8

While trying to connect with the Windows VPN client, the client hangs at the "Verifying user name and password..." message for about 10 seconds, and then I get the following error message:

Error 619: A connection to the remote computer could not be established, so the port used for this connection was closed.

I can connect successfully using Windows 7 Professional 64-bit, but not with Windows 7 Home Premium 64-bit. Both machines are off the network I'm trying to VPN into and are on the same network. Windows Firewall is disabled on both machines. No antivirus on either machine, clean Windows installs.

I'm using Windows VPN client with the following settings:

  • Options tab: Unchecked "Include Windows logon domain"
  • Security tab: "Type of VPN" set to PPTP, "Data encryption" set to Optional, CHAP and MS-CHAP v2 checked
  • Networking tab: IPv6 disabled, use remote gateway disabled
  • Network IP(DHCP)/Subnet: 192.168.10.x 255.255.255.252

The server:

  • pptpd linux package running on Raspbian Wheezy OS
  • Network IP(Static)/Subnet: 192.168.1.x 255.255.255.0

pptpd.conf:

logwtmp

localip 192.168.1.161

remoteip 192.168.1.234-238,192.168.1.245

The router is a Linksys WRT160N v3 running DD WRT firmware with GRE 47 enabled and port 1723 forwarded correctly to the server.

What could be the problem and how can I fix it?

EDIT(NEW FINDINGS): When DMZ is enabled, the Windows Home machine can connect to the VPN, when disabled it can't. However, the Windows Professional machine can connect in both scenarios. What's even more frustrating is that even if I forward all ports(1-65535) to the server, the Home machine won't connect. The DMZ must do something that the Home Edition can't live without.

Community
  • 1
James
  • 131
  • 1
  • 1
  • 9
  • I'm still sad-facing over this one, anyone have any ideas? Also, thanks for the edit Indrek. – James Dec 28 '12 at 14:25
  • Do you have anything useful in the Event Viewer? – harrymc Jan 01 '13 at 11:29
  • (1) On Raspbian, check syslog or messages for difference when the two client connect. (2) Are both Windows running as standalone machines or inside a VM(VMware, VirtualBox, etc). – John Siu Jan 01 '13 at 22:58
  • @harrymc Nothing showing up out of the ordinary in the Event Viewer – James Jan 02 '13 at 02:41
  • @John Both Windows machines are standalone machines and are not VMs. Here's the messages in syslog from using the Windows Home Edition PPTP Client: pppd 2.4.5 started by root, uid 0; Using interface ppp0; COnnect: ppp0 <--> /dev/pts/1; Hangup (SIGHUP); Modem hangup; Connection terminated.; Exit.; – James Jan 02 '13 at 02:47
  • @James With the `Home` box (1) Connect to another pptp server for testing purpose. (2) Delete the current vpn entry and create a new one. – John Siu Jan 02 '13 at 02:53
  • @John I don't know of any other pptp servers that I could use for testing purposes. – James Jan 02 '13 at 03:24
  • @James are you testing the two at the same time or disconnecting one then try the other one? You may have setup a single ip only. Post your pptp server config. – John Siu Jan 02 '13 at 03:25
  • @John I updated the question with the 3 entries in the pptpd.conf file. Also, I'm disconnecting one before trying the other, no simultaneous connections being attempted. – James Jan 02 '13 at 03:46
  • @James ok, it may sound ridiculous, but do the following (1) restart pptp services on Raspbian. (2) Restart your WRT160N. If you have another router in between `Home` and the internet, restart that too. (3) WITHOUT testing with the `Professional`, try `Home` pptp connection. That means, after all the restarting, use `Home` to make the 1st pptp connection. – John Siu Jan 02 '13 at 04:05
  • @John I did as requested and have the same results, error 619 and same messages appearing in the syslog on the server. – James Jan 02 '13 at 04:10
  • @James On your `Home` box, open notepad and type the vpn password there, see if it is showing up as it should be. Open the VPN connection dialog, re-type the password. NO COPY and PASTE. Check username, it is case sensitive. – John Siu Jan 02 '13 at 04:13
  • @John I have typed it in notepad and it appears as it should. When typing username and password in manually the results are the same. Everything is lowercased in the chaps secrets file and on my client connection so there shouldn't be any typo issues there. – James Jan 02 '13 at 04:16
  • @James reboot `Raspbian`, not sure if you willing to do that. Have you try create a new pptp connection on `Home`(connect to Raspbian)? – John Siu Jan 02 '13 at 04:22
  • @John I rebooted the server and setup a brand new connection on the Home machine and end up with the same results. – James Jan 02 '13 at 04:28
  • @James Last thing I can think for tonight, apply all Windows patches for `Home`? – John Siu Jan 02 '13 at 04:31
  • @John Windows is already up to date on everything. Thanks a lot for the help tonight, it's been definitely appreciated. – James Jan 02 '13 at 04:49
  • @James No problem, too bad no progress. This is just dam strange. – John Siu Jan 02 '13 at 04:50
  • Simple question: Are vpn settings and adapter settings identical on both the Windows 7 Pro and Home ? Does the problem happen when the Home computer is the only one connecting to the vpn server? – harrymc Jan 02 '13 at 07:09
  • @harrymc Yes, settings are identical on both machines and the Home computer is the only one connecting to the vpn server, no simultaneous connections. – James Jan 02 '13 at 07:18
  • I suppose that the router gives both computers the same IP address every time. Another test is to statically give the Home computer the address that is usually attributed to the Pro. – harrymc Jan 02 '13 at 09:05
  • @harrymc I've tried statically assigning the IP the Pro machine had to the Home machine and giving the Pro machine a different IP and the error still occurs on the Home machine. – James Jan 03 '13 at 00:55

