Solved

Can't connect through VPN PPTP but can connect through VPN IKEv2?

Posted on 2011-02-18
16
1,321 Views
Last Modified: 2012-05-11
I have a basic setup of a vpn server with windows server 2008 r2. I can connect through IKEv2 just fine but when I try to connect to PPTP it give me: Error 628: The connection was terminated by the remote computer before it could be completed.

I have google everything. I have port 1723 open on the server and the router. All settings seem to be correct. I can even see the connection come into my router and say accepted.

What could be the problem?

Tony
0
Comment
Question by:askurat1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
16 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34930225
When you say IKEv2 I assume it is with IPSec?

IPSec uses protocols 50 and 51 (NOT ports, like TCP is protocol 6 and UDP is protocol 17 and within these protocols you use port numbers).
That being said. IPSec uses TCP/port 500 and protocol 50/51. PPTP uses TCP/port 1723 and protocol 47 (GRE). I think GRE is not being passed either on the router or the server.
0
 
LVL 8

Author Comment

by:askurat1
ID: 34930310
Not from my knowledge. In Windows 7 is shows thes options: Automatic, PPTP L2TP/IPSec, SSTP, and IKEv2.

On the router I have the firewall turned off and VPN passthrough enabled for IPSec, PPTP, and L2TP.
On the server I have GRE anebled and to allow connections.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34930386
Ok, if you check the logs on the router and/or the eventlogs on the server does anything show up?
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 8

Author Comment

by:askurat1
ID: 34945682
Not really. On my router it says port 1723 is coming in just fine and on the server I can't find any log pertaining to my situation. Is there any log I should look at specifically?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34945782
Have a look at this link: http://technet.microsoft.com/en-us/library/cc754714(WS.10).aspx It should help you set that up.
0
 
LVL 8

Author Comment

by:askurat1
ID: 34946000
Thanks for that. On my server it is giving me this:
The Windows Filtering Platform has blocked a packet.

Application Information:
	Process ID:		916
	Application Name:	\device\harddiskvolume3\windows\system32\svchost.exe

Network Information:
	Direction:		Inbound
	Source Address:		97.87.86.66
	Source Port:		0
	Destination Address:	192.168.0.1
	Destination Port:		0
	Protocol:		47

Filter Information:
	Filter Run-Time ID:	105017
	Layer Name:		Receive/Accept
	Layer Run-Time ID:	44

Open in new window


How would I unblock this?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34946349
Ok, so this looks like GRE (protocol 47) is being blocked. Though you said GRE was enabled it looks like it is still being stopped........

You might want to have a look at that again.

And taken the risk I underestimate you: GRE is protocol number 47 NOT port 47 on TCP/UDP (which have protocol number 6 and 17).
0
 
LVL 8

Author Comment

by:askurat1
ID: 34946475
Here is my firewall setup:
Routing and Remote Access (GRE-In): It is enabled and set to allow connections
set to all ports and protocol 47

Routing and Remote Access (GRE-Out): It is enabled and set to allow connections
set to all ports and protocol 47

Routing and Remote Access (PPTP-In): It is enabled and set to allow connections
set TCP and protocol 6. Local port: 1723  remote port: all ports

Routing and Remote Access (PPTP-Out): It is enabled and set to allow connections
set TCP and protocol 6. remote port: 1723  local port: all ports

0
 
LVL 8

Author Comment

by:askurat1
ID: 34948097
I have attached my RASMAN log below if that helps. RASMAN.LOG
0
 
LVL 8

Author Comment

by:askurat1
ID: 34948100
Any other logs?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34949521
Not yet.

I've noticed one thing:

In the server log it shows
Source Address:            97.87.86.66
Destination Address:      192.168.0.1


In the RASMAN log it shows
DwSaveIpAddressInfo: Remote Address=97.87.86.66
DwSaveIpAddressInfo: Source Address=192.168.0.5


There is a discrepancy there (192.168.0.1 vs 192.168.0.5)
0
 
LVL 8

Author Comment

by:askurat1
ID: 34953359
Sorry about that. My server has two ip's and I must have changed the router to forward to a different ip during troubleshooting.

I think I might have found the problem. I have been trying to do this from work and we must have something setup to block VPN. When trying from another network that isn't blocking anything it seems to connect just fine, though I have only tried this on one computer.

Could this be the issue?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34953402
It certainly could be. Not necessarily blocking, it could also be not passing something (like the GRE protocol). So you might have something worth while investigating there.
0
 
LVL 8

Author Comment

by:askurat1
ID: 34953547
Yea I am thinking it isn't passing the protocol. I am gonna check some other computers on different networks but if it worked on the other network I mentioned above that means it doesn't have anything to do with my VPN setup or security, correct?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 34953848
Correct. Then is has to do with the network you're connecting from.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35181189
So it seems I lead you to the solution but now it's going to be closed?
As I read this, you checked it and the assumptions we came to where right which means #34953848 is the correct answer.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question