setting up vpn server on 2008 sbs server

awolarczuk used Ask the Experts™
hi all i am trying to setup a vpn server on a 2008 sbs server, i seem to have allthe settings tunred on and i have set the three port fowards but i am still getting this error

The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Couple of questions:

Which ports did you forward through your firewall?
Did you use the Enable VPN wizard?
What router do you have? Some thomson routers have no VPN passthrough setting... Even if you forward the correct ports

Let me know and I'm sure we'll get it fixed soon.
Try enabling GRE (Protocol 47) on your firewall/router (Can show up as VPN Passthrough on low end routers,  has to be enabled as a port of some mid range Firewalls and routers and as an actual protocol on higher end Firewalls and routers)


I have Ports
and 42 open i am using a Speed Touch modem

THanks so much for the help so far
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

If that's a Thomson speed touch 585v7 then you've hit exactly the problem I described. It does not have a VPN passthrough capability.

There are hacks, but I've never got them to work.

Suggest a replacement router is the easiest way forward unfortunately. Netgear dg834 are very reliable and do allow VPN passthrough.


yea i know :) the only problem is that it is a site i support and it is 1000km away i will have to work something out


ANy other ideas
Yeah. Can you confirm what router version this is?  If it is a speed touch 585v7 then there is an option to rever to firmware version which does support pptp VPN.

You will lose connection during the upgrade, but if you do it using a remote machine, it'll upgrade fine.

There are known issues with this version of firmware, which you can avoid quite easily, but people have got working pptp VPN with this firmware.


SpeedTouch 500Series

System Software       
Board type

hope that helps
Top Expert 2013

Do you actually need to use a VPN? You can share files using Sharepoint, and you can access internal desktops or a Terminal Server using Remote Web Workplace, both of which are much more secure than a VPN, and RWW will provide much better performance. Though I am a big supporter of VPN's they have one big security hole which is a wide open tunnel between the corporate network and a computer out of your control which could be hosting malicious software. An SBS domain often has alternates to using a VPN.

I do appreciate you may have needs for VPN. If your router will not support PPTP pass-through you can probably still use Hamachi/LogMeIn's VPN solution which does not require port forwarding nor GRE pass-through:
You can use the basic version for free.

For the record when configuring port forwarding for a PPTP VPN, on any router, you only need port 1723 and enable GRE pass-through. GRE is protocol 47 not port 47 so forwarding a port in most cases makes no difference with GRE. GRE is enabled in different ways on different routers. On some you use "enable PPTP pass-through", others you forward the PPTP service rather than the port 1723 which dose both, forward 1723 and enable GRE, still other routers require a command to enable GRE pass-through.

You router sounds like a combined modem/router. Is so you can often put them in bridge mode effectively making them a basic modem and disabling all NAT and firewall features. You can then place a router which does support PPTP pass-through between the modem and the SBS.


Hi thanks for the feed back on this one, yes we are in need of a VPN as i am off site and about 2000km frm the site where the server is and the owner of the company often needs to connected to the network.  For this site i manage a VMware server of which i can not acess using the tools that the server currently has i have tried to use the free VPN server options and cant seemt to get it working.  The modem that is on site there doesnt seem to offer GRE.  I have setup a Linux option onsite at one stage and i could connected but could access thing with there ip address but not there DNS names and could never figer out how to fix it
Top Expert 2013

If DNS is the only issue you need to modify the VPN client to point to the corporate DNS server. Have a look at my blog. DNS is option 4 and the best choice but there are other name resolution options. It references the Windows VPN client but if using another similar client options should still exist.


mate have you got a good idea waht the best linux one and step by step for one as i got rid of mine as it didnt work :)
Top Expert 2013
I am not a Linux fan I am afraid, but OpenVPN is popular

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial