VPN issues - Error 800

[Viper GTS]

Background info:

The g/f has a work laptop and uses VPN at home. About a week ago her profile was corrupted, so her IT consultant company renamed her profile & had her login to create a new one. Ever since then she has been unable to connect to VPN. Every time it fails with an Error 800. The profile issue may just be coincidence, but our initial thought was that something must be wrong with the connection they created.

Nothing has changed on my network, it's still a Linksys router running the latest version of Tomato.

Things we've tried:

Creating a new connection on a different PC (clean OS install in a VM)
Connecting her laptop directly to the comcast modem
Connected using her credentials from a PC at some other location (didn't do this myself, but ther IT consultants say it worked)

Her IT consultants are insisting it must be a Comcast issue, but of course Comcast denies they are blocking anything. I find it VERY hard to believe that they would pull a stunt like that, but I don't know what else to look at.

Anything I'm missing here? I'm going to take her to a coffee shop or something & try another internet connection but I'm running out of ideas.

Viper GTS

 

[spidey07]

LOL! There's another thread about VPNs and error 800. Most of the time this is from problems with IP protocol 47 (gre tunnel) and NAT. Since you took the router out of the picture and went straight to the provider then there shouldn't be any NAT involved. Double check that when directly to the modem you get a real public IP address and not a private one (10. 192.168. 172.16-21.).

Other than that the best thing would be to load wireshark and look at the packet capture and make sure you're testing without the router. It's also possible that she doesn't have NAT traversal enabled and that could cause problems as well, but the other end of the VPN should also have nat traversal enabled.

 

[Viper GTS]

Yep I saw that thread too. He's in the same boat I am, previously working setup that suddenly died.

The IP I got when direct connected was indeed public, so no NAT there. I am also 100% sure that I eliminated my router as I had a direct ethernet cable connection between laptop & cable modem, & wireless was disabled.

I'm going to have her try her PC from another connection before resorting to wireshark, my real goal is to prove definitively that it's not my internet connection or router. If I can prove that then it's up to her consultants to fix it.

Viper GTS

 

[spidey07]

Well if you tried directly to a modem, with a public IP and even a hot spot I'd say the problems lie in the configuration of the connection. It could be a problem with the provider but I doubt it.

More details on what kind of VPN it is would be really helpful.

 

[bobdole369]

Her IT consultants are insisting it must be a Comcast issue, but of course Comcast denies they are blocking anything. I find it VERY hard to believe that they would pull a stunt like that, but I don't know what else to look at.

Comcast doesn't putz with IP protocol 47 (at least in Florida, the greater Dallas area, upstate NY, AL/LA, and a couple other places) - as I run a PPTP and IPSEC/L2TP and even an SSL VPN now. For years it was just the PPTP one and error 800 was always an issue with some folks. 95% of the time its due to a software or hardware firewall/antivirus, or corporate policy blocking the IP protocol 47 negotiation.

It's usually OK to create another connection by copying down the details in the first connection, but usually this isn't necessary.

Creating a new connection on a different PC (clean OS install in a VM)

Very odd that didn't work.

Even more odd that with a public IP it also didn't work.

To troubleshoot I would run wireshark while connecting and examine the exchange. You should see an outgoing on 1723, an ack, an incoming IP protocol 47, you acking that, and then the connection is made and data flows that you can't decipher.