Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Error 806 (ERROR_VPN_GRE_BLOCKED) when connecting to VPN from Vista client

Posted on 2007-11-17
Last Modified: 2008-06-14
I have three clients on my location, two running XP and one running Vista. All of  them should periodically connect to central office via PPTP VPN. Until recently there were no problems, but now Vista is suddenly unable to connect any more.  
I am getting error 806: The VPN connection between your computer and the VPN server could not be completed. The most command cause for this failure is that at least one Internet device (for example a firewall or a router) between your computer and the VPN server is not configured to allow GRE protocol packets.
I have checked the router (Zyxel Zywall 35) it has both port 1723 and GRE protocol 47 configured OK. Otherwise I would have problems with XP clients, too. Or is GRE important only for Vista?
I havent changed anything - the connection was just lost one morning and I am trying to get it back since then without success. I have tried Microsoft KB 926170 and 929857 instructions, since the error first manifested as 721, but no solution so far.
All clients are on  domain, but the domain server is on the host that is available only throught VPN - I guess this might be the problem...
Question by:igams
  • 2
  • 2

Expert Comment

ID: 20304173
Because the other XP clients are connecting, I think the problem must be with the client device running Vista. There is no specific difference between XP and Vista as GRE as used by both for PPTP. You do not need to be on a domain or have AD access to connect to a VPN. Therefore, I suggest reveiwing the client. Vista (in my opinion) is not yet very stable for VPN. I would suggest disabling Windows Firewall and retest, maybe System Restore to a previous point, else worst case would be O/S reinstall.

Expert Comment

ID: 20449501
I did make an effort to answer it :P

Author Comment

ID: 20481062
I am sorry, I was away and I did not get any e-mail messages about any events going on here...
My problem is stil left to solve, and I will dedicate more efforts to it now. I hope you are not mad at me...
I appreciate all help from The ROCK, I tried to disable the Firewall, no success. As far as System Restore is concerned, I tried it the first day the problem appear.
I really would not like to reinstall the sistem. I suspect that the problem is conneted to DNS. I remember I had problems immediately before VPN was lost with mapping the local server discs. All mapped discs were lost and I could not map them with the server name using Explorer. I solved the problem with hosts file: I explicitely entered the mapping of the server name to its IP and it helped. But, obviously, the problem was not solved at it roots... Should I better start solving the DNS problem first and VPN after that?

Accepted Solution

igams earned 0 total points
ID: 21734463
Since the question has not been closed yet I can now report how I managed to solve the problem:

The source of all problems was the firewall after all. But not the firewall on the router or the firewall on Vista - it was the firewall on F-Secure anti-virus client. One day some new version arrived and was installed (automatically or manually - I can not remember). This new version obviously changed its default configuration and became much more restrictive as far as IP communications are concerned.
The result was that it blocked all VPN traffic and did not report about it (firing alerts) as it should.

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Mapping drives cross domain via logon script 2 35
Setting up VPN using IKEv2, IPSec, and L2TP protocols 4 67
Enterprise Mode 4 46
Internet Connection -- PING testing ? 1 41
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question