VPN with PPTP / GRE on Windows NT 4 Server

Note: PPTP/GRE is insecure. But for retro windows fun, why not? OpenVPN will not work with NT4.

Has anyone ever successfully remotely logged into their Windows NT 4 domain with an NT 4 Workstation client using PPTP vpn? I've been trying for years during my spare time. I discovered the biggest challenge is GRE (protocol 47).

For starters, I did a local network test. First inside the network I ran nmap for both ports and protocol. I see port 1723 opened for PPTP and a list of protocols (ICMP, TCP, UDP, and GRE) were opened. I was able to log in flawlessly (of course, i'm within the network, no firewalls blocking anything). It was cool to see the network neighborhood. the Remote Access Admin even showed I was logged in too. So that verifies all the proper services were installed and configured on both server and client.

Unfortunately when I try to do this the real way (remotely), nmap shows that the GRE protocol is not listed at all. Some googling shows most home routers do not support GRE. If you try, you'l get Error 721:

Error 721 is a Microsoft VPN error message indicating that the VPN connection could not be established. Typical error messages are “The computer did not respond” or “Remote PPP peer or computer is not responding”. This VPN problem usually occurs when your network does not allow PPTP port 1723 or GRE packets.

So on to the question: Can anyone recommend a modern router that supports the GRE Protocol 47 ?

Otherwise, I do have an old Netgear Router WNR3500L. I used port forwarding for PPTP. No Gre, so it didn't work. I tried DMZ too, and nothing. GRE still blocked.

and I googled on the various opensource such as dd-wrt, tomato, which my old router is supported... but haven't dived in that realm yet because the info on GRE support is unclear. maybe I haven't found the right info in their various forums and google yet.


  • thanks ctrlc. I'm actually in the process of installing freshtomato.

    I wonder if its possible if a rented combo/wifi/router/cable modem switched to "bridge mode" (so that the rented combo acts as a pass through vanilla cable modem) would still be able to block GRE but I think not. I think that the stock firmware from Netgear Router WNR3500L did not support GRE and that nobody ever even tried it because PPTP in 2009 was already abandoned in favor of Open VPN. Basically Netgear forgot to support the GRE protocol when adding the PPTP VPN feature. But no worries.. opensource to the rescue. if GRE still isn't working when using open source freshtomato then perhaps maybe the cable modem can block GRE even without a firewall enabled. I even tried DMZ but GRE still blocked. Anyway.. will let you know how it goes when I get FreshTomato installed (and hopefully not bricked).
  • It works. Used freshtomato but there's no UI for gre support. Found a post using ip tables that is copy pasted to their scripts section to basically bypass freshtomato UI and get GRE working. I was shocked when I remotely logged into my NT 4 domain with pptp. I had to also bridge the rented cable modem combo router so it becomes just a cable modem pass through if that's the term. The freshtomato router becomes the gateway. I think that's key because the rented cable modem as a gateway will block GRE no matter what, even with dmz or firewall disabled! The Internet service provider said you need business class to get GRE support. By bridging and using an open source firmware router, you have more control of what you can do with your lan to wan. Took me decades of tinkering and thought these dreams were over after I donated all my 90s PCs. Thank you winworldpc for making this long time dream a reality.
  • "The Internet service provider said you need business class to get GRE support. By bridging and using an open source firmware router, you have more control of what you can do with your lan to wan. "

    Well hmmm. Thanks for letting us know what you learned.
Sign In or Register to comment.