VPN with PPTP / GRE on Windows NT 4 Server
Note: PPTP/GRE is insecure. But for retro windows fun, why not? OpenVPN will not work with NT4.
Has anyone ever successfully remotely logged into their Windows NT 4 domain with an NT 4 Workstation client using PPTP vpn? I've been trying for years during my spare time. I discovered the biggest challenge is GRE (protocol 47).
For starters, I did a local network test. First inside the network I ran nmap for both ports and protocol. I see port 1723 opened for PPTP and a list of protocols (ICMP, TCP, UDP, and GRE) were opened. I was able to log in flawlessly (of course, i'm within the network, no firewalls blocking anything). It was cool to see the network neighborhood. the Remote Access Admin even showed I was logged in too. So that verifies all the proper services were installed and configured on both server and client.
Unfortunately when I try to do this the real way (remotely), nmap shows that the GRE protocol is not listed at all. Some googling shows most home routers do not support GRE. If you try, you'l get Error 721:
So on to the question: Can anyone recommend a modern router that supports the GRE Protocol 47 ?
Otherwise, I do have an old Netgear Router WNR3500L. I used port forwarding for PPTP. No Gre, so it didn't work. I tried DMZ too, and nothing. GRE still blocked.
and I googled on the various opensource such as dd-wrt, tomato, which my old router is supported... but haven't dived in that realm yet because the info on GRE support is unclear. maybe I haven't found the right info in their various forums and google yet.
Has anyone ever successfully remotely logged into their Windows NT 4 domain with an NT 4 Workstation client using PPTP vpn? I've been trying for years during my spare time. I discovered the biggest challenge is GRE (protocol 47).
For starters, I did a local network test. First inside the network I ran nmap for both ports and protocol. I see port 1723 opened for PPTP and a list of protocols (ICMP, TCP, UDP, and GRE) were opened. I was able to log in flawlessly (of course, i'm within the network, no firewalls blocking anything). It was cool to see the network neighborhood. the Remote Access Admin even showed I was logged in too. So that verifies all the proper services were installed and configured on both server and client.
Unfortunately when I try to do this the real way (remotely), nmap shows that the GRE protocol is not listed at all. Some googling shows most home routers do not support GRE. If you try, you'l get Error 721:
Error 721 is a Microsoft VPN error message indicating that the VPN connection could not be established. Typical error messages are “The computer did not respond” or “Remote PPP peer or computer is not responding”. This VPN problem usually occurs when your network does not allow PPTP port 1723 or GRE packets.
So on to the question: Can anyone recommend a modern router that supports the GRE Protocol 47 ?
Otherwise, I do have an old Netgear Router WNR3500L. I used port forwarding for PPTP. No Gre, so it didn't work. I tried DMZ too, and nothing. GRE still blocked.
and I googled on the various opensource such as dd-wrt, tomato, which my old router is supported... but haven't dived in that realm yet because the info on GRE support is unclear. maybe I haven't found the right info in their various forums and google yet.
Comments
https://prosindo.com/blog/2017/01/17/how-to-enable-gre-in-openwrt-pptp-nat-traversal/
https://openwrt.org/docs/guide-user/services/vpn/pptp/start
I wonder if its possible if a rented combo/wifi/router/cable modem switched to "bridge mode" (so that the rented combo acts as a pass through vanilla cable modem) would still be able to block GRE but I think not. I think that the stock firmware from Netgear Router WNR3500L did not support GRE and that nobody ever even tried it because PPTP in 2009 was already abandoned in favor of Open VPN. Basically Netgear forgot to support the GRE protocol when adding the PPTP VPN feature. But no worries.. opensource to the rescue. if GRE still isn't working when using open source freshtomato then perhaps maybe the cable modem can block GRE even without a firewall enabled. I even tried DMZ but GRE still blocked. Anyway.. will let you know how it goes when I get FreshTomato installed (and hopefully not bricked).
Well hmmm. Thanks for letting us know what you learned.