Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VPN error 806. Hangs on Verifying username and password


  • Please log in to reply
19 replies to this topic

#1 TheyCallMeMrGlass

TheyCallMeMrGlass

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:11 AM

Posted 30 August 2011 - 02:31 AM

I have had a successful setup of using Windows 7 built in VPN. At home (VPN server side), I have my Windows 7 configured to receive incoming connections via PPTP. Port is forwarded this server on my Virginmedia superhub (a Netgear modem/router for my fibre optic BB). On client side, I simply VPN connect to my home network and it worked like a breeze for 3 months. Suddenly anywhere I am and on any PC, I cannot seem to log on to my home network via VPN anymore.

The VPN client is definitely connecting as it reaches the stage of verifying username and password, then it hangs and finally gives the error 806 which is of this description:

http://www.howtonetworking.com/vpnissues/error806.htm

I tried most trouble shooting areas including setting up the server Vpn on another PC, switching off all firewalls etc. I even rolled back the VPN server to an old restore point. It seems according to the error, internet protocol 47 GRE is being blocked somewhere. I called my Virgin service provider but they tell me they have not done anything and they wont support any issues I have with VPN. What is this protocol and how can I check if it is being blocked?

What is my next troubleshooting step as I am now stumped. In the meantime, what is an easy to implement alternative VPN, I can try? Basically I use VPN when I am in public wifi hotspots to secure browse the internet via my home network.

Thanks
"I saw 3 Dusters like this one, at the station. Inside the dusters were 3 men. Inside the men were 3 bullets"

BC AdBot (Login to Remove)

 


m

#2 Kalon Wiggins

Kalon Wiggins

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portland, OR
  • Local time:07:11 PM

Posted 01 September 2011 - 12:08 AM

VPN errors are hard to diagnose most of the time because they are more complicated than normal. Usually GRE errors are isp issues, either with your service, or with your router. Also make sure that you have a static IP for vpn'ing. Wish I could help more.

#3 dirtdog900

dirtdog900

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 AM

Posted 01 September 2011 - 05:57 AM

When you say the port is forwarded on your router, is that a list of rules/ports you have created yourself or a 'built-in' PPTP option on the router?

You may also be able to create a custom rule to allow GRE through as well.

#4 TheyCallMeMrGlass

TheyCallMeMrGlass
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:11 AM

Posted 01 September 2011 - 06:21 AM

When you say the port is forwarded on your router, is that a list of rules/ports you have created yourself or a 'built-in' PPTP option on the router?

You may also be able to create a custom rule to allow GRE through as well.


Well I just add one custom rule: Name, start port=1723, end port=1723, type=tcp, local address=192.168.0.50 (my vpn server)

I dont see any options for me to add a "allow GRE" rule, what do I look for? Only the following services are available for toggling:

Firewall Features Enabled
Ipsec PassThrough Enabled
PPTP PassThrough Enabled
Multicast Enabled
Port Scan Detection DISABLED
IP Flood Detection Enabled

I would change the router but unfortunately this Virgin 50mb optical fibre broadband can only use their own combined router/modem to work with it. I cannot replace it with any other off the shelf modem/router. At least that is what I understand. Perhaps, somehow I could just use it as a modem and connect up a router but I am not sure how I can do this.
"I saw 3 Dusters like this one, at the station. Inside the dusters were 3 men. Inside the men were 3 bullets"

#5 TheyCallMeMrGlass

TheyCallMeMrGlass
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:11 AM

Posted 01 September 2011 - 06:24 AM

VPN errors are hard to diagnose most of the time because they are more complicated than normal. Usually GRE errors are isp issues, either with your service, or with your router. Also make sure that you have a static IP for vpn'ing. Wish I could help more.


Hi, I can only have dynamic IP addressing but I use dyndns.com dns naming service to follow my IP changes. Having said that, the public IP address is fixed for a period of several months anyway and hasnt changed yet.
"I saw 3 Dusters like this one, at the station. Inside the dusters were 3 men. Inside the men were 3 bullets"

#6 dirtdog900

dirtdog900

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 AM

Posted 01 September 2011 - 06:30 AM

You may need to add another custom rule for IP Port 47 (GRE) and point that through to the same box used for PPTP.

I used to have a Virgin line, with their supplied cable modem, but you could always swap the router for one of your own. I don't know if they have locked that down somehow (maybe the 50mb service is different) or it's just the usual Virgin response that they don't support you with your own router.

If that doesn't work, does the router/firewall have a DMZ option anywhere? That would probably get around the problem but then you need to make sure you firewall the PC locally as this would likely be exposed to all traffic. Might not be an option if you port forward any other traffic (to a different box etc) though?

Edited by dirtdog900, 01 September 2011 - 06:31 AM.


#7 TheyCallMeMrGlass

TheyCallMeMrGlass
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:11 AM

Posted 01 September 2011 - 08:12 AM

You may need to add another custom rule for IP Port 47 (GRE) and point that through to the same box used for PPTP.

I used to have a Virgin line, with their supplied cable modem, but you could always swap the router for one of your own. I don't know if they have locked that down somehow (maybe the 50mb service is different) or it's just the usual Virgin response that they don't support you with your own router.

If that doesn't work, does the router/firewall have a DMZ option anywhere? That would probably get around the problem but then you need to make sure you firewall the PC locally as this would likely be exposed to all traffic. Might not be an option if you port forward any other traffic (to a different box etc) though?


OK, I have added the rule for port 47 and pointed it to the same server. The 50mb service is different and currently there is no standalone modem for it as yet. Stuck with this superhub they are forcing on us. But as you say Virgin support maybe holding back on information.

