I have been asked a few of times how to configure a BellAliant Siemens SE567 router / modem to allow VPN access to a server, using PPTP.
When accessing a PPTP VPN server through a router, three primary conditions must exist. Numbers 1 and 2 we can configure, 3 is dependent on your ISP.
- The router must be configured to forward PPTP traffic to the VPN (RRAS) server using port 1723
- The router must be configured to allow GRE traffic (Generic Routing Encapsulation). GRE like, TCP and UDP, is a protocol. GRE is protocol 47, not port 47 which is often incorrectly documented. GRE is not really forwarded like services, but rather enabled.
- The ISP must allow PPTP/GRE traffic. A few ISP’s intentionally block PPTP/GRE traffic.
GRE is enabled in different ways on different routers. Some have an option “Enable PPTP pass-through” others you forward the PPTP service which includes port 1723 and enabling GRE, and still others require specific commands. The Siemens SE567 requires two rules, one for PPTP and one for GRE. Generally Bell Aliant does not block this traffic.
Log into the Seimens unit and click “Advanced” at the top, then “Applications” on the left, followed by “Port Mapping Setup” in the menu.
First select the application “PPTP” and in the “redirect selected protocol/application to IP Address” box put the IP address of the server, in this case 192.168.2.20, and click “Apply.”
Next in the protocol box select GRE and again in the “redirect selected protocol/application to IP Address” box put the IP address of the server.
Note: the other ports shown in the example, 443 and SMTP/25, are unrelated to the PPTP VPN and just there to show other service configurations.