XP SP2 VPN and Home Edition

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

SP2 appears to have broken the ability of my XP Home Edition PC to
VPN to our Windows Server 2003 Enterprise Edition host accross the Internet.
1. It worked prior to installing SP2
2. It does not appear to be a client firewall issue. The same problem occurs
if the firewall is enabled or not. I have no other firewall than the
one provided with XP.
3. My co-workers tell me they can still establish a VPN using their XP home
edition computers.
4. Symptoms sre: I get a "connecting..." popup message, it immediatley
changes to a "verifying username and password" where it times out.
5. The Home Edition PC runs ICS. I have an XP Pro (SP1) that cannot
establish a VPN connection while using the Home Edition as an Internet
Gateway. However, when directly connected to the Internet the Internet,
the XP Pro can establish a VPN connection
6. I am seeing _no_ messages in the Event Viewer that coincide with
VPN attempts on either the clients or the server.
7. RRAS logging is set to "errors and warnings" and nothing appears to be
written in them either.
8. The symtoms I am seeing are similar to ones I had earlier with Home
Edition that was fixed by changing the RRAS server -> IP properties to
"enable broadcast name resolution" and Use Local Area Connection to obtain
DHCP, DNS, and WINS addresses for dial-up connections.

Any help will be appreciated.

Thanks,
--
Matt Hickman
..there is nothing that makes a man feel so helpless as taking his pants
away from him.
Robert A. Heinlein (1907 - 1988)
"If This Goes On--" ASF c.1940

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Are you doing a PPTP or a L2TP VPN connection?

Jeffrey Randow (Windows Networking & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On 23 Aug 2004 08:41:11 -0700, hemo_jr@space.com (Matt Hickman) wrote:

>SP2 appears to have broken the ability of my XP Home Edition PC to
>VPN to our Windows Server 2003 Enterprise Edition host accross the Internet.
>1. It worked prior to installing SP2
>2. It does not appear to be a client firewall issue. The same problem occurs
>if the firewall is enabled or not. I have no other firewall than the
>one provided with XP.
>3. My co-workers tell me they can still establish a VPN using their XP home
>edition computers.
>4. Symptoms sre: I get a "connecting..." popup message, it immediatley
>changes to a "verifying username and password" where it times out.
>5. The Home Edition PC runs ICS. I have an XP Pro (SP1) that cannot
>establish a VPN connection while using the Home Edition as an Internet
>Gateway. However, when directly connected to the Internet the Internet,
>the XP Pro can establish a VPN connection
>6. I am seeing _no_ messages in the Event Viewer that coincide with
>VPN attempts on either the clients or the server.
>7. RRAS logging is set to "errors and warnings" and nothing appears to be
>written in them either.
>8. The symtoms I am seeing are similar to ones I had earlier with Home
>Edition that was fixed by changing the RRAS server -> IP properties to
>"enable broadcast name resolution" and Use Local Area Connection to obtain
>DHCP, DNS, and WINS addresses for dial-up connections.
>
>Any help will be appreciated.
>
>Thanks,

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

"Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote in message news:<hv7li0d5il6it78210j5l0iql6vk8vie4d@4ax.com>...
> Are you doing a PPTP or a L2TP VPN connection?

PPTP

--
Matt Hickman
...anyone who can't use a slide rule is a cultural illiterate ...
Robert A. Heinlein (1907 - 1988)
_Have Space Suit Will Travel_ c. 1958

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

If it is L2PT, I understand that SP2 introduced a problem with VPN's where
there is NAT involved.

Here's one such message concerning it: http://tinyurl.com/6alc7

However, something I don't understand is that I hear this problem is
concerned with NAT. I would think our company's setup is like the problem
described. For example, my computer is behind my NAT linksys router which
assigns me a IP using DHCP. At my company, the windows 2003 server is
behind a symantec router. The server has a fixed IP. We only use L2PT.
However, my computer has SP2 on it, and I connect perfectly! Does mine
work because I have setup the symantec router to forward the appropriate
ports to the server? I would think that'd be necessary in any scenario.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

"Knox" <thornNOSPAM99@hotmail.com> wrote in message news:<enhGiKiiEHA.712@TK2MSFTNGP09.phx.gbl>...
> If it is L2PT, I understand that SP2 introduced a problem with VPN's where
> there is NAT involved.

Unfortunately, I am using PPTP and the registry hack from the link you posted
has no effect on my problem.

Thanks

--
Matt Hickman
When it is time to railroad, people start railroading.
Robert A. Heinlein (1907 - 1988)
_The Door Into Summer_ 1956

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

NAT-Traversal has been available client-side for a while now,
fortunately..

