8

While trying to connect with the Windows VPN client, the client hangs at the "Verifying user name and password..." message for about 10 seconds, and then I get the following error message:

Error 619: A connection to the remote computer could not be established, so the port used for this connection was closed.

I can connect successfully using Windows 7 Professional 64-bit, but not with Windows 7 Home Premium 64-bit. Both machines are off the network I'm trying to VPN into and are on the same network. Windows Firewall is disabled on both machines. No antivirus on either machine, clean Windows installs.

I'm using Windows VPN client with the following settings:

  • Options tab: Unchecked "Include Windows logon domain"
  • Security tab: "Type of VPN" set to PPTP, "Data encryption" set to Optional, CHAP and MS-CHAP v2 checked
  • Networking tab: IPv6 disabled, use remote gateway disabled
  • Network IP(DHCP)/Subnet: 192.168.10.x 255.255.255.252

The server:

  • pptpd linux package running on Raspbian Wheezy OS
  • Network IP(Static)/Subnet: 192.168.1.x 255.255.255.0

pptpd.conf:

logwtmp

localip 192.168.1.161

remoteip 192.168.1.234-238,192.168.1.245

The router is a Linksys WRT160N v3 running DD WRT firmware with GRE 47 enabled and port 1723 forwarded correctly to the server.

What could be the problem and how can I fix it?

EDIT(NEW FINDINGS): When DMZ is enabled, the Windows Home machine can connect to the VPN, when disabled it can't. However, the Windows Professional machine can connect in both scenarios. What's even more frustrating is that even if I forward all ports(1-65535) to the server, the Home machine won't connect. The DMZ must do something that the Home Edition can't live without.

Community
  • 1
James
  • 131

5 Answers5

5

I've finally found the holy grail:

http://www.jcsilva.com/2011/01/09/issues-with-dd-wrt-gre-forwarding-pptp/

This page says the following:

Issues With DD-WRT GRE Forwarding PPTP

A quick fix for DD-WRT not forwarding GRE PPTP packets.

Add the following commands to the startup commands (Administration->Commands):

/sbin/insmod xt_connmark
/sbin/insmod xt_mark
/sbin/insmod nf_conntrack_proto_gre
/sbin/insmod nf_conntrack_pptp
/sbin/insmod nf_nat_proto_gre
/sbin/insmod nf_nat_pptp

As a side note, I'm not sure why the Professional machine was able to connect correctly and at this point I don't really care now that I have a real solution that isn't enabling the DMZ.

James
  • 131
0

For me solution was to go to regedit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\Parameters\ and delete ProhibitIpSec parameter, then reboot the PC (changes apply only after reboot!), then try connect to VPN again.

Kyo
  • 161
0

Check pptpd options

In /etc/ppp/pptpd-options, check for following options

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
#ms-dns <dns server ip>

Turn on debug on Raspbian

In /etc/pptpd.conf, add or un-comment

debug

In /etc/ppp/options, add or un-comment

debug

Restart pptpd.

Connect VPN with Win 7 Pro, then disconnect. Then connect VPN with Win 7 Home, wait for error. Compare the /var/log/syslog entries of the two connections.

John Siu
  • 5,405
0

There are a lot of network related features missing in Home Premium that are available in Professional and Ultimate versions. Features like joining a domain, VPN, RDP and some support for secure protocols are all missing in Home Premium. This could be the reason why you can connect with Professional and not with Home Premium.

Start from this link and you'll see what I mean. A quick search will show you the list of features missing in Home Premium as compared to Professional

http://windows.microsoft.com/en-US/Windows7/products/compare?T1=tab15

Freckles
  • 23
0

Just in case someone gets Error 619 and accepted solution doesn't work - especially when given VPN connection worked in the past: sometimes Skype uses required ports and must be shut down / restarted

Mr. Girgitt
  • 151