SP2 Firewall stops VPN connection

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have Googled this problem to death, and found no solution. I turn to this
thread for help.

My set-up: XP Pro computer on home LAN, connected as follows:

My computer
!
D-Link DI-604 Router/Internet Gateway
!
ADSL modem
!
Internet

A time ago I used the XP Pro VPN client to set up a PPTP VPN connection to
my "Employer's server". Therefore, my Network Connections window shows
"Internet Connection", "Local Area Connection" and "Virtual Private Network,
Employer's server".

By enabling the "VPN Pass-Thru, PPTP" option on my DI-604 router, I have
succesfully VPN'ed to my "Employer's server".

The problem started when I installed XP SP2. With the Windows Firewall "on",
I cannot make the VPN connection.

If I turn the Windows Firewall "off", the VPN connection can be successfully
completed.

Using the Windows Firewall activity log (pfirewall.log), I logged three
separate attempts to make the VPN connection while the Windows Firewall was
"on". Each attempt stalled and ultimately failed as follows:

date time action protocol src-ip dst-ip src-port dst-port size tcpflags
tcpsyn tcpack tcpwin icmptype icmpcode info path

26/5/05 10:47:38 OPEN TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - - - -
26/5/05 10:47:40 DROP TCP 222.333.444.555 192.168.0.101 1723 2506 72 AP
4148137482 1112083982 17356 - - - RECEIVE
26/5/05 10:49:40 CLOSE TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - -

26/5/05 12:15:01 OPEN TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - - - -
26/5/05 12:15:03 DROP TCP 222.333.444.555 192.168.0.101 1723 1861 72 AP
2982775699 1704473147 17356 - - - RECEIVE
26/5/05 12:17:03 CLOSE TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - -

26/5/05 12:20:11 OPEN TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - - - -
26/5/05 12:20:13 DROP TCP 222.333.444.555 192.168.0.101 1723 2181 72 AP
944672026 916574642 17356 - - - RECEIVE
26/5/05 12:22:13 CLOSE TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - -

In each instance I got "Error 800: Unable to establish the VPN connection".

Note that my DI-604 router uses NAT filtering; my computer's DHCP-assigned
LAN address is 192.168.0.101; my Employer's server is at 222.333.444.555
(fictitious).

Note also that the "local" source/destination port is different in each
instance (2506, then 1861, then 2181). As best I can tell, the DI-604
continuously cycles thru ports, opening and closing them. When the VPN
connection is initiated, whichever port is next in the "cycle" is the one
selected for the VPN connection. I hope I am right/this makes sense.

Anyhow, the question is: How can I successfully complete my VPN connection
while the Windows Firewall in "on"?

Thank you in advance for your helpful answers.
 
AriNZ,
By the way if the PC is constantly connected to the D-Link router, you don't
need to have XP Firewall program running. There is a firewall built into the
router. But if you want to run Windows firewall, or this is laptop that you
take to work. You may also want to go to D-Link and update the firmware for
the router. It looks like the E version had an upgrade as late as 12/04,
which might help with the SP2 upgrade.

http://d-link.com/products/support.asp?pid=62&pv=17&sec=0

You may need to reset the Windows Firewall after the SP2 upgrade.

Control Panel> Security> Click on Windows Firewall icon, at the bottom of
page> Exceptions tab> Check box for VPN pass through> You may need to add
that program to the exceptions list.

--

Click on Link to Add MS to your News Reader: news://msnews.microsoft.com
Rich/rerat

(RRR News) <message rule>
<<Previous Text Snipped to Save Bandwidth When Appropriate>>



I have Googled this problem to death, and found no solution. I turn to this
thread for help.

My set-up: XP Pro computer on home LAN, connected as follows:

My computer
!
D-Link DI-604 Router/Internet Gateway
!
ADSL modem
!
Internet

A time ago I used the XP Pro VPN client to set up a PPTP VPN connection to
my "Employer's server". Therefore, my Network Connections window shows
"Internet Connection", "Local Area Connection" and "Virtual Private Network,
Employer's server".

By enabling the "VPN Pass-Thru, PPTP" option on my DI-604 router, I have
succesfully VPN'ed to my "Employer's server".

The problem started when I installed XP SP2. With the Windows Firewall "on",
I cannot make the VPN connection.

If I turn the Windows Firewall "off", the VPN connection can be successfully
completed.

Using the Windows Firewall activity log (pfirewall.log), I logged three
separate attempts to make the VPN connection while the Windows Firewall was
"on". Each attempt stalled and ultimately failed as follows:

date time action protocol src-ip dst-ip src-port dst-port size tcpflags
tcpsyn tcpack tcpwin icmptype icmpcode info path

26/5/05 10:47:38 OPEN TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - - - -
26/5/05 10:47:40 DROP TCP 222.333.444.555 192.168.0.101 1723 2506 72 AP
4148137482 1112083982 17356 - - - RECEIVE
26/5/05 10:49:40 CLOSE TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - -

26/5/05 12:15:01 OPEN TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - - - -
26/5/05 12:15:03 DROP TCP 222.333.444.555 192.168.0.101 1723 1861 72 AP
2982775699 1704473147 17356 - - - RECEIVE
26/5/05 12:17:03 CLOSE TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - -

26/5/05 12:20:11 OPEN TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - - - -
26/5/05 12:20:13 DROP TCP 222.333.444.555 192.168.0.101 1723 2181 72 AP
944672026 916574642 17356 - - - RECEIVE
26/5/05 12:22:13 CLOSE TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - -

In each instance I got "Error 800: Unable to establish the VPN connection".

Note that my DI-604 router uses NAT filtering; my computer's DHCP-assigned
LAN address is 192.168.0.101; my Employer's server is at 222.333.444.555
(fictitious).

Note also that the "local" source/destination port is different in each
instance (2506, then 1861, then 2181). As best I can tell, the DI-604
continuously cycles thru ports, opening and closing them. When the VPN
connection is initiated, whichever port is next in the "cycle" is the one
selected for the VPN connection. I hope I am right/this makes sense.

Anyhow, the question is: How can I successfully complete my VPN connection
while the Windows Firewall in "on"?

Thank you in advance for your helpful answers.
 
Back
Top