Authentication timeout

[Daniel Tan]

When my clients(Win2000 prof) tried to connect to my VPN server
(workgroup), they will be disconnected with the error saying "The
specified port is not connected" right after verifying password and
user name. I've checked through my event log in the server , it said
"The user connected to port vpn 1 has been disconnected due to an
authentication timeout". Any ideas what wrong ? Thanks

Regards
Daniel

 

[Steven L Umbach]

I don't know exact problem but this may help. Configure the properties of
the VPN client connectoid, assuming you are using the built in one, to use
pptp as the network server type instead of auto as auto will always try l2tp
first. Also verify that your firewall/ NAT router allows protocol 47/GRE
that may also be called pptp pass through. --- Steve

 

[Daniel Tan]

Steven, i have specify pptp as the server in the client. My router has
been enable pptp traffic. Anyway do you have any article abt how to
setup pptp server and client using nt4 or win2000 ?

Regards
Daniel

 

[Steven L Umbach]

The link below may help. Enabling pptp on a router is a two part process -
port 1723 TCP and protocol 47/GRE must both be allowed. Also the router will
need to port forward port 1723 TCP to the internal IP address of the VPN
server if it is not directly connected to the internet via a network adapter
with a public IP. -- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308208

 

[Daniel Tan]

Steven thanks for your help. Do you have this for Windows NT 4 server also ?

Regards
Daniel

 

[Daniel Tan]

Steven,is port 1723 same as protocol 47/GRE? My server can received
the request but its the authentication problem takes too long.

Regards
Daniel

 

[Steven L Umbach]

That is a lot harder to find. I did find the link below which may help. ---
Steve

http://www.wown.com/j_helmig/ntsrv.htm

 

[Steven L Umbach]

No they are separate. You need to allow for the port and for the protocol 47
GRE which often is called pptp pass through. If I remember correctly, there
is no special configuration to allow either on the Remote Access server, but
the firewall/NAT router is usually where the problems occur assuming the VPN
client can get a tcp/ip address from the VPN server either through DHCP or
static pool that sometimes works better. Sometimes it can help if you search
Google for the error code you get, if any. --- Steve

 

[Daniel Tan]

Steven, so i should allow protocol 47 go througt my router ? What is
this protocol for ?

Regards
Daniel

 

[Steven L Umbach]

Yes, protocol 47 is GRE, or sometimes called pptp passthrough, and is
necessary for pptp. Some routers have it enabled already and do not list it
as an option. Since you are having problems, it might also be helpful to
check the logs of your NAT router to see if any dropped packets are reported
from the IP addresses of VPN clients trying to connect which may be helpful
info. Often the router manufactures have helpful information such as a FAQ
on their websites for configuration problems. -- Steve