TCP Error 733

[James Goodman]

I have a somewhat mystifying problem trying to establish a VPN connection
between two WinXP machines.

Both machines are running SP2 & are behind routers.
The router (NetGear DG834G) infront of the Incoming PC is set to forward TCP
Port 1723 to the XP machine.

I setup the connection with both machines on the same LAN. I could establish
the VPN without error.

I then moved the incoming machine to its remote location.

I changed only the host name for my outgoing VPN connection.

When I attempt to connect it succeeds, but at the 'registering your
computer' stage it fails quoting error 733.

I have tried the following steps, but the error remains:
Disabling the XP firewalls on both machines.
Forwarding all ports through the router to the XP machine (both with &
without the firewall enabled).
Manually specifying the ip address (from my outgoing connection).

I have a suspicion the netgear router is somehow interfering with the
connection, but I am unsure how.

Any further suggestions?

 

[Sooner Al]

PPTP VPN also requires that GRE Protocol 47 traffic be enabled through the router. The Windows
Firewall automagically does that when TCP Port 1723 is opened.

Some manufacturers call that "PPTP Pass Through" or "VPN Pass Through" or something similar. Check
with the technical support web pages for your router or users manual for possible help. Note that
this can also be a firmware issue on the router. In my experience, with a Linksys BEFSR41 (works
with certain firmware versions) and a Buffalo WBR-G54 (never works with any firmware version), some
firmware revisions work while some do not... Its kind of a crap shoot with these consumer grade
devices...

You might also look at this page for a test procedure that may tell you something...Look at the "VPN
Traffic" section...

http://www.microsoft.com/technet/community/columns/cableguy/default.mspx#EBAA

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

 

[James Goodman]

Sorted now (kind of) & it is the router. If I configure the incoming VPN to
use DHCP to assign ip addresses it fails. If I assign addresses from the XP
box it works.

No name resolution though. I can ping via ip addresses, but not via names.
Any idea on how I can get that to work without installing a DNS server at
the remote location?

 

[Robin Walker [MVP]]

I have a somewhat mystifying problem trying to establish a VPN
connection between two WinXP machines.

Both machines are running SP2 & are behind routers.

If you are creating VPNs between PCs on two LANs behind NAT routers, then
you must ensure that the two LANs use different sub-nets. For instance,
they cannot both use 192.168.yyy.xxx if yyy is the same at both ends.

 

[Leythos]

I have a somewhat mystifying problem trying to establish a VPN connection
between two WinXP machines.

Both machines are running SP2 & are behind routers.
The router (NetGear DG834G) infront of the Incoming PC is set to forward TCP
Port 1723 to the XP machine.

I setup the connection with both machines on the same LAN. I could establish
the VPN without error.

I then moved the incoming machine to its remote location.

I changed only the host name for my outgoing VPN connection.

When I attempt to connect it succeeds, but at the 'registering your
computer' stage it fails quoting error 733.

Some routers do not properly pass GRE (prot 47) and require a rule
allowing it - the Linksys units have a very nice FAQ on their site for
setting up PPTP INBOUND connections. In short, in addition to passing
1723 you must also create a rule for TCP 47, I know it's not a PORT,
but, for some reason, depending on the firmware, you actually have to
PORT FORWARD TCP/47 to the computer.

You also want to make sure that both sides are in DIFFERENT networks,
you can not use 192.168.0.1/24 on both sides.

 

[Sooner Al]

Sorted now (kind of) & it is the router. If I configure the incoming VPN to use DHCP to
assign ip addresses it fails. If I assign addresses from the XP box it works.

No name resolution though. I can ping via ip addresses, but not via names. Any idea on
how I can get that to work without installing a DNS server at the remote location?
James Goodman

PPTP VPN also requires that GRE Protocol 47 traffic be enabled through the router. The
Windows Firewall automagically does that when TCP Port
1723 is opened.
Some manufacturers call that "PPTP Pass Through" or "VPN Pass Through" or something
similar. Check with the technical support web pages for your router or users manual
for possible help. Note that this can also be a firmware issue on the router. In my
experience, with a Linksys BEFSR41 (works with certain firmware versions) and a
Buffalo WBR-G54 (never works with any firmware version), some firmware revisions work
while some do not... Its kind of a crap shoot with these consumer grade devices...
You might also look at this page for a test procedure that may tell you something...
Look at the "VPN Traffic" section...
http://www.microsoft.com/technet/ community/columns/cableguy/default. mspx#EBAA
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of
all of us...
The MS-MVP Program - http://mvp. support.microsoft.com This posting is provided "AS
IS" with no warranties, and confers no rights...
"James Goodman" <jamesATnorton- associates.co.ukREMOVE> wrote in message O$cDSHw$EHA.
(e-mail address removed)...

Try a hosts file on the client PC that maps the local IP addresses of the PC's at the
remote location.