?
Solved

Client VPN troubles on win xp

Posted on 2006-05-01
30
Medium Priority
?
2,750 Views
Last Modified: 2010-03-18
Hi,

I'm trying to VPN to a clients server. Other users are doing it fine. I went through the connection setup wizard, and basically used these steps:

http://www.howtonetworking.com/RemoteAccess/setupvpnclient1.htm

Then I allowed PPTP connections in my firewall. When I try to connect I get ERROR 800. I went into the connection properties, under networking tab, and changed the "Type of VPN" connection to PPTP instead of Automatic. After I did this I started to get ERROR 678.

So hopefully that sheds some light... Is there something else I have to enable in my firewall? It's a D-Link router, and under Virtual Servers list I enabled:
PPTP      TCP 1723/1723

Thanks
0
Comment
Question by:MaritimeSource
  • 15
  • 12
  • 3
30 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 1000 total points
ID: 16581487
Hi MaritimeSource,

Standard port usage is 1723 for PPTP. You might also need to configure your router for PPTP Passthrough. Port usage for IPSec is 500, 50-51. These ports will have to be forwarded to the VPN server's local IP address

are you doing this is at the cients router end?

Cheers!
0
 

Author Comment

by:MaritimeSource
ID: 16581584
I don't know what this means:
"...configure your router for PPTP Passthrough"

There is a section in my router config for IPSec as well. I enabled that, although the Port just lists 500 for both the private and public port. For Private IP I have set it to the internal IP of the desired machine on my lan.

Also, please expand on this:
"These ports will have to be forwarded to the VPN server's local IP address"

> are you doing this is at the cients router end

My client already has vpn setup with users (like me) remoting in. So I think it's a problem on my end.

btw: I change the "Type of VPN" to "L2TP IPSec" and now it responds immediately with error 781. The other two "Type of VPN" connection options cause the connect request to hang for a period of time before returning an error msg.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16581700
hmmm i am slightl confused now as well,

you shouldnt have to make any changes on your router itself....

the only changes that get made are at th client end within his router....where the ports get forwarded to the VPN servers IP address

you shouldnt be forwarding anything on your router to anywhere within your LAN....
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:MaritimeSource
ID: 16581735
Hrm... seems I was in the settings of my router for setting up a VPN SERVER, which is NOT what I want to do.

Let's start over:

I want to VPN into my clients VPN server. What ports do I have to open in my router config?

Thanks
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16581768
in YOUR router config.... none :)

what kind of VPN server are we playing with at the clients end   RRAS?
0
 

Author Comment

by:MaritimeSource
ID: 16581974
I don't know what kind of VPN it is.. I'll find out.

I removed all configuration changes I made, and I still get error 800.

How is my firewall going to allow the vpn connection if I don't open a port? OR is that only for incoming stuff?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16582010
thats for incoming traffic - let me know what server it is
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16582014
when you ran through the wizard did you put in the destination routers IP?
0
 

Author Comment

by:MaritimeSource
ID: 16582949
Of course... I can ping the ip just fine too.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16582975
ok change it back to automatic and make sure you undid any router changes you made that were unnecessary
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16582976
did you find out if it was RRAS or not?
0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 1000 total points
ID: 16585163
Morning Jay!  :)

ChicagoTech is a good site, but did you ck the error codes listed there?

Error 678: (Means:  There was not answer.)

Resolution:
1) you are dialing the wrong number.
2) make sure you have good connection.
3) If using VPN, make sure the port 1723 and IP Protocol 47 (GRE) are opened.

Error 800:  (Means: Unable to establish the VPN connection. The VPN server may be un-reachable, or security parameters may not be configured properly for this connection.)