I tried the VPN again but still doesnt accept the connection. There is a DMZ Host confiuration. The parameters available are:

Respond to Ping on WAN Port (Yes/No)
DMZ Address 192.168.0 . XXX

MTU Size (256-1500 octets, 0 = use default)

How shall I configure this? I do not forward any other ports to anyhere else, its just the PPTP and now GRE to the VPN server pc.

Edited by TheyCallMeMrGlass, 01 September 2011 - 08:13 AM.

"I saw 3 Dusters like this one, at the station. Inside the dusters were 3 men. Inside the men were 3 bullets"

#8 dirtdog900

dirtdog900

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 AM

Posted 01 September 2011 - 08:24 AM

Basically the DMZ host would be exposed to the internet (bypassing your router firewall). The DMZ address would be the IP address of your box accepting the PPTP traffic, 192.168.0.x.

That means you would need to enable a firewall on this box (win 7 firewall maybe?) and then allow PPTP through that instead. You must enable some kind of firewall as this box will be exposed directly on the internet, bypassing all your firewall features from the virgin router. The windows firewall is pretty easy to configure, do you know where to allow rules/services etc?

#9 TheyCallMeMrGlass

TheyCallMeMrGlass
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:11 AM

Posted 01 September 2011 - 08:42 AM

OK so basically I set the DMZ to 192.162.0.51 which is the box I have my VPN host on and delete the forwarding ports on the router, right? Win 7 firewall is enabled on this. i never created rules on this before but I am having a look around on it...

So do I created 2 rules for inbound? One for GRE port 47 and one for PPTP port 1723, both set to allow?

Edited by TheyCallMeMrGlass, 01 September 2011 - 08:43 AM.

"I saw 3 Dusters like this one, at the station. Inside the dusters were 3 men. Inside the men were 3 bullets"

#10 dirtdog900

dirtdog900

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 AM

Posted 01 September 2011 - 08:50 AM

Yep, that's basically it. You might find the 2 rules are predefined in there somewhere, maybe under Routing & Remoting Access (RRAS) I think they show up as PPTP-In & GRE-In. If it only lists RRAS then just try that.

#11 TheyCallMeMrGlass

TheyCallMeMrGlass
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:11 AM

Posted 01 September 2011 - 09:10 AM

OK have now set up the rule (you were right, PPTP-In and Gre-In were housed under RRAS).

I now get an error

ERROR 807: The network connection between your computer and the VPN server was interrupted. This can be caused by a problem in the VPN transmission and is commonly the result of internet latency or simply that your VPN server has reached capacity.

Its not reaching as far as the verifying username and password. I have the MTU set at 1500 which seems to be the recommended figure on the DMZ configuration. Anyhting to with this?

Shall I briefly disable the firewall just to see if the VPN will dial in? or is that too risky?
"I saw 3 Dusters like this one, at the station. Inside the dusters were 3 men. Inside the men were 3 bullets"

#12 TheyCallMeMrGlass

TheyCallMeMrGlass
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:11 AM

Posted 01 September 2011 - 09:17 AM

I've been naughty and disabled the firewall briefly anyway! I still get the 807 error message.

I am thinking the GRE is being blocked by the Virgin server, perhaps?

Maybe if I setup a VPN using the L2TP/IPsec instead? Would that be a viable alternative? And if so, where can I find out how to set that up?

Unless you think I should still be able to use PPTP and btw, I very much appreciate your help here.

Edited by TheyCallMeMrGlass, 01 September 2011 - 09:17 AM.

"I saw 3 Dusters like this one, at the station. Inside the dusters were 3 men. Inside the men were 3 bullets"

#13 dirtdog900

dirtdog900

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 AM

Posted 01 September 2011 - 09:31 AM

Possibly something to do with the router still, did you try rebooting both modem & router before?

I would also try an internal PPTP connection from another PC (if you have) to this box, just to rule out anything strange occurring locally there. You could also try recreating the incoming connection, bit of a long shot but you never know. See if any of that brings any different results. If it tests ok inside the network then my guess is the firewall/modem/isp.

I don't think you can create an incoming L2TP connection on Win7 (might be wrong on that).

#14 bjamrok

bjamrok

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:08:11 PM

Posted 01 September 2011 - 09:34 AM

VPN issues are a real hair puller. You should be able to test a PPTP connection from the lan side. So using a laptop or 2nd computer on the lan just attempt to establish the vpn connection to the computer (vpn server) directly using its local IP or NetBios name. If that works, then you know you have a router or ISP issue. If it fails, maybe a software firewall or windows config issue. But I'd start there.
Sincerely,

Brian

"Thanks to all of you who contribute to open source projects and communities!"

http://jamroktech.blogspot.com

#15 TheyCallMeMrGlass

TheyCallMeMrGlass
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:11 AM

Posted 01 September 2011 - 10:22 AM

Right, thanks guys. So I tested dialing VPN on my laptop within the LAN to the VPN host's local LAN address and it connects successfully.

So I guess that narrows the problem down to the router/ISP. I really have a feeling its the ISP as my VPN worked fine for a few months until now the last few days without any changes being made on my VPN server.

When I call my Virgin support and ask them to enable the GRE, they have no idea what I am talking about :(

I think I really need an alternative VPN host solution, any software recommendations? either free or purchase, I dont mind.
"I saw 3 Dusters like this one, at the station. Inside the dusters were 3 men. Inside the men were 3 bullets"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users