locked
VPN, my ISP supplied router, PPTP and Error 806+GRE not allowed RRS feed

  • Question

  • Attempting VPN via a VISTA client to Server 2008 and getting an Error 806; your router doesn't allow GRE packets.

    Any way round this problem? Since L2TP doesn't work, am I left with using SSTP as the VPN protocol?

    Any help appreciated...

    Tuesday, May 18, 2010 6:12 PM

Answers

  •   You forward ports. You do not forward protocols. GRE is another IP protocol like TCP or UDP. You can allow it or block it.

       When you use PPTP, the privately addressesd packet is encrypted and this encrypted packet is encapsulated in a new packet with a modified GRE header. Because the payload is encrypted, a firewall will see only the GRE header. If your firewall blocks GRE (IP protocol 47), no data will flow across your PPTP connection and it will close.

     


    Bill
    Saturday, May 22, 2010 10:46 AM

All replies

  •  

    Hi,

     

    Thank you for your post here.

     

    Yes, the PPTP tunneling counts on TCP port 1723 traffic for PPTP tunnel maintenance and IP protocol 47 for GRE traffic for PPTP tunneled data. The error indicates that the router is not configured properly to forward GRE traffic to the VPN server. To correct this issue, you may check how it works if you create GRE (IP protocol 47) forwarder to the internal VPN server.

     

    If you have any questions or concerns, please do not hesitate to let me know.

     

     

     

     

    Wednesday, May 19, 2010 6:18 AM
    Moderator
  • Not allowed to forward a protocol in the router. Guess I'm stuck with SSTP and to creating certificates?

    Friday, May 21, 2010 2:19 PM
  •   You forward ports. You do not forward protocols. GRE is another IP protocol like TCP or UDP. You can allow it or block it.

       When you use PPTP, the privately addressesd packet is encrypted and this encrypted packet is encapsulated in a new packet with a modified GRE header. Because the payload is encrypted, a firewall will see only the GRE header. If your firewall blocks GRE (IP protocol 47), no data will flow across your PPTP connection and it will close.

     


    Bill
    Saturday, May 22, 2010 10:46 AM
  • Yes... GRE is NOT configurable on the Router - protocols are NOT configurable on the router firewall.
    Tuesday, May 25, 2010 9:44 AM