none
806 Error When When Using VPN

    Question

  • Hi,

    I have a user getting the classic 806 error regarding not allowing GRE. I have many other users able to connect just fine

    I disabled Norton firewall on his pc. I have also asked him to connect direrectly to his cable modem (he is wireless) and to try from a different location.

    While I wait for this to happen, I wonder if someone here can take a look at the diagnostic log I created and spot the point on the network where gre is being blocked. Its rather verbose so I won't copy and paste xcept what I think is useful. Let me know what more is needed. See below

    thanks

    Dean

    netstat.exe -o [

    Table Of Contents ]

    Active Connections
    
     Proto Local Address     Foreign Address    State      PID
     TCP  127.0.0.1:6039     Andey-PC:62667     ESTABLISHED   10196
     TCP  127.0.0.1:19872    Andey-PC:49263     ESTABLISHED   4420
     TCP  127.0.0.1:27015    Andey-PC:49266     ESTABLISHED   1600
     TCP  127.0.0.1:49263    Andey-PC:19872     ESTABLISHED   4420
     TCP  127.0.0.1:49266    Andey-PC:27015     ESTABLISHED   4700
     TCP  127.0.0.1:62652    Andey-PC:62653     ESTABLISHED   10196
     TCP  127.0.0.1:62653    Andey-PC:62652     ESTABLISHED   10196
     TCP  127.0.0.1:62665    Andey-PC:62666     ESTABLISHED   3432
     TCP  127.0.0.1:62666    Andey-PC:62665     ESTABLISHED   3432
     TCP  127.0.0.1:62667    Andey-PC:6039     ESTABLISHED   3432
     TCP  192.168.0.4:59405   sjc-not7:http     ESTABLISHED   4420
     TCP  192.168.0.4:62353   v-client-1a:https   CLOSE_WAIT   4420
     TCP  192.168.0.4:62354   ec2-50-19-116-109:https CLOSE_WAIT   4420
     TCP  192.168.0.4:62355   v-client-1a:https   CLOSE_WAIT   4420
     TCP  192.168.0.4:62731   host10:5938      ESTABLISHED   10196
    
    

    netstat.exe -n [

    Table Of Contents ]

    Active Connections
    
     Proto Local Address     Foreign Address    State
     TCP  127.0.0.1:6039     127.0.0.1:62667    ESTABLISHED
     TCP  127.0.0.1:19872    127.0.0.1:49263    ESTABLISHED
     TCP  127.0.0.1:27015    127.0.0.1:49266    ESTABLISHED
     TCP  127.0.0.1:49263    127.0.0.1:19872    ESTABLISHED
     TCP  127.0.0.1:49266    127.0.0.1:27015    ESTABLISHED
     TCP  127.0.0.1:62652    127.0.0.1:62653    ESTABLISHED
     TCP  127.0.0.1:62653    127.0.0.1:62652    ESTABLISHED
     TCP  127.0.0.1:62665    127.0.0.1:62666    ESTABLISHED
     TCP  127.0.0.1:62666    127.0.0.1:62665    ESTABLISHED
     TCP  127.0.0.1:62667    127.0.0.1:6039     ESTABLISHED
     TCP  192.168.0.4:59405   199.47.216.148:80   ESTABLISHED
     TCP  192.168.0.4:62353   199.47.216.172:443   CLOSE_WAIT
     TCP  192.168.0.4:62354   50.19.116.109:443   CLOSE_WAIT
     TCP  192.168.0.4:62355   199.47.216.172:443   CLOSE_WAIT
     TCP  192.168.0.4:62731   65.241.31.10:5938   ESTABLISHED
    

    Friday, August 26, 2011 10:26 PM

All replies

  • Hi,

     

    Try the steps below :

    ______________________________

    Error 806:  a connection between your computer and the VPN server has been established but the VPN connection cannot be completed.  The most common cause for this is that there is at least one internet device between your computer and the 
    VPN server is not configured to allow GRE protocol packets Verify that protocol 47 GRE is allowed on all personal firewall devices or routers.  if the problem persists, contact your administrator.

    Resolutions: 
    1) if you have a router/firewall, make sure you open TCP Port 1723, IP Protocol 47 (GRE). 
    2) make sure you can reach the VPN server by using ping.  Sometimes, poor connection can cause this issue too.
    3) You may need to updated firmware on a router or firewall.
    4) The VPN server may not be able to get IP from DHCP for the VPN client. So, you may want to re-configure VPN host networking settings. For XP pro VPN host, go to the Properties of the VPN>Network, check Specify TCP/IP address and Allow calling computer to specify its own IP address, and uncheck Assign TCP/IP addresses automatically using DHCP.
    5) Make sure other secure software blocks your access, for example, if you use Norton secure software, you may need to add the remote client's IP so that the client can access.
    6) If your VPN running on a Windows RRAS with NAT enabled, you may want to check the NAT settings.

    -> http://www.howtonetworking.com/vpnissues/error806.htm

    ______________________________

     

    Another link for helping you :

    -> http://social.technet.microsoft.com/Forums/en/windowsserver2008r2general/thread/eb299b52-aaff-4ec4-a17a-58c3b5a7405b


    MCITP : Server Administrator | VMware : VTSP 4 / Desktop VTSA 4 | NetApp : DataOntap 7/8 Accreditation

    → Thanks for voting this post as answer if it helps

    • Proposed as answer by Reserwar Sunday, August 28, 2011 7:25 AM
    • Unproposed as answer by Dean - Collabora Wednesday, September 28, 2011 10:26 PM
    Saturday, August 27, 2011 11:12 PM
  • Since all the other users are able to connect via VPN I don't think reconfiguring the vpn server or router is a good place to start.

    I am actually looking for conclusions based on the netstat results

    • Proposed as answer by Espnl Monday, February 18, 2013 1:46 PM
    • Unproposed as answer by Espnl Monday, February 18, 2013 1:46 PM
    Monday, August 29, 2011 3:10 PM
  • I had the same problem at work.

    And the client was connected with Wifi. As soon as i connected with cable, establishing vpn connection worked.

    Monday, February 18, 2013 1:48 PM
  • I asked user to do the same (see OP) but don't recall if he tried it. I have since deployed Logmein Himachi and its cured all my vpn headaches
    • Edited by dean20061 Wednesday, April 03, 2013 7:43 PM
    Wednesday, April 03, 2013 7:41 PM