
PPTP servers.

--
PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
What's a PGP Key? See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>