Raintree Solutions, LLC

Computer Solutions for Santa Cruz County and Del Norte County, CA

  
    Servers, Workstations, Laptops, Custom Databases, Commercial Software, Point of Sale, Networks, Wireless, VPNs, Web Maintenance, Domain Registrations, Email Servers, Antivirus, AntiSpyware, AntiSpam, Preventative Maintenance, and more!    

Netopia - VPN to VPN Tunnel Using PPTP

Netopia Router A Netopia Router B
Ethernet IP Address: 192.168.1.1 Ethernet IP Address: 192.168.2.1
Ethernet Subnet Mask: 255.255.255.0 Ethernet Subnet Mask: 255.255.255.0
Local WAN IP Address: 172.20.16.1 Local WAN IP Address: 172.20.17.1

Router A Configuration

  1. From the Main Menu of router console screens, go to Quick Menus, and select Add Connection Profile.
  2. Under Profile Name, type Router B (or a name of your choice).
  3. Change Data Link Encapsulation to PPTP and select Data Link Options.
  4. Enter the PPTP Partner IP Address. (Note: This is the public IP address of Router B. Considering our example, the public IP address, or Local WAN IP Address, is 172.20.17.1. If the opposite router in your configuration does not have NAT enabled for the Internet connection profile, and IP Addressing... in Easy Setup is set for an Unnumbered connection to the Internet, the Ethernet IP Address should be used at the PPTP Partner IP Address instead.)
  5. Next, set an Authentication type for the tunnel. If you wish to use encryption, you must choose MS-CHAP. You will have the option to use MPPE or None as your Data Encryption type. MPPE provides both compression and a greater level of security through encryption. However, it will slow down data transmission.
  6. If you choose either PAP or CHAP as your authentication type, you may choose to use Data Compression. You have a choice of None or Standard LZS.
  7. If Router A will be initiating PPTP connections to Router B, enter a unique Send Host Name and Send Password (or Secret) and set Initiate Connections to Yes.
  8. If Router B will be initiating PPTP connections to Router A, enter a unique Receive Host Name and Receive Password (or Secret).
  9. If you want Router A to initiate a PPTP connections to Router B whenever there is a demand for resources on the Router B network, as opposed to manually establishing a connection from the router every time, set On Demand to Yes.
  10. Idle Timeout is the amount of time Router A will maintain the PPTP connection to Router B when there is no traffic. It is 300 seconds by default. A value of zero disables the idle timer so the PPTP connection will never time out.
  11. Escape once back to the Add Connection Profile screen.
  12. IP Enabled should be set to Yes. Next, select IP Profile Parameters.
  13. Set Address Translation Enabled to No.(Note: Use the tab key to toggle this option between Yes and No. Hit enter to save your changes).
  14. Set the Remote IP Address to 192.168.2.1 and Remote IP Mask to 255.255.255.0. (Note: In your case, if Router B has a different Ethernet IP Address and Ethernet Subnet Mask then what is used in this example, please substitute your own Ethernet IP Information for Router B.)
  15. Do not select a Filter Set. If one is active, hit enter on Remove Filter Set to deactivate it. (Note: You can filter over a PPTP connection, however, none of the pre-set filters are suitable for this purpose. If you wish to filter traffic on your PPTP tunnel, please read technote NIR 052: Basic Firewall Features and Configuration.)
  16. Receive RIP should be set to Off unless you have multiple RIP-enabled routers on either the Router A or Router B network.
  17. Escape once to return to the Add Connection Profile screen and select Add Profile Now.
  18. From the Connection Profiles screen, escape once back to Quick Menus.
  19. Select ATMP/PPTP Default Profile (Firmware versions below 4.8 select VPN Default Answer Profile).
  20. Set Answer ATMP/PPTP Connections: to Yes (Firmware versions below 4.8 set Answer VPN Connections: to Yes).
  21. Under PPTP Configuration Options, select the Receive Authentication type you are using. This will be the same as the Authentication type you selected in Data Link Options.
  22. Escape once back to Quick Menus.
  23. Select WAN Default Profile.
  24. Set Must Match a Defined Profile to Yes.