5 Answers5

5

I've finally found the holy grail:

http://www.jcsilva.com/2011/01/09/issues-with-dd-wrt-gre-forwarding-pptp/

This page says the following:

Issues With DD-WRT GRE Forwarding PPTP

A quick fix for DD-WRT not forwarding GRE PPTP packets.

Add the following commands to the startup commands (Administration->Commands):

/sbin/insmod xt_connmark
/sbin/insmod xt_mark
/sbin/insmod nf_conntrack_proto_gre
/sbin/insmod nf_conntrack_pptp
/sbin/insmod nf_nat_proto_gre
/sbin/insmod nf_nat_pptp

As a side note, I'm not sure why the Professional machine was able to connect correctly and at this point I don't really care now that I have a real solution that isn't enabling the DMZ.

James
  • 131
  • 1
  • 1
  • 9
  • Perhaps a silly question: how do I access the startup commands? Specifically, where do I find the *Administration* panel? – clabacchio Apr 11 '14 at 17:44
  • The web interface of your DD-WRT installation. – James Apr 15 '14 at 19:13
  • Yeah sorry, I realized afterwards that it was referring to DD-WRT and not Windows. Perhaps because I was biased: I have the same problem but can't access the router settings (it's not mine). – clabacchio Apr 15 '14 at 19:26
0

For me solution was to go to regedit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\Parameters\ and delete ProhibitIpSec parameter, then reboot the PC (changes apply only after reboot!), then try connect to VPN again.

Kyo
  • 91
  • 1
  • 7
0

Check pptpd options

In /etc/ppp/pptpd-options, check for following options

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
#ms-dns <dns server ip>

Turn on debug on Raspbian

In /etc/pptpd.conf, add or un-comment

debug

In /etc/ppp/options, add or un-comment

debug

Restart pptpd.

Connect VPN with Win 7 Pro, then disconnect. Then connect VPN with Win 7 Home, wait for error. Compare the /var/log/syslog entries of the two connections.

John Siu
  • 5,387
  • 2
  • 20
  • 23
  • Try remove `require-mppe-128` in `/etc/ppp/pptpd-options` for testing purpose. – John Siu Jan 03 '13 at 07:05
  • Found something rather bazaar. I pointed my DMZ at the Pi server and now I can connect to the VPN using the Home machine. That is very strange since the Prof machine can connect to it just fine without the DMZ being enabled. But this is progress, hopefully this info can help finding the root cause. – James Jan 04 '13 at 00:18
  • Thanks a lot for the assistance John, as my bounty is for not enough attention, I am giving it to you for your efforts in helping with the problem. Posted the solution for this giant headache. :) – James Jan 04 '13 at 01:11
  • OMG, thank you! And I completely didn't think it was the dd-wrt as we restarted it. We just learn something new everyday. – John Siu Jan 04 '13 at 01:45
  • Yeah, this was definitely a crazy one. I'm sure this question will save hours of time for someone later on down the road, heheh. – James Jan 04 '13 at 02:43
0

There are a lot of network related features missing in Home Premium that are available in Professional and Ultimate versions. Features like joining a domain, VPN, RDP and some support for secure protocols are all missing in Home Premium. This could be the reason why you can connect with Professional and not with Home Premium.

Start from this link and you'll see what I mean. A quick search will show you the list of features missing in Home Premium as compared to Professional

http://windows.microsoft.com/en-US/Windows7/products/compare?T1=tab15

Freckles
  • 23
  • 1
  • 1
  • 5
  • Do you know what lack of feature would cause Home to work when the DMZ is enabled, but not work when it isn't? Mind you, the Professional works in both scenarios. – James Jan 04 '13 at 00:23
  • Based on your new findings, I'm now confident it's something to do with missing features in Home. I wouldn't know which one for sure, though. However, on a broader picture, it's definitely some networking function. Kudos for finding a work around. I guess it's not worth looking any further now that you got it working. – Freckles Jan 04 '13 at 04:07
0

Just in case someone gets Error 619 and accepted solution doesn't work - especially when given VPN connection worked in the past: sometimes Skype uses required ports and must be shut down / restarted

Mr. Girgitt
  • 151
  • 1
  • 6