Jeffrey Randow (Windows Networking & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Tue, 24 Aug 2004 17:37:56 -0400, "Knox" <thornNOSPAM99@hotmail.com>
wrote:

>If it is L2PT, I understand that SP2 introduced a problem with VPN's where
>there is NAT involved.
>
>Here's one such message concerning it: http://tinyurl.com/6alc7
>
>However, something I don't understand is that I hear this problem is
>concerned with NAT. I would think our company's setup is like the problem
>described. For example, my computer is behind my NAT linksys router which
>assigns me a IP using DHCP. At my company, the windows 2003 server is
>behind a symantec router. The server has a fixed IP. We only use L2PT.
>However, my computer has SP2 on it, and I connect perfectly! Does mine
>work because I have setup the symantec router to forward the appropriate
>ports to the server? I would think that'd be necessary in any scenario.
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

The hang at this point typically involves errors in PPTP Passthrough
(GRE)... You haven't happened to install a new router on your home
system, have you?

Also, try setting up a L2TP tunnel.. It is fairly easy to configure -
(on the server side, setup a preshard key in RRAS and then configure
the same preshared key on your client system). L2TP VPNs need TCP/UDP
1701, UDP 4500, UDP 500 forwarded...

Jeffrey Randow (Windows Networking & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On 23 Aug 2004 08:41:11 -0700, hemo_jr@space.com (Matt Hickman) wrote:

>SP2 appears to have broken the ability of my XP Home Edition PC to
>VPN to our Windows Server 2003 Enterprise Edition host accross the Internet.
>1. It worked prior to installing SP2
>2. It does not appear to be a client firewall issue. The same problem occurs
>if the firewall is enabled or not. I have no other firewall than the
>one provided with XP.
>3. My co-workers tell me they can still establish a VPN using their XP home
>edition computers.
>4. Symptoms sre: I get a "connecting..." popup message, it immediatley
>changes to a "verifying username and password" where it times out.
>5. The Home Edition PC runs ICS. I have an XP Pro (SP1) that cannot
>establish a VPN connection while using the Home Edition as an Internet
>Gateway. However, when directly connected to the Internet the Internet,
>the XP Pro can establish a VPN connection
>6. I am seeing _no_ messages in the Event Viewer that coincide with
>VPN attempts on either the clients or the server.
>7. RRAS logging is set to "errors and warnings" and nothing appears to be
>written in them either.
>8. The symtoms I am seeing are similar to ones I had earlier with Home
>Edition that was fixed by changing the RRAS server -> IP properties to
>"enable broadcast name resolution" and Use Local Area Connection to obtain
>DHCP, DNS, and WINS addresses for dial-up connections.
>
>Any help will be appreciated.
>
>Thanks,

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

"Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote in message news:<j1tni0tga3oea8la75jop2220geb7flr4m@4ax.com>...
> The hang at this point typically involves errors in PPTP Passthrough
> (GRE)... You haven't happened to install a new router on your home
> system, have you?

Nope, I use dial-up and my XP Home computer is the one doing the dialing.
It also run ICS, but I don't think that should have any effect on the
dial-up interface.

> Also, try setting up a L2TP tunnel.. It is fairly easy to configure -
> (on the server side, setup a preshard key in RRAS and then configure
> the same preshared key on your client system). L2TP VPNs need TCP/UDP
> 1701, UDP 4500, UDP 500 forwarded...

Something is wrong. I was under the imopression that RRAS set up
a L2TP security policy when it stated up. But when I try to connect
from either the XP pro on Home machines, I get an error 791 ... security
policy for connection not found. If I turn on a policy at the RRAS server,
"Server (request security)" or a custom policy using the preshared key, I
get an error 788 .. security layer could not negotiate compatible
parameters with the remote computer. "More info" tells me that my current
configuration of L2TP parameters is not compatible with the microsoft
implementation of L2TP.

My client's IP address does show up in the IP security monitor's
security associations for the rras server under Quick Mode, so something
is getting through. Also, if the keys do not match, I get 792 security
negotiation timeout error

The router at the server site is set up to forward udp/tcp 1701; udp 500;
udp 4500; and tcp 50 to the Windows 2003 RRAS server. It does not have
the ability to filter on protocol. I also set up, in rras, the
preshared key by checking the "allow custom IPSec policy for L2TP
connection" under the security tab of the RRAS server properties.

I obviously have something configured incorrectly -- probably on the
rras server. Thanks for your help up to this point, and any further
help is appreciated.


--
Matt Hickman
We can't expect each man to be his own Tom Paine.
Robert A. Heinlein (1907 - 1988)
"If This Goes On--" ASF c.1940

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

"Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote in message news:<j1tni0tga3oea8la75jop2220geb7flr4m@4ax.com>...
> The hang at this point typically involves errors in PPTP Passthrough
> (GRE)... You haven't happened to install a new router on your home
> system, have you?

Update:
Thanks for your help, everyone. The problem is resolved. It may have
been an ISP/connection problem. Or a modem / driver issue. I got hooked
up with cable today and now PPTP VPN works like a champ.

--
Matt Hickman
People do not appreciate how precarious our ecology is. Even so, it
shocks _me_. I know water runs down hill...but didn't dream how
terribly soon it will reach bottom.
Robert A. Heinlein (1907 - 1988)
_The Moon Is a Harsh Mistress_ c 1966