Solved

VPN connection issue with GRE Protocol 47

Posted on 2013-06-27
6
8,865 Views
Last Modified: 2013-07-03
Hi I have Netgear DGND3700 router and SBS 2011 Standard. I want to enable VPN connection to accept dial in connections.

I have managed to configured server. And have opened the router’s port 1723. But still I can not connect. On actual SBS event log I can see below error
SBS 2011 Event Log
“A connection between the VPN server and the VPN client 139.216.250.145 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47).”

Anyway all apple iMac, MacBooks, iPhone, IPads can connect to the server via VPN but any windows clients (Xp, Vista or Win7s ) cannot  connect!.

I can not find any option in the router to open GRE Protocol 47?
Netgear Router SettingsCan any body help me to resolve this GRE issue and get the VPN connections up and run.
Help would be highly appreciated.
0
Comment
Question by:Indika2013
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39280965
Hello,

You need to create a service for port 47 and forward it onto the SBS.

See here for the steps:

http://kb.netgear.com/app/answers/detail/a_id/8219/~/how-to-setup-inbound%2Foutbound-firewall-rules-on-netgear-modem-router%2Fgateways
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39281571
GRE is not port 47, it is protocol 47, therefore cannot be "forwarded".  Instead you enable it.
This is done in different ways on different routers.  On Netgears if you forward port 1723 you cannot enable GRE, if you forward the built-in service for PPTP, it will forward port 1723 as well as automatically enable GRE pass-through.  Is this what you did?

Did you run the SBS wizard under SBS console | Network | Connectivity to create the VPN or use RRAS?  You should use the wizard as it will also configure routing, firewall rules (including GRE), and NPS.

Security software such as 3rd party software firewalls or A/V can block GRE.

Having said that if MAC and other clients can connect it is unlikely GRE is blocked at the corporate site, as they too would require it.  It is more often an authentication difference such as PAP, CHAP, MS-CHAPv2

Does the connecting client get an error # when the connection fails such as 721, 691, 800?  GRE should be a 721 error, though is sometimes reported as 691.
Is there a common security product (firewall or A/V) on the connecting clients?

For the record, regarding the other ports you have forwarded, on SBS:
3389/RDP is a security risk and not needed with RWA
1701/L2TP is not needed for PPTP
110/POP3 is not normally needed or considered a default configuration on SBS
80/http is not needed and considered a security risk
995/POP-SSL  is not normally needed or considered a default configuration on SBS
0
 

Accepted Solution

by:
Indika2013 earned 0 total points
ID: 39283341
Hi Rob,
Thanks for your time and reply.
You have provided me lots of details; I am new to this subject so appreciate your advice.
1.      Yes I have opened it as normal service from router

2.      Yes I have run SBS wizard to configure the VPN

3.      No 3rd party firewall or Antivirus running on the server

4.      The error is 721 error, before it was showing me 800 or 806 but suddenly start to show me 721 error

5.      Yes I know I have opened lots of ports, which is insecure. But I though they might blocking the VPN connection?? If I can get VPN up and run I can close those ports…
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 39284985
800 indicates no handshaking (connection) at all.  721 is definately GRE, however are the MAC and other clients still able to connect?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39288489
Glad to hear.  However I am not sure why you awarded the correct answer to yourself when you say; "Hi Rob, your are right, i have done a factory reset and opened the ports as you mention. now VPN is working "
0
 

Author Closing Comment

by:Indika2013
ID: 39296034
Hi Rob, your are right, i have done a factory reset and opened the ports as you mention. now VPN is working on Mac computers and PC computers. it is something wrong with the Netgear router. anyway thanks heaps for your quick help....
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question