Resolutions:
1) if you have firewall, open TCP Port 1723, IP Protocol 47 (GRE).
2) make sure you can reach the VPN server by using ping.  Sometimes, poor connection can cause this issue too.
3) You may need to updated firmware on a router or firewall if other OS (win9x/nt/me/w2k) works except XP.
4) The VPN server may not be able to get IP from DHCP for the VPN client. So, you may want to re-configure VPN host networking settings. For XP pro VPN host, go to the Properties of the VPN>Network, check Specify TCP/IP address and Allow calling computer to specify its own IP address, and uncheck Assign TCP/IP addresses automatically using DHCP.
5) Make sure other secure software blocks your access, for example, if you use Norton secure software, you may need to add the remote client's IP so that the client can access.
6) If your VPN running on a Windows RRAS with NAT enabled, you may want to check the NAT settings.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16585193
good evening FE, nice to see ya :)

which ChicagoTech site are you mentioning out of interest?
0
 

Author Comment

by:MaritimeSource
ID: 16586347
Hi,

I'm not using ChicagoTech.. it was just an example site in the tutorial online :)

The VPN ip I'm trying to connect to is pingable, and also other users can VPN successfully.

Fatal_Exception: about this statement:
"if you have firewall, open TCP Port 1723, IP Protocol 47 (GRE)."

I understand how to open TCP Port 1723 on my router, but I don't know about this part: "IP Protocol 47 (GRE)."

Could you elaborate?

Jay: I thought you said I didn't have to open anything on my router?
0
 

Author Comment

by:MaritimeSource
ID: 16586450
I opened TCP port 1723 for incoming to my router, but I don't see "GRE" listed in my protocol dropdown. I only have: TCP, UDP, ICMP, *.

So I chose * for port 47. And now when I try to connect it no longer pauses for a few seconds, but comes back straight away with error 800
0
 

Author Comment

by:MaritimeSource
ID: 16589227
I found this out from the sys admin about the VPN:

Windows 2000 Server SP4 RAS

Does that help?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16591741
1723 is the port that needs to be opened on the remote router and gets pointed though to the RRAS server at the other end

i have a VPN connection from my home to work and i didnt touch my router except to turn it on...... thats why i said no config on your router end, but if you have been playing with it, you may well have set something that is confolicting, i would reccomend going back to scratch on that router with a factory reset then we can start again
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 16591776
*grin*  46 is the protocol, not the port:

The Generic Route Encapsulation (GRE) protocol is used in conjunction with Point-to-Point Tunneling Protocol (PPTP) to create virtual private networks (VPNs) between clients or between clients and servers.

http://support.microsoft.com/?kbid=241251

Jay, older routers with old firmware many times do not allow for these connections..  he might have to update his firmware on the Dlink..  just a thought..
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16591794
ahhh a good point.... just so used to working with the newer ones that are all auto ..... sometimes i forget the obvious..... :)
0
 

Author Comment

by:MaritimeSource
ID: 16592572
My firmware is the latest. So it looks like I need a better router?
0
 

Author Comment

by:MaritimeSource
ID: 16592578
This is my router:
http://www.dlink.com/products/resource.asp?pid=6&rid=7&sec=0

lists all kinds about VPN...
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16592612
your router is fine :) its better than mine at home and i have no issues :)

supports everything you need that i can see

you can ping the IP address of the destination Router yes?
0
 

Author Comment

by:MaritimeSource
ID: 16592647
DOH!!! I found in the MISC section of the router config some settings to enable "VPN Pass-Through"

now it works great!

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16592657
>>>>You might also need to configure your router for PPTP Passthrough

heheh that was right up the top of our convo - i thought you had already configured that bit!


well done bro - as long as its working :)
0
 

Author Comment

by:MaritimeSource
ID: 16592659
Hi Guys,

Last question before I divy up the points: Now that I'm connected to the clients vpn, they want me to access an application on one of their servers. Do I have to have the application installed locally, and point it to their network filesystem, or is there a way to log in directly to one of their remote machines, using a specific user account, to access the applications on the remote system?

Sorry for such a dumb questions :)

Thanks
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16592672
it depends on the app itself, most of the time you will have to install locally and point to their data store, unless they give you an option of using something such as terminal services or remote desktop
0
 

Author Comment

by:MaritimeSource
ID: 16592716
Right... I just tried remote desktop and that works great.

Thanks!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16592726
no problem mate
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 16604309
Well, looks like the question was round up, without much help from me, eh?  

Thanks, and you both have a great day!

FE
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16604642
and you too Mate :)
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question