For the last several months I have been trying to get a VPN setup at my home so I can connect from work and get files, or play some LAN games with my friends.
I use SBC Yahoo DSL through an "Efficient Networks, Inc. SpeedStream 5100 ADSL Modem." My first router I tried was an SMC SMC2804WBR, and this second one I am using now is a D-Link di-604.
I have hosted with XP Pro, Server 2000, and Server 2003, used 2000, XP, and Vista as clients, from different physical locations and public IP's, and all give the exact same result.
With every one of these configurations I can usually get a VPN connection established for 3-5 min, and then it dies, killing all network activity on only the client end so that I can't ping any local addresses, or public addresses until I disconnect the VPN connection.
Now, after I get this strange "disconnect" I can try to reconnect, but I get an error after it sits on "Verifying user name and password..." for about 30 seconds.
When using Vista as the client I get this error:
Error 806: The VPN connection between your computer and the VPN server could not be completed. The most common cause for this failure is that at least one Internet device (for example, a firewall or a router) between your computer and the VPN server is not configured to allow Generic Routing Encapsulation (GRE) protocol packets. If the problem persists, contact your network administrator or Internet Service Provider.
When using XP as the client I get this error:
Disconnected.
Error 732: Your computer and the remote computer could not agree on PPP control protocols.
With my SMC router, the logging and reporting were terrible, so I had no idea what was going on. I even tried using the DMZ, and it still gave me the same problem.
With the D-Link router I activated and forwarded the pre-set VPN options under "Virtual Server" to my VPN host server (it created the firewall rules for me with this feature), and I kept getting a GRE packet rejection on port 0 when I would try and connect, according to the log.
So, I then used DMZ on the D-Link and it worked so I kept it connected for a min or 2... but not enough time for the network to die apparently. Then I turned off DMZ and forwarded port 0 to my server it also worked!
Feeling quite accomplished, I then started pinging around to make sure I could resolve names and reach everything inside the network when all of a sudden I started dropping pings to everything - internal or external, just as it had before with the SMC router. :brokenheart:
It's as if I had unplugged my client computer, but the connection was still "active" and I could not ping anything until I disconnected it.
On a side note...
Sometimes I can reboot my modem, get a new IP, and then it will work, but other times I just have to wait a few days for it to work again... but every time I have attempted a VPN connection I get the strange problem where it disconnects me after a few min.
What could this problem be? It almost looks like it's either my DSL modem, or ISP that kills my connection by blocking GRE packets or something. Those are the only 2 things that have not changed. What suggestions might you have about MTU settings?
Any ideas you might have would be great. Thanks!
Cliffs:
Using ADSL
Can connect to VPN server inside my DSL from outside
Connection is good for a couple min then connection "dies"
Can?t ping anything inside VPN network
Can?t ping anything in client network
Can?t ping internet
After this problem I can't reconnect to VPN
Get errors about GRE and protocol handling
Is it modem or ISP?
HELP!!
Resolution Edit:
It ends up that it was my modem... I was double NAT-ing.
e.g. Public:x.x.x.x -> Modem:192.168.0.1 -> Router:192.168.x.x
I should have known this was the problem, but I didn't even think about it!
To fix it I had to put the modem in bridged mode, use my D-Link router to do PPPoE authentication, and use the VPN pass-through on the router.
It works perfectly now! And I think it has also stopped my FTP server from killing connections.
Thanks for the help! :thumbsup:
I use SBC Yahoo DSL through an "Efficient Networks, Inc. SpeedStream 5100 ADSL Modem." My first router I tried was an SMC SMC2804WBR, and this second one I am using now is a D-Link di-604.
I have hosted with XP Pro, Server 2000, and Server 2003, used 2000, XP, and Vista as clients, from different physical locations and public IP's, and all give the exact same result.
With every one of these configurations I can usually get a VPN connection established for 3-5 min, and then it dies, killing all network activity on only the client end so that I can't ping any local addresses, or public addresses until I disconnect the VPN connection.
Now, after I get this strange "disconnect" I can try to reconnect, but I get an error after it sits on "Verifying user name and password..." for about 30 seconds.
When using Vista as the client I get this error:
Error 806: The VPN connection between your computer and the VPN server could not be completed. The most common cause for this failure is that at least one Internet device (for example, a firewall or a router) between your computer and the VPN server is not configured to allow Generic Routing Encapsulation (GRE) protocol packets. If the problem persists, contact your network administrator or Internet Service Provider.
When using XP as the client I get this error:
Disconnected.
Error 732: Your computer and the remote computer could not agree on PPP control protocols.
With my SMC router, the logging and reporting were terrible, so I had no idea what was going on. I even tried using the DMZ, and it still gave me the same problem.
With the D-Link router I activated and forwarded the pre-set VPN options under "Virtual Server" to my VPN host server (it created the firewall rules for me with this feature), and I kept getting a GRE packet rejection on port 0 when I would try and connect, according to the log.
So, I then used DMZ on the D-Link and it worked so I kept it connected for a min or 2... but not enough time for the network to die apparently. Then I turned off DMZ and forwarded port 0 to my server it also worked!
Feeling quite accomplished, I then started pinging around to make sure I could resolve names and reach everything inside the network when all of a sudden I started dropping pings to everything - internal or external, just as it had before with the SMC router. :brokenheart:
It's as if I had unplugged my client computer, but the connection was still "active" and I could not ping anything until I disconnected it.
On a side note...
Sometimes I can reboot my modem, get a new IP, and then it will work, but other times I just have to wait a few days for it to work again... but every time I have attempted a VPN connection I get the strange problem where it disconnects me after a few min.
What could this problem be? It almost looks like it's either my DSL modem, or ISP that kills my connection by blocking GRE packets or something. Those are the only 2 things that have not changed. What suggestions might you have about MTU settings?
Any ideas you might have would be great. Thanks!
Cliffs:
Using ADSL
Can connect to VPN server inside my DSL from outside
Connection is good for a couple min then connection "dies"
Can?t ping anything inside VPN network
Can?t ping anything in client network
Can?t ping internet
After this problem I can't reconnect to VPN
Get errors about GRE and protocol handling
Is it modem or ISP?
HELP!!
Resolution Edit:
It ends up that it was my modem... I was double NAT-ing.
e.g. Public:x.x.x.x -> Modem:192.168.0.1 -> Router:192.168.x.x
I should have known this was the problem, but I didn't even think about it!
To fix it I had to put the modem in bridged mode, use my D-Link router to do PPPoE authentication, and use the VPN pass-through on the router. It works perfectly now! And I think it has also stopped my FTP server from killing connections.
Thanks for the help! :thumbsup:
Facebook
Twitter