Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1461
  • Last Modified:

Can't connect through VPN PPTP but can connect through VPN IKEv2?

I have a basic setup of a vpn server with windows server 2008 r2. I can connect through IKEv2 just fine but when I try to connect to PPTP it give me: Error 628: The connection was terminated by the remote computer before it could be completed.

I have google everything. I have port 1723 open on the server and the router. All settings seem to be correct. I can even see the connection come into my router and say accepted.

What could be the problem?

Tony
0
askurat1
Asked:
askurat1
  • 8
  • 8
1 Solution
 
Ernie BeekExpertCommented:
When you say IKEv2 I assume it is with IPSec?

IPSec uses protocols 50 and 51 (NOT ports, like TCP is protocol 6 and UDP is protocol 17 and within these protocols you use port numbers).
That being said. IPSec uses TCP/port 500 and protocol 50/51. PPTP uses TCP/port 1723 and protocol 47 (GRE). I think GRE is not being passed either on the router or the server.
0
 
askurat1Author Commented:
Not from my knowledge. In Windows 7 is shows thes options: Automatic, PPTP L2TP/IPSec, SSTP, and IKEv2.

On the router I have the firewall turned off and VPN passthrough enabled for IPSec, PPTP, and L2TP.
On the server I have GRE anebled and to allow connections.
0
 
Ernie BeekExpertCommented:
Ok, if you check the logs on the router and/or the eventlogs on the server does anything show up?
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
askurat1Author Commented:
Not really. On my router it says port 1723 is coming in just fine and on the server I can't find any log pertaining to my situation. Is there any log I should look at specifically?
0
 
Ernie BeekExpertCommented:
Have a look at this link: http://technet.microsoft.com/en-us/library/cc754714(WS.10).aspx It should help you set that up.
0
 
askurat1Author Commented:
Thanks for that. On my server it is giving me this:
The Windows Filtering Platform has blocked a packet.

Application Information:
	Process ID:		916
	Application Name:	\device\harddiskvolume3\windows\system32\svchost.exe

Network Information:
	Direction:		Inbound
	Source Address:		97.87.86.66
	Source Port:		0
	Destination Address:	192.168.0.1
	Destination Port:		0
	Protocol:		47

Filter Information:
	Filter Run-Time ID:	105017
	Layer Name:		Receive/Accept
	Layer Run-Time ID:	44

Open in new window


How would I unblock this?
0
 
Ernie BeekExpertCommented:
Ok, so this looks like GRE (protocol 47) is being blocked. Though you said GRE was enabled it looks like it is still being stopped........

You might want to have a look at that again.

And taken the risk I underestimate you: GRE is protocol number 47 NOT port 47 on TCP/UDP (which have protocol number 6 and 17).
0
 
askurat1Author Commented:
Here is my firewall setup:
Routing and Remote Access (GRE-In): It is enabled and set to allow connections
set to all ports and protocol 47

Routing and Remote Access (GRE-Out): It is enabled and set to allow connections
set to all ports and protocol 47

Routing and Remote Access (PPTP-In): It is enabled and set to allow connections
set TCP and protocol 6. Local port: 1723  remote port: all ports

Routing and Remote Access (PPTP-Out): It is enabled and set to allow connections
set TCP and protocol 6. remote port: 1723  local port: all ports

0
 
askurat1Author Commented:
I have attached my RASMAN log below if that helps. RASMAN.LOG
0
 
askurat1Author Commented:
Any other logs?
0
 
Ernie BeekExpertCommented:
Not yet.

I've noticed one thing:

In the server log it shows
Source Address:            97.87.86.66
Destination Address:      192.168.0.1


In the RASMAN log it shows
DwSaveIpAddressInfo: Remote Address=97.87.86.66
DwSaveIpAddressInfo: Source Address=192.168.0.5


There is a discrepancy there (192.168.0.1 vs 192.168.0.5)
0
 
askurat1Author Commented:
Sorry about that. My server has two ip's and I must have changed the router to forward to a different ip during troubleshooting.

I think I might have found the problem. I have been trying to do this from work and we must have something setup to block VPN. When trying from another network that isn't blocking anything it seems to connect just fine, though I have only tried this on one computer.

Could this be the issue?
0
 
Ernie BeekExpertCommented:
It certainly could be. Not necessarily blocking, it could also be not passing something (like the GRE protocol). So you might have something worth while investigating there.
0
 
askurat1Author Commented:
Yea I am thinking it isn't passing the protocol. I am gonna check some other computers on different networks but if it worked on the other network I mentioned above that means it doesn't have anything to do with my VPN setup or security, correct?
0
 
Ernie BeekExpertCommented:
Correct. Then is has to do with the network you're connecting from.
0
 
Ernie BeekExpertCommented:
So it seems I lead you to the solution but now it's going to be closed?
As I read this, you checked it and the assumptions we came to where right which means #34953848 is the correct answer.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 8
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now