A workaround
I was struggling with this too until I found a thread out there where someone had succeeded in getting GRE packets through using the "Default DMZ Server" setting under "WAN Settings". I specified my IMac's I.P. address in the same field and, sure enough, I could connect to my work's network using PPTP, Neotel and an Axesstel MV420.
IT'S NOT A GOOD SOLUTION - my iMac is now outside the Axesstel firewall. At the same time, it's still in the internal network so it's not really a DMZ setup at all. It's more like it stayed in the internal network but became the target a blanket port forwarding rule on the Axesstel. I went and reviewed the iMac's firewall settings and found that most of MS Office had registered itself for incoming connections. I turned that off. DO BE CAREFUL if you use this workaround, do check the firewall on the machine you specify for "DMZ". I plan to bring my iMac back "inside" and put a little OpenWRT box that I happen to have in the "DMZ" where it can act as a firewall & gateway for my internal network. At least it can be setup to forward the GRE packets to a host without forwarding absolutely everything to that host, which is more than can be said for the Axesstel.
If all you need after VPNing is remote desktop (or one or two apps) then another option is to run a minimal virtual machine (e.g. Ubuntu) with an RDC client on a box on your internal network and put the VM in the "DMZ". If you do this the VM's network interface must be bridged onto its host's network interface so that it gets an I.P. address that the Axesstel can reach.
It's a pity that the Axesstel firmware does not support acting as a "dumb modem" that just services PPPoE dial requests from a firewall / router that you can
actually configure. I think it might work this way in USB mode, but that is not an option for me.
UPDATE: I put the OpenWRT box into the "DMZ" and took my iMac out. The OpenWRT box is setup as a firewall & gateway for my internal network, with the Axesstel connected to its WAN port and my other stuff to its LAN & WLAN ports. On OpenWRT, I enabled forwarding of TCP 1723 to my iMac and, dagnamit, my PPTP connection just works
I guess that means that OpenWRT is GRE-friendly out of the box. I feel a bit less bleak with the Axesstel firmware now - perhaps "Default DMZ Server" was their curiously-named way of allowing you to use your own firewall / router. The only blemish left is the double NATing that I now have - need to stop the OpenWRT box from doing NAT since the Axesstel is doing it once already. Not that it's breaking anything at the moment. It ain't broke, so perhaps I... mmm...
Sign up with Google