• Creator
  • #2272023

    HELP! VPN Connection Problems


    by acarpenter ·

    We are trying to set up a VPN connection with Windows Server 2003. We have a Linksys WRV200 router with our static ip address set to forward ports 1723 and 47 to one of our server’s local IP addresses. The router is connected to a series of switches; the server is also connected to the switch. I have removed all anti-virus on the server and client computers. I have also completely disabled the firewalls. I use the Configure Your Server Wizard to set up the VPN connection. When connecting from a client computer, I receive the following message on the server:

    Warning RasMan 20209

    A connection between the VPN server and the VPN client x.x.x.x has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user’s network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.

    On the client end (XP Pro), I receive error message 721. When using a Vista computer, it gets stuck at “Verifying username and password.” Oh, I have also opened ports 1723 and 47 on the client’s router.

    I have allowed certain profiles in active directory to allow remote access.


All Answers

  • Author
    • #2599777


      by acarpenter ·

      In reply to HELP! VPN Connection Problems


    • #2649905

      GRE is not port 47

      by jcanker ·

      In reply to HELP! VPN Connection Problems

      Actually, the error message on your server tells you exactly what the problem is, but many people read the message too quickly to understand what it really is saying…

      The problem is that you opened port 47 on the firewall/router. GRE is Internet Protocol 47, not a TCP/UDP “service” that runs on port 47. Not all firewalls allow GRE (Read: Protocol 47) to run on the firewall. Opening Port 47 will not make a difference since it’s not a TCP/UDP packet. Check the documentation of your firewall to see how to enable GRE pass-through. Sometimes it’s not able to do it; Sometimes it’s as easy as checking the “Allow VPN pass-thru” box; sometimes it takes some additional fanageling. For instance, we just moved to Smoothwall Express 3.0 ( a freeware linux firewall that’s pretty beefy) and to enable GRE we had to edit the rc.firewall.up file; there wasn’t a way to do it through the interface that the creators intended the admin to use.

    • #2760900


      by barnesg3 ·

      In reply to HELP! VPN Connection Problems

      I have the same issue did you manage to get this resolved?

Viewing 2 reply threads