Solved

Alternative VPN Client for Windows

Posted on 2013-07-01
20
3,136 Views
Last Modified: 2013-07-26
I'm in a situation where a customer used to VPN to their office router (Draytek 2820) They would then access files on a share.

This has worked fine for many months until a couple of weeks ago, she now gets error 806 while its validating the username and password.

I've spend days trying to get this sorted, it appears she cannot VPN to anywhere after trying various different end points. I try and have no problem from my office.

I've upgraded drivers / router firmware etc. You name it i've done it.

I'm not asking to fix the windows VPN but wondering if anybody might know a 3rd party VPN client that they know works well. It's just a basic PPTP VPN.

Thanks in advance
0
Comment
Question by:afflik1923
20 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 39291424
You may want to give the Shrew VPN a shot. I used this on my windows 7 x64 machine before cisco officially released their VPN.

https://www.shrew.net/software
0
 

Author Comment

by:afflik1923
ID: 39291490
I've downloaded Shrew VPN, looks a little complex. What options do i need for a PPTP VPN connection. Previously all i'd need is the IP address and username and password using the windows client.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39292220
806 is a blocked GRE error.  Adding another PPTP VPN client wowuld not likly resolve the problem.  Might any security software such as A?V or firewall been added or updated to the server or client?  Can other clients access the site?
0
 

Author Comment

by:afflik1923
ID: 39292429
I've tried uninstalling the AV and also disabling the firewall, there's nothing else on the laptop that should stop it. We've tried other clients on the site and these work fine.

Is there any way i can test the GRE connection? I can telnet into port 1723 fine.
0
 
LVL 2

Expert Comment

by:Munkymajik888
ID: 39292506
Is this only from her home or a residential broadband connection? Its a bit unclear from above - if so get her to call her ISP and ask if they are blocking VPN communications.

I had a problem a while back with a chap with Orange home broadband. All was good for months (he was using Win 7, Netscreen Remote to Juniper SSG20 Firewall) and then all of a sudden it would not connect. After numerous site visits to his house I called Orange and managed to get from them information that they were blocking VPN comms (IPSEC, PPTP etc) due to high usage on his line.

ISP's do this now as VPN's are used in an effort to evade detection when downloading illegal stuffs and can block these comms completely from your tinernet connection.

I would defo investigate this and maybe even call them yourself and use terms like "My CEO" and "This is legitimate legal traffic which should not be blocked" - they worked for me :-)

all the best

G
0
 

Author Comment

by:afflik1923
ID: 39292516
This is from an office, i'm assuming they'll be using a business connection but i will check. It's a really simple setup, just a few PC's and a Netgear router.

The person in question works for a company that we support but they use their company laptop whilst at another business that we do not support. Their IT guys tell me they've been able to connect a VPN from another PC fine which to me points to a problem with the laptop.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39293156
Just for the record, all routers have a limit as to how many PPTP pass-through tunnels they will support (client end),  some are only 1.  If there are others using PPTP, it will may issues.

I also agree some ISP's will block GRE, I have run into that in New England, USA, and Comcast.

More often it is software on the laptop.

>>"Is there any way i can test the GRE connection"
From an older post of mine:

Microsoft has a pair of test tools pptpsrv and pptpclnt, to test for GRE pass-through, which are available as part of the Windows resource kit or from:
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

Log onto the client or VPN server machine and connect to the other with remote desktop, or a similar remote management tool. At a command line on the client machine, run pptpclnt and on the server run pptpsrv. The client machine will send a set of GRE packets to the server and it should show as received if GRE is able to pass. The server is then supposed to respond and the client indicate received, but I have never had that part work. The one direction client to server is usually enough to test.

Following links outline the use of the test tools:
http://www.howtonetworking.com/Tools/testgre.htm
See VPN traffic:
http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx
0
 

Author Comment

by:afflik1923
ID: 39332547
The pptpclnt tool was very handy in troubleshooting this, i've finally tracked it down to some firewall rules on the Netgear DG834 router.

The outbound services is set to default and everything is allowed, the inbound is as follows:

Firewall Rules
As soon as i disable the rules marked with the red border and reboot the router the VPN works just fine, but if the rules are enabled the VPN stops working

I've also had the firmware updated to the latest release.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39333126
When you created the Port forwarding did you forward port 1723 or did you forward the PPTP service.  You need to do the latter on a Netgear as it enables GRE, and sets the firewall rules.  There is no way on any Netgear I have seen to manually enable GRE.

Those rules look correct to me, but if you disable the last one you are effectively turning off the firewall.  Though the IPSec and L2TP rules are OK, there is no need for them.
0
 

Author Comment

by:afflik1923
ID: 39333137
We dont support this router but PPTP was  used and not 1723, my thought is that these are inbound rules so should not even make a difference, the outbound rules are set to default which is to allow any.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 77

Expert Comment

by:Rob Williams
ID: 39333151
The inbound rule for PPTP is the only one of importance.. Without it the VPN will be blocked by the "any" rule.  Rules are carried out in order of their placement in the table. If traffic doesn't meet one of the rules in the table it is blocked by the last one, unless it is removed.
0
 

Author Comment

by:afflik1923
ID: 39333172
Just to clarify that the user is trying to VPN out from her laptop through the router in question, for this i would have thought that the outbound rule of allow any would be sufficient. I wouldn't think the inbound rule would even affect this?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39333191
Sorry, I forgot that when you were displaying inbound rules.
If yit works for you and not her it has to be the TCP/IP stack on her computer or software installed on her computer.

If not software you could try completely resetting the TCP/OIP stack, keep in mind this will wipe any existing TCP/IP configurations including saved wireless connections:

netsh  int  ip  reset  c:\reset.txt
0
 

Accepted Solution

by:
afflik1923 earned 0 total points
ID: 39333227
It really is strange, i really thought it was the laptop until the user took it home and it worked perfectly.

It just seems that by disabling the inbound rules the VPN works!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39333343
Try just disabling the "Default / Any" rule.  I bet that is the one that makes a difference.  Then we need to figure out why.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39344319
Did you leave the default/block any rule disabled?  
If so you have effectively turned off all protection except NAT and left your self open to attack.
0
 

Author Comment

by:afflik1923
ID: 39344368
no the default block is enabled, its just the 4 rules in the above screenshot i disabled in the end.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39344395
That is safe, but odd.
Cheers!
0
 

Author Comment

by:afflik1923
ID: 39344400
it is odd, but as it works i'm not touching it!!!
0
 

Author Closing Comment

by:afflik1923
ID: 39357288
Well in the end i was able to disable the inbound rules and the VPN is now working, doesn't really make sense but seems to work!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

So many times I have seen the words written in a question "if only I could show you" or " I know how hard it is for you since you can't see it" in any zone. That has inspired me to write about this tool in windows 7 called "Problem Steps Recorder…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now