Continuing on from here: http://www.ocforums.com/showthread.php?t=585627

For the curious, I'm using rasdial in a batch file to open the VPN so I can complete the commands I need to, and then close it when I'm done. It works famously!

I've got my VPN server set up, and I can connect to it through Windows seamlessly on the local network, but when I try over the internet it doesn't seem to like it.

From the looks of the connection, it connects, gets as far as the handshake, then boots me, and I don't know why. On the local network, these work great, but over the internet they die. It kicks out: Remote Access Error 628: The connection was terminated by the remote computer before it could be completed. For further assistance, click More Info or search Help and Support Center for the error number.

I've got the router set up correctly to forward port 1723 to the proper system, and VPN passthrough is enabled in the router as well.

Anybody see anything like this before? how did you fix it?

yes.
i take it your refering to microsofts pptp vpn?

you need to enable the IP protocol "GRE" through your firewall. this is IP number 47.
since this is NOT tcp or udp, and is a special "ip protocol number" some routers are not configurable for this..
i KNOW my dg834g wont allow it, however speedtouch will. and of course cisco will :)

what firewall / router are you using?

It's a D-link WBR-2310. It supports PPTP Passthrough. I have a feeling that the problem lies in the router, but I'm not sure. Perhaps I'm not forwarding the ports correctly or something . . .

That's what I said :/
Where does the pptp terminate?

That's what I said :/
Where does the pptp terminate?

Do you mean where does the connection stop during the connection process? Let me see if I can find out where the log files are stored and I'll post them here.

No I mean does the vpn terminate at the server itself or do you have a router or something that can do pptp?

You need to open up the pptp and gre to your server lan ip.
You need to have some other bits installed on the server, one being dhcp so that the server can issue a lan ip to you over the vpn.
Also once you have this setup correctly, check that the server has not stolen ALL your available IPs. By default it will take 120 I think

I think the other is just ras which you have done I believe.
Then on the user account you need to have dial in enabled.

How much of the above have you got? :)

As far as I can tell, the connection terminates at the handshake. I'm going to run a few more tests tonight from home and see what Wireshark pulls up.

ok,

I've got the router set up correctly to forward port 1723 to the proper system, and VPN passthrough is enabled in the router as well.

this propper system, is it your microsoft server?

you can ignore the above / keep it for reference because i read it again, and you say that you can successfully connect to the vpn internally.

if all works ok internally, but externally it fails, then check you have enough free ip addresses / "ports", and that gre protocol is allowed through the router...

thats all i can really think of to be honest.
my thought is, that if it works internally, it should work externally! and the only difference is that youre going through a router..

UNLESS, the server doesnt have a default gateway, or the gateway is incorrect?

I'm going to test the gateway stuff tomorrow from an external machine, along with a few other things.

I've got Logmein installed on my PC at home, and I'm going to set a few things up and try some tests back-and-forth between my home machine and the office machine. My thinking is maybe because I'm trying to go from my computer in the office out onto the internet and then back into a computer on our network that it might be getting mixed up somewhere.

I've got Logmein installed on my PC at home, and I'm going to set a few things up and try some tests back-and-forth between my home machine and the office machine. My thinking is maybe because I'm trying to go from my computer in the office out onto the internet and then back into a computer on our network that it might be getting mixed up somewhere.

we use pptp all the time,
my work laptop can pptp to a server at another office, through our firewall, through their firewall and terminates at their server.
when i do this, i get the view of the network as if i were sat on the server because the tunnel terminates there - meaning that all the data i send, travels all the way to the server before then getting on to the network.

good luck with the troubleshooting :)

It's the router!

If I put my PC at work on the DMZ port it works just fine, but if I try to connect to it without doing that, even if I forward all the ports correctly, I get error 628.

So either I don't have something forwarded correctly, or this router lies about it's ability to forward VPN connections, which is not uncommon.

i'm sure you're missing a port froward on the receiving machine :)

I've got 1723, 500, and 1701 forwarded. Are there any more I should be aware of?

I've got 1723, 500, and 1701 forwarded. Are there any more I should be aware of?

OMG YES!!! (orgasm mode ;) )

please read like my first post, where i said you need GRE protocol forwarded through!

and also read that this isnt tcp, or udp, but IP, and its IP number 47

and because its not tcp or udp, you most likely cannot configure that on yer router

I've got 1723, 500, and 1701 forwarded. Are there any more I should be aware of?

ALL you need is 1723, and IP 47..
whats the others for?