WinXP SP2 VPN Problem

Warpy · Sep 4, 2005, 08:49 AM

I want to connect to my PC from work via VPN. I have a DLINK 704P router with an ADSL connection.

I have enabled the following:

1723 for PPTP enabled. I have also configured my router for PPTP Passthrough. Port usage for IPSec is 500, 50-51. The message people get is error 800. IPSEC and VPN is also enabled on my router under the MISC section.

I am assigning these ports to be setup via the Virtual server option within my router, is this correct?

md5 · Sep 4, 2005, 12:42 PM

Your configuration seems to be ok to me...

Error 800 usually means that there's a problem with authentication and it's mostly caused by the presence of a firewall or badly configured VPN accounts or outdated router firmware. Read more about it here and here. What kind of VPN are you trying to establish? Microsoft's PPTP or IPsec? Have you set up VPN user accounts and the needed protocols correctly? Microsoft has a step-by-step guide on how to enable and use IPSec here. Also, make sure that your router has the latest firmware installed.

You might want to check if VPN is blocked somehow.... read through this article from Microsoft. PPTP Ping referred in that article can be found here. The most likely cause that it may be blocked is the SP2 firewall... make sure it's disabled (I think it's enabled automatically when you setup VPN) and disable all other firewalls that you may have in your server and client just in case... for example, older versions of ZoneAlarm didn't support VPN correctly, so VPN refused to work with ZA, even with all the relevant ports open

You might want to check for some more VPN troubleshooting here.

Hope that helped

Warpy · Sep 4, 2005, 04:13 PM

Quote:

Originally Posted by md5

Your configuration seems to be ok to me...

Error 800 usually means that there's a problem with authentication and it's mostly caused by the presence of a firewall or badly configured VPN accounts or outdated router firmware. Read more about it here and here. What kind of VPN are you trying to establish? Microsoft's PPTP or IPsec? Have you set up VPN user accounts and the needed protocols correctly? Microsoft has a step-by-step guide on how to enable and use IPSec here. Also, make sure that your router has the latest firmware installed.

You might want to check if VPN is blocked somehow.... read through this article from Microsoft. PPTP Ping referred in that article can be found here. The most likely cause that it may be blocked is the SP2 firewall... make sure it's disabled (I think it's enabled automatically when you setup VPN) and disable all other firewalls that you may have in your server and client just in case... for example, older versions of ZoneAlarm didn't support VPN correctly, so VPN refused to work with ZA, even with all the relevant ports open

You might want to check for some more VPN troubleshooting here.

Hope that helped

Thanks for the reply, but how do i enable IP Protocol 47 (GRE)? I have never heard of that! I don;t use a software firewall either. I am trying to connect to my PC from work using this guide:

http://www.onecomputerguy.com/networ...vpn_server.htm

I am not sure if thats IPSEC??

EDIT: I have ran the test pptpclnt.exe xxxxxxxx and I can recieve PPTP traffic but not GRE. How do I enable protocol 47?

md5 · Sep 4, 2005, 04:54 PM

If you just followed these instructions, you're setting up a PPTP VPN server. PPTP is much simpler to deploy than IPSec, although it's not as secure. If you wish to setup your router to use IPSec, read this article. Also, if you use IPSec, both your computers need to have XP SP2. For earlier versions, you need an update for the VPN client which you can get here.

Just start with PPTP and then if you wish, make a certificate to use IPSec if you want more security. You have to enable GRE Protocol 47 traffic through your router to use PPTP (some routers call this PPTP Pass Through or VPN Pass Through). Your router supports this feature (check here) so read your router's manual if you can't find where to enable it.

Warpy · Sep 4, 2005, 05:00 PM

I think its the GRE protocol 47 thats not working. When i get home tonight I'll check it out, thanks again Md5 for your efforts

md5 · Sep 4, 2005, 05:08 PM

no problem

glad to help

md5 · Sep 4, 2005, 05:13 PM

Just re-read your initial post

Quote:

1723 for PPTP enabled. I have also configured my router for PPTP Passthrough. Port usage for IPSec is 500, 50-51. The message people get is error 800. IPSEC and VPN is also enabled on my router under the MISC section.

Seems like you have enabled it as you say, but it's not working for some reason. Strange. You don't need to open the IPSec ports if you're not using IPSec, nor enable on your router unless you really want to use it. If PPTP passthrough is enabled, then something else is blocking GRE protocol 47. Recheck your router and both PCs (server and client). Again, make sure that neither the server nor the client have a firewall. I can't think of anything else that might be blocking the packets

Edit: Just found this. Have a look. A guy had similar problems with you with D-Link routers and here's what he found:

Quote:

The main reason I was not getting connected was that I was testing the PPC to VPN using my vpn connection via my own wireless LAN. I finally discovered that if I use my neighbors wireless LAN connection, it connects to my home vpn without any problem. I read afterwards in a D-link tech note, buried in there knowlege base, that you can't have this internal loopback, you must connect the PPC to a different wireless LAN when a vpn connection exists on your home system