VPN 困惑

本帖最後由 samleemc 於 2016-5-10 21:40 編輯

Hello!! I have a VPN server at home, hosting 3 VPN (PPTP, L2TP, OpenVPN) and at the same time, my works provide a few more VPN to use for work as well.

Condition:
Home PPTP = HP
Home L2TP = HL
Home OpenVPN = HO
Work PPTP = WP
Home VPN server DDNS = a.com

{Home VPN Server} - {router: DDNS a.com} - {internet}  - {Work VPN server}

When connect HL inside of LAN, successful connection using both Server local IP, Public IP and a.com
When connect HP inside of LAN, successful connection using only Server local IP but not a.com and Public IP. (The server don't even see the connection in log, firewall was open to all connection to PPTP port)
When connect HL and HP using internet, successful using both Public IP and a.com
When connect WP from Home LAN, successful connection using both Work Server Public IP and b.com

Hence, my problem is, why I can not connect HP inside LAN using a.com or Public IP?

Thanks!

check真d port forward有無set錯

TOP

check真d port forward有無set錯
supergag 發表於 2016-5-10 22:00


When connect HL and HP using internet, successful using both Public IP and a.com

This indicated that, the port forward does setup correctly.

Thanks

TOP

When connect HL and HP using internet, successful using both Public IP and a.com

This indicated t ...
samleemc 發表於 2016-5-11 15:32



hl同hp都唔同port.....

TOP

本帖最後由 evantkh 於 2016-5-11 22:07 編輯

睇落似係你個router唔能夠正常handle GRE的client traffic。
PPTP係用TCP(protocol 6)入面的port 1723同埋GRE(protocol 47)。

NAT loopback時個connection個source IP會轉做個router個LAN IP,懷疑係呢個位造成問題。有冇試過係router入面的防火牆設定允許PPTP passthrough?至於點解係LAN用local IP連同埋係街連冇問題,相信係因為source IP冇因為你個router而改變有關。

TOP

ok, at least I know my setting is correct, and there is nothing I can do...until I replace my router...thanks!

**there is no PPTP passthrough function in the GUI of the router at all
**Router: R7000

TOP

ok, at least I know my setting is correct, and there is nothing I can do...until I replace my router ...
samleemc 發表於 2016-5-12 12:15


   
It is meaningless to connect VPN at home because you are already at home. I think you should concern more about if there is a PPTP connection to outside from another PC, can a client on the internet connect to the VPN server?

Anyway, PPTP is considered vulnerable and should not be used.

TOP

回覆 7# evantkh

Thank you for your tips! I am only conducting some tests and verifying my understanding only.

TOP

Try google "hairpin nat".  It appears that some devices support this and some do not.

TOP

Thank you guys! But I have a question....

Why I can connect HL from my home LAN but not HP? They should both require the same configuration (loopback NAT) in my router right?

TOP