I have a user getting the classic 806 error regarding not allowing GRE. I have many other users able to connect just fine
I disabled Norton firewall on his pc. I have also asked him to connect direrectly to his cable modem (he is wireless) and to try from a different location.
While I wait for this to happen, I wonder if someone here can take a look at the diagnostic log I created and spot the point on the network where gre is being blocked. Its rather verbose so I won't copy and paste xcept what I think is useful. Let me know what more is needed. See below
netstat.exe -o [
Active Connections Proto Local Address Foreign Address State PID TCP 127.0.0.1:6039 Andey-PC:62667 ESTABLISHED 10196 TCP 127.0.0.1:19872 Andey-PC:49263 ESTABLISHED 4420 TCP 127.0.0.1:27015 Andey-PC:49266 ESTABLISHED 1600 TCP 127.0.0.1:49263 Andey-PC:19872 ESTABLISHED 4420 TCP 127.0.0.1:49266 Andey-PC:27015 ESTABLISHED 4700 TCP 127.0.0.1:62652 Andey-PC:62653 ESTABLISHED 10196 TCP 127.0.0.1:62653 Andey-PC:62652 ESTABLISHED 10196 TCP 127.0.0.1:62665 Andey-PC:62666 ESTABLISHED 3432 TCP 127.0.0.1:62666 Andey-PC:62665 ESTABLISHED 3432 TCP 127.0.0.1:62667 Andey-PC:6039 ESTABLISHED 3432 TCP 192.168.0.4:59405 sjc-not7:http ESTABLISHED 4420 TCP 192.168.0.4:62353 v-client-1a:https CLOSE_WAIT 4420 TCP 192.168.0.4:62354 ec2-50-19-116-109:https CLOSE_WAIT 4420 TCP 192.168.0.4:62355 v-client-1a:https CLOSE_WAIT 4420 TCP 192.168.0.4:62731 host10:5938 ESTABLISHED 10196
netstat.exe -n [
Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:6039 127.0.0.1:62667 ESTABLISHED TCP 127.0.0.1:19872 127.0.0.1:49263 ESTABLISHED TCP 127.0.0.1:27015 127.0.0.1:49266 ESTABLISHED TCP 127.0.0.1:49263 127.0.0.1:19872 ESTABLISHED TCP 127.0.0.1:49266 127.0.0.1:27015 ESTABLISHED TCP 127.0.0.1:62652 127.0.0.1:62653 ESTABLISHED TCP 127.0.0.1:62653 127.0.0.1:62652 ESTABLISHED TCP 127.0.0.1:62665 127.0.0.1:62666 ESTABLISHED TCP 127.0.0.1:62666 127.0.0.1:62665 ESTABLISHED TCP 127.0.0.1:62667 127.0.0.1:6039 ESTABLISHED TCP 192.168.0.4:59405 220.127.116.11:80 ESTABLISHED TCP 192.168.0.4:62353 18.104.22.168:443 CLOSE_WAIT TCP 192.168.0.4:62354 22.214.171.124:443 CLOSE_WAIT TCP 192.168.0.4:62355 126.96.36.199:443 CLOSE_WAIT TCP 192.168.0.4:62731 188.8.131.52:5938 ESTABLISHED
Try the steps below :
Error 806: a connection between your computer and the VPN server has been established but the VPN connection cannot be completed. The most common cause for this is that there is at least one internet device between your computer and the
VPN server is not configured to allow GRE protocol packets Verify that protocol 47 GRE is allowed on all personal firewall devices or routers. if the problem persists, contact your administrator.
1) if you have a router/firewall, make sure you open TCP Port 1723, IP Protocol 47 (GRE).
2) make sure you can reach the VPN server by using ping. Sometimes, poor connection can cause this issue too.
3) You may need to updated firmware on a router or firewall.
4) The VPN server may not be able to get IP from DHCP for the VPN client. So, you may want to re-configure VPN host networking settings. For XP pro VPN host, go to the Properties of the VPN>Network, check Specify TCP/IP address and Allow calling computer to specify its own IP address, and uncheck Assign TCP/IP addresses automatically using DHCP.
5) Make sure other secure software blocks your access, for example, if you use Norton secure software, you may need to add the remote client's IP so that the client can access.
6) If your VPN running on a Windows RRAS with NAT enabled, you may want to check the NAT settings.
Another link for helping you :
MCITP : Server Administrator | VMware : VTSP 4 / Desktop VTSA 4 | NetApp : DataOntap 7/8 Accreditation
→ Thanks for voting this post as answer if it helps
Since all the other users are able to connect via VPN I don't think reconfiguring the vpn server or router is a good place to start.
I am actually looking for conclusions based on the netstat results