Alternative VPN Client for Windows

I'm in a situation where a customer used to VPN to their office router (Draytek 2820) They would then access files on a share.

This has worked fine for many months until a couple of weeks ago, she now gets error 806 while its validating the username and password.

I've spend days trying to get this sorted, it appears she cannot VPN to anywhere after trying various different end points. I try and have no problem from my office.

I've upgraded drivers / router firmware etc. You name it i've done it.

I'm not asking to fix the windows VPN but wondering if anybody might know a 3rd party VPN client that they know works well. It's just a basic PPTP VPN.

Thanks in advance
afflik1923Asked:
Who is Participating?
 
afflik1923Connect With a Mentor Author Commented:
It really is strange, i really thought it was the laptop until the user took it home and it worked perfectly.

It just seems that by disabling the inbound rules the VPN works!
0
 
Joseph DalyCommented:
You may want to give the Shrew VPN a shot. I used this on my windows 7 x64 machine before cisco officially released their VPN.

https://www.shrew.net/software
0
 
afflik1923Author Commented:
I've downloaded Shrew VPN, looks a little complex. What options do i need for a PPTP VPN connection. Previously all i'd need is the IP address and username and password using the windows client.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Rob WilliamsCommented:
806 is a blocked GRE error.  Adding another PPTP VPN client wowuld not likly resolve the problem.  Might any security software such as A?V or firewall been added or updated to the server or client?  Can other clients access the site?
0
 
afflik1923Author Commented:
I've tried uninstalling the AV and also disabling the firewall, there's nothing else on the laptop that should stop it. We've tried other clients on the site and these work fine.

Is there any way i can test the GRE connection? I can telnet into port 1723 fine.
0
 
Munkymajik888Commented:
Is this only from her home or a residential broadband connection? Its a bit unclear from above - if so get her to call her ISP and ask if they are blocking VPN communications.

I had a problem a while back with a chap with Orange home broadband. All was good for months (he was using Win 7, Netscreen Remote to Juniper SSG20 Firewall) and then all of a sudden it would not connect. After numerous site visits to his house I called Orange and managed to get from them information that they were blocking VPN comms (IPSEC, PPTP etc) due to high usage on his line.

ISP's do this now as VPN's are used in an effort to evade detection when downloading illegal stuffs and can block these comms completely from your tinernet connection.

I would defo investigate this and maybe even call them yourself and use terms like "My CEO" and "This is legitimate legal traffic which should not be blocked" - they worked for me :-)

all the best

G
0
 
afflik1923Author Commented:
This is from an office, i'm assuming they'll be using a business connection but i will check. It's a really simple setup, just a few PC's and a Netgear router.

The person in question works for a company that we support but they use their company laptop whilst at another business that we do not support. Their IT guys tell me they've been able to connect a VPN from another PC fine which to me points to a problem with the laptop.
0
 
Rob WilliamsCommented:
Just for the record, all routers have a limit as to how many PPTP pass-through tunnels they will support (client end),  some are only 1.  If there are others using PPTP, it will may issues.

I also agree some ISP's will block GRE, I have run into that in New England, USA, and Comcast.

More often it is software on the laptop.

>>"Is there any way i can test the GRE connection"
From an older post of mine:

Microsoft has a pair of test tools pptpsrv and pptpclnt, to test for GRE pass-through, which are available as part of the Windows resource kit or from:
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

Log onto the client or VPN server machine and connect to the other with remote desktop, or a similar remote management tool. At a command line on the client machine, run pptpclnt and on the server run pptpsrv. The client machine will send a set of GRE packets to the server and it should show as received if GRE is able to pass. The server is then supposed to respond and the client indicate received, but I have never had that part work. The one direction client to server is usually enough to test.

Following links outline the use of the test tools:
http://www.howtonetworking.com/Tools/testgre.htm
See VPN traffic:
http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx
0
 
afflik1923Author Commented:
The pptpclnt tool was very handy in troubleshooting this, i've finally tracked it down to some firewall rules on the Netgear DG834 router.

The outbound services is set to default and everything is allowed, the inbound is as follows:

Firewall Rules
As soon as i disable the rules marked with the red border and reboot the router the VPN works just fine, but if the rules are enabled the VPN stops working

I've also had the firmware updated to the latest release.
0
 
Rob WilliamsCommented:
When you created the Port forwarding did you forward port 1723 or did you forward the PPTP service.  You need to do the latter on a Netgear as it enables GRE, and sets the firewall rules.  There is no way on any Netgear I have seen to manually enable GRE.

Those rules look correct to me, but if you disable the last one you are effectively turning off the firewall.  Though the IPSec and L2TP rules are OK, there is no need for them.
0
 
afflik1923Author Commented:
We dont support this router but PPTP was  used and not 1723, my thought is that these are inbound rules so should not even make a difference, the outbound rules are set to default which is to allow any.
0
 
Rob WilliamsCommented:
The inbound rule for PPTP is the only one of importance.. Without it the VPN will be blocked by the "any" rule.  Rules are carried out in order of their placement in the table. If traffic doesn't meet one of the rules in the table it is blocked by the last one, unless it is removed.
0
 
afflik1923Author Commented:
Just to clarify that the user is trying to VPN out from her laptop through the router in question, for this i would have thought that the outbound rule of allow any would be sufficient. I wouldn't think the inbound rule would even affect this?
0
 
Rob WilliamsCommented:
Sorry, I forgot that when you were displaying inbound rules.
If yit works for you and not her it has to be the TCP/IP stack on her computer or software installed on her computer.

If not software you could try completely resetting the TCP/OIP stack, keep in mind this will wipe any existing TCP/IP configurations including saved wireless connections:

netsh  int  ip  reset  c:\reset.txt
0
 
Rob WilliamsCommented:
Try just disabling the "Default / Any" rule.  I bet that is the one that makes a difference.  Then we need to figure out why.
0
 
Rob WilliamsCommented:
Did you leave the default/block any rule disabled?  
If so you have effectively turned off all protection except NAT and left your self open to attack.
0
 
afflik1923Author Commented:
no the default block is enabled, its just the 4 rules in the above screenshot i disabled in the end.
0
 
Rob WilliamsCommented:
That is safe, but odd.
Cheers!
0
 
afflik1923Author Commented:
it is odd, but as it works i'm not touching it!!!
0
 
afflik1923Author Commented:
Well in the end i was able to disable the inbound rules and the VPN is now working, doesn't really make sense but seems to work!
0
All Courses

From novice to tech pro — start learning today.