0

One of my users cannot vpn into my network and is getting a "connection refused" error.

So, I'm using Win2K Routing and Remote access for vpn, via PPTP. However, other users have no problems getting in and this particular user is able to telnet into the server at port 1723 without a failed connection (though obviously he can't do anything after telnetting in). I am able to VPN using his username without a connection refused error (I get accessed denied instead). He has turned off all of his firewalls and is just using a linksys router. He is able to vpn into other machines.

The protocol in use for Logon Security is RSA Security EAP (encryption enabled)

Any ideas?

Brian
  • 303
  • 1
  • 3
  • 15
  • 1
    Anything in the VPN logs for the failed connections? Are there any detailed messages in the user's event log? One suggestion would be to try rebooting the Linksys router - I've had problems in the past where they have a limited number of VPN tunnels and hold previous connections open. – gharper May 27 '09 at 20:11
  • Well, the network tech on the other end tried using the same setup on his machine and was successful, so the issue is not related to user credentials. – Brian Jun 15 '09 at 13:44

3 Answers3

1

It sounds almost certainly like it is a problem with his client.

First step would be if he has somewhere else he can VPN to (probably not), to test that. Otherwise, go over the config details and make sure they are correct (including any passwords) Finally, remove, and re-install the client.

One other option - if your system uses passwords that could be locked out - check that.

If you know how to use tcpdump or something similar, you could also watch to see if you can see traffic from his IP address when the actual client is being used to connect.

Brent
  • 22,219
  • 19
  • 68
  • 102
  • As I mentioned, he is able to vpn into other machines. And password lockouts would have prevented me from vpning in with his username, but I can do so (and get access denied), which he cannot (he can't even connect). – Brian May 27 '09 at 20:26
  • Actually, I think password lockouts would give you "access denied", as you described, as would a bad password. Still, that is obviously not his issue. – Brent May 27 '09 at 20:34
  • If he can VPN to other machines using the same client, I would focus on checking his configuration for the server in question – Brent May 27 '09 at 20:35
  • @Brent: I agree, but I have a set of screenshots for that configuration and it's worked for others. I cannot remote in since he does not work exclusively for my company and so it is not my machine. – Brian May 27 '09 at 21:26
  • I assume he is using the same vpn client for all his vpn access? The reason I ask is that I have had clients that use both cisco VPN and OpenVPN have problems due to conflicts with the TAP adapter. OpenVPN comes with a couple utilities in the /bin subdirectory which allow you to remove the TAP adapter (deltap) and re-create it (addtap). This has solved the conflict for us in the past – Brent May 27 '09 at 22:19
  • @Brent: He's using the VPN client that comes with WinXP. – Brian May 28 '09 at 14:28
1

I think your problem is on the link on the provider. Try to reduce MTU on the link on windows with registry key in this article :

support.microsoft.com/?scid=kb%3Ben-us%3B900926&x=15&y=8

You must reboot the computer before give it a test ;-)

Yves

  • Am I changing his machine? Changing the server? Why would this cause problems for him connecting to me but not connecting to others? – Brian May 27 '09 at 20:27
0

Is the user getting a specific error?

One problem that I've seen in my own environment is one of the users has a switch or router somewhere along the way that is preventing all of the traffic. For Windows VPNs, you need ot have port 1723 open, but you also need the ability to pass along GRE traffic[1]. This prevented the link from being established and the end user was getting an "Connection Refused" error.

[1] read about it here en.wikipedia.org/wiki/Generic_Routing_Encapsulation

Tim Robichaux
  • 31
  • 2
  • @Tim: He is able to connect to other VPN machines. And my VPN machine can be connected to by other uses. As for the error, it's a connection refused error. I don't know the specific error number. – Brian May 27 '09 at 21:25