    Note: The R9100 and the R910 may not have a Wan Default Profile. Simply disregard this step.

  25. Escape twice out to the Main Menu and go to Utilities and Diagnostics.
  26. Select Restart System. This concludes the setup for Router A.

Router B Configuration

  1. From the Main Menu of router console screens, go to Quick Menus, and select Add Connection Profile.
  2. Under Profile Name, type Router A (or a name of your choice).
  3. Change Data Link Encapsulation to PPTP and select Data Link Options.
  4. Enter the PPTP Partner IP Address. (Note: This is the public IP address of Router A. Considering our example, the public IP address, or Local WAN IP Address, is 172.20.16.1. If the opposite router in your configuration does not have NAT enabled for the Internet connection profile, and IP Addressing... in Easy Setup is set for an Unnumbered connection to the Internet, the Ethernet IP Address should be used at the PPTP Partner IP Address instead.)
  5. Next, select the same Authentication type as you did in Router A for the Router B profile.
  6. Also, select the same Data Compression or Data Encryption type as you set in Router A for the Router B profile.
  7. If Router B will be initiating PPTP connections to Router A, enter the same values you configured in Router A for Receive Host Name and Receive Password (or Secret) as the Send Host Name and Send Password (or Secret) here, in Router B. Set Initiate Connections to Yes.
  8. If Router A will be initiating PPTP connections to Router B, (Initiate Connections must be set to Yes in the Router B profile of Router A), enter the same values you configured in Router A for Send Host Name and Send Password (or Secret) as the Receive Host Name and Receive Password (or Secret) here, in Router B.
  9. If you want Router B to initiate a PPTP tunnel to Router A whenever there is a demand for resources on the Router A network, as opposed to manually establishing a connection from the router every time, set On Demand to Yes.
  10. Again, Idle Timeout is the amount of time Router B will maintain the PPTP connection to Router A when there is no traffic. It is 300 seconds by default. A value of zero disables the idle timer so the PPTP connection will never time out.
  11. Escape once back to the Add Connection Profile screen.
  12. IP Enabled should be set to Yes. Next, select IP Profile Parameters.
  13. Set Address Translation Enabled to No.
  14. Set the Remote IP Address to 192.168.1.1 and Remote IP Mask to 255.255.255.0. (Note: In your case, if Router A has a different Ethernet IP Address and Ethernet Subnet Mask then what is used in this example, please substitute your own Ethernet IP Information for Router A.)
  15. Do not select a Filter Set. If one is active, hit enter on Remove Filter Set to deactivate it. (Note: You can filter over a PPTP connection, however, none of the pre-set filters are suitable for this purpose. If you wish to filter traffic on your PPTP tunnel, please read technote NIR 052: Basic Firewall Features and Configuration.)
  16. Receive RIP should be set to Off unless you have multiple RIP-enabled routers on either the Router B or Router A network.
  17. Escape once to return to the Add Connection Profile screen and select Add Profile Now.
  18. From the Connection Profiles screen, escape once back to Quick Menus.
  19. Select ATMP/PPTP Default Profile (Firmware versions below 4.8 select VPN Default Answer Profile).
  20. Set Answer ATMP/PPTP Connections: to Yes (Firmware versions below 4.8 set Answer VPN Connections: to Yes).
  21. Under PPTP Configuration Options, select the Receive Authentication type you are using. This will be the same as the Authentication type you selected in Data Link Options.
  22. Escape once back to Quick Menus.
  23. Select WAN Default Profile.
  24. Set Must Match a Defined Profile to Yes.

    Note: The R9100 and the R910 may not have a Wan Default Profile. Simply disregard this step.

  25. Escape twice out to the Main Menu and go to Utilities and Diagnostics.
  26. Select Restart System. This concludes the setup for Router B.

Conclusion

Once both routers are configured, a PPTP connection can be established to allow IP routing through the tunnel between the two LAN's.