VPN Question

[Billy06]

I set up a VPN server in windows xp pro sp3 at my house. It is behind a WBR-2310 router. I am trying to connect to it from my windows 7 computer when I'm away from home. I have opened ports 1723 and 1701 both in the router and in windows firewall. I have even tried turning off windows firewall. Every time I try to connect, I get error 806. I checked in my router settings and it has VPN passthrough enabled.

(I can ftp and remote desktop to my home computer, so it is accessible from the internet)

Any idea? Any thoughts on how to diagnose?

Thanks.

 

[Fardringle]

Error 806 usually means that GRE Protocol 47 (NOT port 47) is not being allowed by a device somewhere along the connection path. You said that you enabled VPN passthrough on your router already, but I would check to make sure that it actually stayed enabled. It's not directly related to your error, but you will need to have port 500 opened as well in order to use passive file transfers. If that still doesn't work, temporarily disable the Windows firewall on the XP machine (and any other software firewall you might have such as McAfee or Norton and see if you can connect.

Try to connect from another computer inside your home network possible, to make sure that the VPN is set up correctly on the XP machine. If you can connect that way, then the problem is with the router. If not, then something is not configured correctly or is blocking the connection on the XP computer.

 

[Emulex]

some routers WILL not pass GRE even when you tell them to 🙂 trust me

L2TP seems the best if you must do a VPN; you can actually vpn into single subnet destination network which i had a hard time doing with other protocols.

tl;dr - my dual wan router refuses to pass GRE even though i've done the same siht

 

[Billy06]

I think you guys might be right. If I connect from another computer on my home network and do 192.168.0.101 (local ip) it connects. If I type in my external ip it errors. So I guess this would be a lousy router thing?

 

[Fardringle]

Are you testing the external IP address from a computer outside your network (at a different location)? Many home routers will not let you connect to the WAN IP address from a computer on the local network.

 

[Billy06]

Yes, I was trying today from a computer on my home network. I asked a friend to try to connect from his xp machine. He gets error 721. So locally I can connect, but people outside by network can't. I can double check tomorrow from school, but I don't think it will work. And yes, I did add port 500.

 

[RebateMonger]

Error 721 means that GRE (Protocol 47) is not passing through the router. The three requirements for allowing inbound PPTP connections are:

1) Allowing inbound GRE to pass through the router

2) Forwarding TCP Port 1723 to the computer that's offering the VPN service

3) Opening TCP Port 1723 on the firewall on that computer

As noted, some SOHO routers won't permit inbound GRE. It can vary from one firmware version to the next with the same router model.

Port 500 is a L2TP VPN thing and has nothing to do with a PPTP VPN.

 

[Billy06]

I replaced the router with a linksys E1000. I had my friend test it and it works now. Sounds like even though dlink says it had passthrough, it was a POS. I want to thank everyone that posted and helped me out. Problem solved.

 

[RebateMonger]

I replaced the router with a linksys E1000. I had my friend test it and it works now. Sounds like even though dlink says it had passthrough, it was a POS. I want to thank everyone that posted and helped me out. Problem solved.

It can be a crapshot with home routers whether they can do VPN passthrough. Actually, the definition of "VPN Passthrough" on some home routers is OUTBOUND passthrough (being able to log onto a VPN at your office from your home).

 

[Emulex]

define home router 🙂 mine is a dual-wan they can be very expensive if you buy the china junk with a name brand attached to them. which is why most of them terminate VPN rather than pass through.