2

I am trying to connect a couple of Win XP desktops at a remote site, to the server (SBS 2008) of a central site, using a PPTP based VPN. When I try to connect, I get the error "Disconnected. Error 721: The remote computer did not respond."

Here is the strange part: The remote PCs can successfully dial out to another server using VPN. Similarly, I can successfully dial into the central site from my work PC.

The remote computers are dialling out through a Netgear DG834Gv4 (latest firmware), and the server is behind a Draytek 2820.

I have also tried using the Draytek as the VPN endpoint (instead of it doing pass-through), which again worked successfully from my work PC, but gave the same result from the remote site.

I can ping the central site from the remote one, no problem. I can also telnet into port 1723 from the remote site.

The central server is a domain controller with AD. At some point in the past, the remote PCs were successfully logged onto the domain, so now log into that (but obviously can't connect). The remote PCs are on a network which contains another SBS 2008 domain/domain controller/AD/server. However, the remote PCs are using the DG834 as their DNS/DHCP/etc.

I and my colleagues are totally stumped - we know each end is fine independently, but for some reason they won't work together. We don't think that it's authentication; it doesn't seem to get that far. There's nothing in either router's firewall which would prevent one the remote IP but not my work IP. The MTU of the DG834 has been changed to match the Draytek.

Any ideas?

  • Ok, I've tested the VPN from one of the PCs from the other domain which is at the remote site, and it has the same response - implying that there is a problem with that site as a whole, and not just the PCs trying to connect to the central site. What kind of problem could cause a whole site to be unable to connect to one VPN (which works from other locations), but be fine with others? –  Feb 08 '10 at 09:50

1 Answers1

1

I've solved it - the problem was the Draytek was being used simultaneously as an endpoint and a pass-through. Well, it was set up as an endpoint (for a separate LAN-to-LAN), so was theoretically intercepting all PPTP traffic.

I changed the LAN-to-LAN to "L2TP over IPSEC", which continued to work, and then I turned off PPTP as an endpoint on the router, allowing it to forward all that to the server. The only downside is that one end is a dynamic IP address, so the IPSEC doesn't work, so it's unencrypted now.

This doesn't explain why I could still somehow log onto the server from work, or why I couldn't log onto the router endpoint at the remote site, but I don't care now that it's fixed!