G
Guest
I have Googled this problem to death, and found no solution. I turn to this
thread for help.
My set-up: XP Pro computer on home LAN, connected as follows:
My computer
!
D-Link DI-604 Router/Internet Gateway
!
ADSL modem
!
Internet
A time ago I used the XP Pro VPN client to set up a PPTP VPN connection to
my "Employer's server". Therefore, my Network Connections window shows
"Internet Connection", "Local Area Connection" and "Virtual Private Network,
Employer's server".
By enabling the "VPN Pass-Thru, PPTP" option on my DI-604 router, I have
succesfully VPN'ed to my "Employer's server".
The problem started when I installed XP SP2. With the Windows Firewall "on",
I cannot make the VPN connection.
If I turn the Windows Firewall "off", the VPN connection can be successfully
completed.
Using the Windows Firewall activity log (pfirewall.log), I logged three
separate attempts to make the VPN connection while the Windows Firewall was
"on". Each attempt stalled and ultimately failed as follows:
date time action protocol src-ip dst-ip src-port dst-port size tcpflags
tcpsyn tcpack tcpwin icmptype icmpcode info path
26/5/05 10:47:38 OPEN TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - - - -
26/5/05 10:47:40 DROP TCP 222.333.444.555 192.168.0.101 1723 2506 72 AP
4148137482 1112083982 17356 - - - RECEIVE
26/5/05 10:49:40 CLOSE TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - -
26/5/05 12:15:01 OPEN TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - - - -
26/5/05 12:15:03 DROP TCP 222.333.444.555 192.168.0.101 1723 1861 72 AP
2982775699 1704473147 17356 - - - RECEIVE
26/5/05 12:17:03 CLOSE TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - -
26/5/05 12:20:11 OPEN TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - - - -
26/5/05 12:20:13 DROP TCP 222.333.444.555 192.168.0.101 1723 2181 72 AP
944672026 916574642 17356 - - - RECEIVE
26/5/05 12:22:13 CLOSE TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - -
In each instance I got "Error 800: Unable to establish the VPN connection".
Note that my DI-604 router uses NAT filtering; my computer's DHCP-assigned
LAN address is 192.168.0.101; my Employer's server is at 222.333.444.555
(fictitious).
Note also that the "local" source/destination port is different in each
instance (2506, then 1861, then 2181). As best I can tell, the DI-604
continuously cycles thru ports, opening and closing them. When the VPN
connection is initiated, whichever port is next in the "cycle" is the one
selected for the VPN connection. I hope I am right/this makes sense.
Anyhow, the question is: How can I successfully complete my VPN connection
while the Windows Firewall in "on"?
Thank you in advance for your helpful answers.
thread for help.
My set-up: XP Pro computer on home LAN, connected as follows:
My computer
!
D-Link DI-604 Router/Internet Gateway
!
ADSL modem
!
Internet
A time ago I used the XP Pro VPN client to set up a PPTP VPN connection to
my "Employer's server". Therefore, my Network Connections window shows
"Internet Connection", "Local Area Connection" and "Virtual Private Network,
Employer's server".
By enabling the "VPN Pass-Thru, PPTP" option on my DI-604 router, I have
succesfully VPN'ed to my "Employer's server".
The problem started when I installed XP SP2. With the Windows Firewall "on",
I cannot make the VPN connection.
If I turn the Windows Firewall "off", the VPN connection can be successfully
completed.
Using the Windows Firewall activity log (pfirewall.log), I logged three
separate attempts to make the VPN connection while the Windows Firewall was
"on". Each attempt stalled and ultimately failed as follows:
date time action protocol src-ip dst-ip src-port dst-port size tcpflags
tcpsyn tcpack tcpwin icmptype icmpcode info path
26/5/05 10:47:38 OPEN TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - - - -
26/5/05 10:47:40 DROP TCP 222.333.444.555 192.168.0.101 1723 2506 72 AP
4148137482 1112083982 17356 - - - RECEIVE
26/5/05 10:49:40 CLOSE TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - -
26/5/05 12:15:01 OPEN TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - - - -
26/5/05 12:15:03 DROP TCP 222.333.444.555 192.168.0.101 1723 1861 72 AP
2982775699 1704473147 17356 - - - RECEIVE
26/5/05 12:17:03 CLOSE TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - -
26/5/05 12:20:11 OPEN TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - - - -
26/5/05 12:20:13 DROP TCP 222.333.444.555 192.168.0.101 1723 2181 72 AP
944672026 916574642 17356 - - - RECEIVE
26/5/05 12:22:13 CLOSE TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - -
In each instance I got "Error 800: Unable to establish the VPN connection".
Note that my DI-604 router uses NAT filtering; my computer's DHCP-assigned
LAN address is 192.168.0.101; my Employer's server is at 222.333.444.555
(fictitious).
Note also that the "local" source/destination port is different in each
instance (2506, then 1861, then 2181). As best I can tell, the DI-604
continuously cycles thru ports, opening and closing them. When the VPN
connection is initiated, whichever port is next in the "cycle" is the one
selected for the VPN connection. I hope I am right/this makes sense.
Anyhow, the question is: How can I successfully complete my VPN connection
while the Windows Firewall in "on"?
Thank you in advance for your helpful answers.