![\"Linksys](\"http:\/\/www.smallnetbuilder.com\/images_old\/myimages\/howto\/linksys_passthough.jpg\")
<\/p>\n
Figure 1: Linksys BEFSR41 VPN Pass through enables<\/strong><\/h6>\nAll you need to do is enable the setting for the VPN protocol that you’re using, reboot your router and, if you’re lucky, the VPN connection will come right up.<\/p>\n
![\"NOTE\"](\"http:\/\/www.smallnetbuilder.com\/images_old\/myimages\/attentionsml.gif\")
Note:<\/strong> Not all routers have these enables and the lack of them doesn’t necessarily mean that you can’t get VPN working.<\/p><\/blockquote>\nOpen up that Firewall<\/h3>\n<\/ins><\/ins><\/div>\nStill no connection? The next step is to try opening some ports in your router’s firewall to get your VPN connection made. In each case, you’ll need to open the specific ports (and protocol) to the IP address of the computer that you’re running the VPN client on. NOTE that port mappings work with only one computer at a time<\/strong>. If you have multiple VPN clients that you need to connect, your router will have to support the VPN protocol that you’re using without requiring ports opened.<\/p>\nIf you’re using Microsoft’s PPTP<\/strong> protocol, TCP port 1723<\/strong> is the port you’ll need to forward to allow PPTP control traffic to pass. Figure 2<\/strong> shows the Forwarding<\/strong> screen on a Linksys BEFSR41 set to forward this port to a client with IP address 192.168.5.100<\/strong>.<\/p>\n![\"Linksys](\"http:\/\/www.smallnetbuilder.com\/images_old\/myimages\/howto\/linksys_vpnports.jpg\")
<\/p>\n
Figure 2: Linksys BEFSR41 VPN Port forwarding<\/strong><\/h6>\nPPTP also needs IP protocol 47<\/strong> (Generic Routing Encapsulation) for the VPN data traffic itself, but note that this is a required protocol<\/strong>, not a port. The ability to handle this protocol must be built into the router’s NAT “engine” – which is true of most present-generation routers.<\/p>\nIPsec<\/strong>-based VPN’s need UDP port 500<\/strong> opened for ISAKMP<\/strong> key negotiations, IP protocol 51<\/strong> for Authentication Header<\/strong> traffic (not always used), and IP protocol 50<\/strong> for the “encapsulated data itself. Again, the only “forwardable” item here is UDP port 500, which is also shown programmed in Figure 2<\/strong> to the same LAN client machine – protocols 50 and 51 must be built into your router.<\/p>\n![\"Tip!\"](\"http:\/\/www.smallnetbuilder.com\/images_old\/myimages\/tip_hp.gif\")
Tip:<\/strong> Not all routers are created equal! Some allow only one VPN tunnel to be opened and used by a single client. Others support multiple tunnels, but with one client per tunnel. Unfortunately, most vendors don’t make the VPN pass through capabilities of their products clear in their documentation, nor do they have support staff properly trained to provide this information either. In most cases, your only option is to try a router in your specific application, and make sure you can return it and get your money back if you can’t get it working.<\/p><\/blockquote>\nStill not Working?<\/h3>\n
Still no connection? The next step is to try opening some ports in your router’s firewall to get your VPN connection made. In each case, you’ll need to open the specific ports (and protocol) to the IP address of the computer that you’re running the VPN client on. NOTE that port mappings work with only one computer at a time<\/strong>. If you have multiple VPN clients that you need to connect, your router will have to support the VPN protocol that you’re using without requiring ports opened.<\/p>\n If you’re using Microsoft’s PPTP<\/strong> protocol, TCP port 1723<\/strong> is the port you’ll need to forward to allow PPTP control traffic to pass. Figure 2<\/strong> shows the Forwarding<\/strong> screen on a Linksys BEFSR41 set to forward this port to a client with IP address 192.168.5.100<\/strong>.<\/p>\n PPTP also needs IP protocol 47<\/strong> (Generic Routing Encapsulation) for the VPN data traffic itself, but note that this is a required protocol<\/strong>, not a port. The ability to handle this protocol must be built into the router’s NAT “engine” – which is true of most present-generation routers.<\/p>\n IPsec<\/strong>-based VPN’s need UDP port 500<\/strong> opened for ISAKMP<\/strong> key negotiations, IP protocol 51<\/strong> for Authentication Header<\/strong> traffic (not always used), and IP protocol 50<\/strong> for the “encapsulated data itself. Again, the only “forwardable” item here is UDP port 500, which is also shown programmed in Figure 2<\/strong> to the same LAN client machine – protocols 50 and 51 must be built into your router.<\/p>\nNote:<\/strong> Not all routers have these enables and the lack of them doesn’t necessarily mean that you can’t get VPN working.<\/p><\/blockquote>\nOpen up that Firewall<\/h3>\n
<\/p>\nFigure 2: Linksys BEFSR41 VPN Port forwarding<\/strong><\/h6>\n
Tip:<\/strong> Not all routers are created equal! Some allow only one VPN tunnel to be opened and used by a single client. Others support multiple tunnels, but with one client per tunnel. Unfortunately, most vendors don’t make the VPN pass through capabilities of their products clear in their documentation, nor do they have support staff properly trained to provide this information either. In most cases, your only option is to try a router in your specific application, and make sure you can return it and get your money back if you can’t get it working.<\/p><\/blockquote>\nStill not Working?<\/h3>\n