Error 806 (ERROR_VPN_GRE_BLOCKED) when connecting to VPN from Vista client

Posted on 2007-11-17
Last Modified: 2008-06-14
I have three clients on my location, two running XP and one running Vista. All of  them should periodically connect to central office via PPTP VPN. Until recently there were no problems, but now Vista is suddenly unable to connect any more.  
I am getting error 806: The VPN connection between your computer and the VPN server could not be completed. The most command cause for this failure is that at least one Internet device (for example a firewall or a router) between your computer and the VPN server is not configured to allow GRE protocol packets.
I have checked the router (Zyxel Zywall 35) it has both port 1723 and GRE protocol 47 configured OK. Otherwise I would have problems with XP clients, too. Or is GRE important only for Vista?
I havent changed anything - the connection was just lost one morning and I am trying to get it back since then without success. I have tried Microsoft KB 926170 and 929857 instructions, since the error first manifested as 721, but no solution so far.
All clients are on  domain, but the domain server is on the host that is available only throught VPN - I guess this might be the problem...
Question by:igams
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 20304173
Because the other XP clients are connecting, I think the problem must be with the client device running Vista. There is no specific difference between XP and Vista as GRE as used by both for PPTP. You do not need to be on a domain or have AD access to connect to a VPN. Therefore, I suggest reveiwing the client. Vista (in my opinion) is not yet very stable for VPN. I would suggest disabling Windows Firewall and retest, maybe System Restore to a previous point, else worst case would be O/S reinstall.

Expert Comment

ID: 20449501
I did make an effort to answer it :P

Author Comment

ID: 20481062
I am sorry, I was away and I did not get any e-mail messages about any events going on here...
My problem is stil left to solve, and I will dedicate more efforts to it now. I hope you are not mad at me...
I appreciate all help from The ROCK, I tried to disable the Firewall, no success. As far as System Restore is concerned, I tried it the first day the problem appear.
I really would not like to reinstall the sistem. I suspect that the problem is conneted to DNS. I remember I had problems immediately before VPN was lost with mapping the local server discs. All mapped discs were lost and I could not map them with the server name using Explorer. I solved the problem with hosts file: I explicitely entered the mapping of the server name to its IP and it helped. But, obviously, the problem was not solved at it roots... Should I better start solving the DNS problem first and VPN after that?

Accepted Solution

igams earned 0 total points
ID: 21734463
Since the question has not been closed yet I can now report how I managed to solve the problem:

The source of all problems was the firewall after all. But not the firewall on the router or the firewall on Vista - it was the firewall on F-Secure anti-virus client. One day some new version arrived and was installed (automatically or manually - I can not remember). This new version obviously changed its default configuration and became much more restrictive as far as IP communications are concerned.
The result was that it blocked all VPN traffic and did not report about it (firing alerts) as it should.

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question