Link to home
Start Free TrialLog in
Avatar of hlmarine
hlmarine

asked on

VPN Connection in different countries

Hi,

I have users traveling around the world that require to use VPN connection to access company file server.

However users reported that in certain countries, they are able to connect to VPN without any problem. But in some other countries, they are not able to connect to VPN.

The more recent reported case is having Error 721 which says the remote computer is not responding. The VPN connection get disconnected when the login reach the Verify user and password screen.

Our Server is Windows Server 2008 Standard R2 and using the built in VPN service provided by the Windows 2008.
The port open for VPN is only PPTP.
I have allowed Port TCP Port 47 and TCP Port 1723 NAT in my Firewall.

Does any one have this problem and how do you solve it?

Regards,
BK
ASKER CERTIFIED SOLUTION
Avatar of Damjan
Damjan
Flag of Slovenia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of hlmarine
hlmarine

ASKER

Dear damjanholsedl,

Thanks for your advise. Will try it and revert back soon. Your explaination make sense.
Hi damjanholsedl,

Just realise XP don't support SSTP. So I can't try whether or not SSTP VPN can work for my user XP machine. Is there any other idea which you can think of ?
Avatar of Qlemo
L2TP/IPsec is available on XP, but might be blocked.
Another option is to use the free OpenVPN (http://www.openvpn.net/index.php/open-source/overview.html) on both sides, and optionally use the HTTPS port 443.
Hello, hlmarine,

you are going to need either Windows Vista SP1 or Windows 7 to use SSTP. If you don't plan to upgrade your XP machine, then this option is not available to you.

Any other idea? Maybe OpenVPN (third-party sw)  The availability of clients for OpenVPN is more wide than that of SSTP. Here is a comparison.
The thing puzzle me is how come some countries my PPTP VPN can work but some countries cannot work.

Is it because the firewall over that particular country block port 47?

For my basic knowledge, I thought I only need to allow port 47 and 1723 (NAT) from outside to my server for PPTP to work? Correct me if I am wrong. Is there a need for that countries ISP to open their firewall port 47 and 1723 for my user as well?

Is there is no other suggestion, I will have to try the openvpn. = (
GRE is protocol 47, not port 47. I have not spotted that before, since it was working already. Maybe setting up "PPTP PassThru" or "VPN PassThru" on your router is enough to get it working all times; GRE isn't very robust, so it might even work without forwarding, but then only under certain circumstances. PPTP connection negotiation is working first with the PPTP protocol on port 1723 (that is, btw, not "NAT", it is "PPTP"); the encrypted packets are sent via GRE, and might work without port forwarding, depending on the direction the packets take.
Hi Qlemo,

I have checked my router. PPTP is permitted pass throughout with both 1723 (TCP) and GRE as shown in the print screen. Does the GRE has default protocol 47 or I have to set it manually?
router.jpg
Is there any possibility that some countries might block "PPTP - VPN" access to certain range of IP addresses in another country ?
That setting looks good, so that shouldn't be the reason.
Some countries do not allow for VPN of any kind, and some ISPs block the common ports intentionally. But blocking is always done on "the other side"; your ISP does not decide whether to block ports depending on IP address ranges. Each country and ISP might decide different.
Hi Qlemo,

What do you mean by "blocking is always done on "the other side"?

Does it mean the ISP block some incoming or out going port of all IP address?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi Qlemo,

Thanks for your advise. Will do more research on this.
Problem not completely solved.