[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 13767
  • Last Modified:

Error 806 (ERROR_VPN_GRE_BLOCKED) when connecting to VPN from Vista client

I have three clients on my location, two running XP and one running Vista. All of  them should periodically connect to central office via PPTP VPN. Until recently there were no problems, but now Vista is suddenly unable to connect any more.  
I am getting error 806: The VPN connection between your computer and the VPN server could not be completed. The most command cause for this failure is that at least one Internet device (for example a firewall or a router) between your computer and the VPN server is not configured to allow GRE protocol packets.
I have checked the router (Zyxel Zywall 35) it has both port 1723 and GRE protocol 47 configured OK. Otherwise I would have problems with XP clients, too. Or is GRE important only for Vista?
I havent changed anything - the connection was just lost one morning and I am trying to get it back since then without success. I have tried Microsoft KB 926170 and 929857 instructions, since the error first manifested as 721, but no solution so far.
All clients are on  domain, but the domain server is on the host that is available only throught VPN - I guess this might be the problem...
0
igams
Asked:
igams
  • 2
  • 2
1 Solution
 
The_R0CKCommented:
Because the other XP clients are connecting, I think the problem must be with the client device running Vista. There is no specific difference between XP and Vista as GRE as used by both for PPTP. You do not need to be on a domain or have AD access to connect to a VPN. Therefore, I suggest reveiwing the client. Vista (in my opinion) is not yet very stable for VPN. I would suggest disabling Windows Firewall and retest, maybe System Restore to a previous point, else worst case would be O/S reinstall.
0
 
The_R0CKCommented:
I did make an effort to answer it :P
0
 
igamsAuthor Commented:
I am sorry, I was away and I did not get any e-mail messages about any events going on here...
My problem is stil left to solve, and I will dedicate more efforts to it now. I hope you are not mad at me...
I appreciate all help from The ROCK, I tried to disable the Firewall, no success. As far as System Restore is concerned, I tried it the first day the problem appear.
I really would not like to reinstall the sistem. I suspect that the problem is conneted to DNS. I remember I had problems immediately before VPN was lost with mapping the local server discs. All mapped discs were lost and I could not map them with the server name using Explorer. I solved the problem with hosts file: I explicitely entered the mapping of the server name to its IP and it helped. But, obviously, the problem was not solved at it roots... Should I better start solving the DNS problem first and VPN after that?
0
 
igamsAuthor Commented:
Since the question has not been closed yet I can now report how I managed to solve the problem:

The source of all problems was the firewall after all. But not the firewall on the router or the firewall on Vista - it was the firewall on F-Secure anti-virus client. One day some new version arrived and was installed (automatically or manually - I can not remember). This new version obviously changed its default configuration and became much more restrictive as far as IP communications are concerned.
The result was that it blocked all VPN traffic and did not report about it (firing alerts) as it should.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now