Wednesday, 5 February 2014

PPTP VPN Error 806 in Win 7

VPN Error 806

A connection between your computer and the VPN server has been established but the VPN connection cannot be completed.

Error Code 806  - The most common cause for this failure is that at least one Internet device (for example, a firewall or router) between your computer and the VPN server is not configured to allow Generic Routing Encapsulation (GRE) protocol packets. If the problem persists, contact your network administrator or Internet Service Provider.

This error indicates a router firewall is preventing some VPN protocol traffic between client and server. Most commonly, it is TCP port 1723 that is at issue and must be opened by the appropriate network administrator.
If your VPN uses PPTP, you may try the following steps as your read on.

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks (vpn). PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. PPTP is considered cryptographically broken and its use is no longer recommended by Microsoft.

Initial Troubleshooting Steps

1.    Test  if you can VPN using mobile broadband dongle or smartphone tethering.

2.    Test if you can VPN using your internet router (using LAN cable / wifi)

If you can VPN using mobile broadband dongle or smartphone tethering but cannot VPN using internet router, the steps below might help.

Configure Firewall to accept connections to open TCP Port 1723

How to open TCP Port 1723

1.    Go to Control Panel > Windows Firewall.

2.    Click on “Advanced Settings” in the left menu.

3.    Now click on “Inbound Rules”. Next click on the “Actions” menu and then click on “New Rule…”

 4.    A Wizard will open. In the first step, select the “Port” option and click on Next.

5.    Select “TCP”. In the “Specific remote ports” space, enter “1723” and click on Next.

6.    Now select “Allow the connection” and click Next, again.

 7.    Apply the rule to everyone.

8.    In the Name and Description fields, enter anything you want and click on “Finish”

 Configure Firewall to accept connections to open IP Protocol 47 (GRE)

How to open IP Protocol 47

Set up a firewall rule with 'Windows Firewall with Advanced Security'

Control Panel > Administrative Tools > Windows Firewall with Advanced

Click on 'Inbound Rules' on left pane

Then right-click on 'Inbound Rules' > New Rule.. > Custom > ...

On the 'Protocols and ports' screen, choose 'GRE' in the 'Protocol type' dropdown box.....

Configure Windows Firewall to Automatic

1.    Start > Search ‘services.msc’

2.    Look for Windows Firewall > set to ‘Automatic’

 Configure Router to allow PPTP

To Enable PPTP and Generic Route Encapsulation (GRE) on the router, or enable PPTP, or create a port forward to port 1723. If your router has an additional setting for PPTP or VPN, make sure it’s enabled. After doing this, your computer will be ready to receive the VPN connection.

Notes: Different internet router model has different ways to enable PPTP. You may enquire your Internet Service Provider (ISP) or google for more information on how to enable PPTP on your router. Some model might also need to configure the router Firewall settings in order to work.