4

I am having an issue where I keep getting either error 800 or 807 whist trying to connect to a VPN server via PPTP on Windows 8 and 8.1 pro.

The server itself is Synology's VPN Server running on a DS713+.

This seems like it must be issue with the Windows OSs as I can successfully connect to the VPN server using various flavours of Linux (Ubuntu, #!, etc) and using the same networks. I can also establish a PPTP connection from various IOS versions on both iPhone and iPad.

Thus I know that the routers and VPN server are correctly configured (port 1723 forwarded and GRE protocol 47 pass-through).

However on Windows if I create a VPN connection and leave the default settings I receive error 800. If I configure the connection and specify PPTP using CHAP / MS-CHAPv2 I get error 807.

Has anyone else experienced a similar issue establishing a PPTP VPN via windows 8 / 8.1? I have read no end of posts and blogs on the subject but most seem to say it is either an ISP or router issue blocking GRE - but as I say I know this isn't the case here.

My setup is as follows.

[client] -> [router A] -> {internet} -> [router B] -> [switch] -> [server]

To reiterate if [client] is running Linux or IOS this works perfectly, if it is Windows 8/8.1 I get error 800 or 807.

Notes and things I have tried:

  1. [client] can ping [server] both via fixed WAN IP and hostname.

  2. [router B] is passing the 1723 and GRE traffic to [server].

  3. On [client] I have tried disabling IPv6 on both the WAN miniport and NIC.

  4. On [client] I have tried unchecking "Use default gateway on remote network" under "Advanced TCP/IP settings" on the WAN miniport

  5. On [client] I have enabled both the Windows Firewall predefined rules "Routing and Remote Access (PPTP-Out)" and "Routing and Remote Access (GRE-Out)" and have even tried temporarily disabling the firewall completely.

  6. On [server] I have tried lowering the MTU from 1400 to 1000 in steps of 50.

Here are anonomised typical RasClient logs for [client]

1

CoId={0F967D72-7267-42AA-A0B3-D3977894410C}: The user computer\user has started dialing a VPN connection using a per-user connection profile named VPN. The connection settings are: 
Dial-in User = user
VpnStrategy = PPTP
DataEncryption = Requested
PrerequisiteEntry = 
AutoLogon = No
UseRasCredentials = Yes
Authentication Type = MS-CHAPv2 
Ipv4DefaultGateway = No
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
Ipv6DefaultGateway = Yes
Ipv6AddressAssignment = By Server
Ipv6DNSServerAssignment = By Server
IpDnsFlags = 
IpNBTEnabled = Yes
UseFlags = Private Connection
ConnectOnWinlogon = No.

2

CoId={0F967D72-7267-42AA-A0B3-D3977894410C}: The user computer\user is trying to establish a link to the Remote Access Server for the connection named VPN using the following device: 
Server address/Phone Number = 81.133.*.*
Device = WAN Miniport (PPTP)
Port = VPN7-1
MediaType = VPN.

3

CoId={0F967D72-7267-42AA-A0B3-D3977894410C}: The user computer\user dialed a connection named VPN which has failed. The error code returned on failure is 807.
Fraser
  • 96
  • 1
  • 1
  • 7
  • Just to mention the usual caveat. PPTP is broken and insecure, and you should avoid it. http://security.stackexchange.com/questions/45509/are-there-any-known-vulnerabilities-in-pptp-vpns-when-configured-properly – MichelZ Jun 28 '14 at 14:39
  • I think it is Microsoft's implementations of PPP (MPPE, MSCHAP-v*) that is broken, rather than PPTP itself - but in any case I am using OpenVPN now. Still, I would love to know what the issue is with PPTP here. – Fraser Jun 28 '14 at 20:12

3 Answers3

2

I had the same problem. I could connect from iPhone, even from one Win 8.1 Pro desktop machine but not from two laptops running Win 8.1 all connected to the same network. Disabled firewall but no luck.

I accessed the VPN server via its numeric IP address (IPv4). That seemed to be the problem. After I added the VPN server IP to my hosts file and gave it a name I could connect instantly using that name.

Stebi
  • 123
  • 4
  • Thanks for this, I will try it, but on the face of it I don't see how adding a domain name and ip pair to the host file will make any difference - the machines can already resolve the domain name so all this would do is hard code that information. That said obviously something odd is going on with PPTP so perhaps it is a DNS lookup issue...Tell me - before you edited your hosts file could you resolve your VPN from its domain name via DNS or not - e.g. could you ping your VPN server? – Fraser May 06 '15 at 15:16
  • @Fraser My VPN has no public domain name, so I usually use the (fixed) IP address. I just wanted to hide the IP address as it's shown shortly during connect so I added the hosts entry and this magically fixed the problem. I know that the solution seems strange. – Stebi May 06 '15 at 16:10
1

I had what at first glance seems to be the same problem, I can connect from Android and Linux, but not from Windows. I came across another post that suggested turning off Antivirus and Firewalls, which I did, and hey Presto! it worked. The post was actually regarding Windows 7, you can see it here: http://social.technet.microsoft.com/Forums/windows/en-US/76175281-7d33-4f03-b213-b4344b3e9956/vpn-pptp-via-windows-7-gives-error-807-settings-do-work-on-windows-xp-however?forum=w7itpronetworking I then had to find the setting in my firewall, in this case ZoneAlarm, and let it through properly by trusting the host, so that I didn't have to disable it in order to use the VPN. Incidentally, I have Windows Firewall turned off entirely. You don't mention anything about firewalls in your question, so I would assume you have Windows Firewall enabled, so based on what I see, you would need to allow Routing and Remote Access through the firewall, although I could be mistaken. Good luck!

  • Thanks - see point 5 - On [client] I have enabled both the Windows Firewall predefined rules "Routing and Remote Access (PPTP-Out)" and "Routing and Remote Access (GRE-Out)" and have even tried temporarily disabling the firewall completely on a fresh install. Stumped! – Fraser Jul 04 '14 at 15:33
  • 1
    Did you check your antivirus? I have antivirus and firewall combined, and marking the server as safe is for both for me. Other than that, make sure your updates are installed, because beyond that, I have no other idea why non-windows devices would work but your windows devices would not. – Automate Everything Jul 05 '14 at 17:02
  • 1
    Yea I tried on a fresh install so there is no AV apart from Windows Defender. I have even tried disabling that but it just gives the same error(s). – Fraser Jul 06 '14 at 00:29
-2

VPN Error 807 is a common VPN Error which may occur due to following reasons:

  • Firewall OR Antivirus is blocking your connection.
  • server may be overloaded.
  • Internet is not fast enough.

You can follow these simple solutions to fix VPN Error 807

  • Try disabling Antivirus and Firewall.

  • Check if VPN IP Address, Username and Password are correctly entered.

  • Clear history,cookies and Registry also.

  • Set VPN Connection Type to PPTP(Point to Point Tunneling Protocol).

    I found these solutions while surfing online. You can visit itrickbuzz if you want to know more about these solutions. Hope it will be helpful.

Joey
  • 1
  • -1. Joey, did you actually read the question or discussion? There was no firewall or AV and the server was accepting Linux, IOS and android clients. Every single one of the suggestions you give I clearly state I tried. I even state I tried on a clean install... – Fraser Sep 29 '16 at 09:24