I have a Windows Server 2003 box installed on an ESXi server (with a bridged connection) connected to a Linksys RV042 router. The Server 2003 install is configured with the RRAS role. I think my policy is set correctly since I can connect to it directly across the LAN. My RV042 is forwarding TCP port 1723 to the Server 2003 box (and I've also tried putting the Server 2003 box on the DMZ). I don't see any options to forward GRE, but following these instructions about disabling the SPI, I had hope.
Nonetheless, I'm unable to connect to the VPN over the WAN. portqry tells me the box is listening on 1723, but I still get an error 800 when I try to connect myself.
Any tips on trying to troubleshoot this?
Thanks!
Update: Just also wanted to mention that under "VPN Passthrough" the "PPTP Pass through" et al are Enabled.
On most SOHO routers that I've seen there's a specific option to allow VPN passthrough that needs to be enabled.
I had the same quirky issue with an RV082 and a Server 2003 RRAS box. You are correct in noticing that there is no option to forward GRE and according to the LinkSys documents that I read, "PPTP pass through" does not have anything to do directly with GRE like it would most logically seem. I did, however, get this to work. How? I have no idea! =)
After much frustration and wondering if it was even possible, it simply started working! I did not update the firmware, I did not make any option changes beyond the obvious port forwarding rules and I did not change the PPTP Server's options. You may want to reboot the router and see what happens. Many times with my RV082, rebooting was the "answer" to many problems. My extended recommendation would be to ditch that flaky thing and get something like a SonicWall TZ series. I did and suddenly many of my worries concerning the network's firewall went away.
For more concrete information, install a packet capture utility on the RRAS server and the remote client that is trying to connect to the PPTP VPN and watch the traffic stream to see what is and is not making it to the RRAS server. You could compare it to the traffic seen when attempting to connect to the RRAS server from a machine on the LAN.