VPN Error "attempted VPN tunnels failed" (Windows 7 IKEv2)

2

1

I try to set up a VPN connection to my workplace following the clear instructions from HERE

It fails to connect returning an error 800:

"The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly."

Specs/Details

  • Alienware laptop: M14xR1
  • Windows 7
  • PPTP dial-up connection
  • Tried both wireless and ethernet cable
  • My internet connection is fine as I am able to post this - signal is 4/5 bars
  • At home the VPN works fine using my wireless router

Screenshot

enter image description here

hello_there_andy

Posted 2014-04-03T18:50:47.813

Reputation: 329

Answers

1

a> If you know which tunnel should actually be used for your deployment, try to set the ‘Type of VPN’ to that particular tunnel type on the VPN client side. [This can be set by clicking the ‘Network Connections’ icon on the bottom right of the task bar, Select your Connection, Right Click -> Properties -> Securities Tab -> Under ‘Type of VPN’ select the interested VPN tunnel type ]

By making VPN connection with a particular tunnel type, your connection will still fail but it will give a more tunnel specific error (for example: GRE blocked for PPTP, Certificate error for L2TP, SSL negotiation errors for SSTP, etc.)

b> This error usually comes when the VPN server is not reachable or the tunnel establishment fails.

i. Make sure the VPN server is reachable (try to PING the server).

ii. If interested in PPTP, make sure PPTP port (TCP 1723) or GRE Port (47) is not blocked on in between firewalls.

iii. If interested in L2TP, make sure

  1. Correct pre-shared key or machine certificate are present both on client and server.

  2. L2TP port (UDP 1701) is not blocked on any of the firewalls.

iv. If interested in IKEv2 based VPN tunnel, make sure

  1. IKE port (UDP port 500, UDP port 4500) is not blocked.

  2. Correct machine certificate for IKE are present both on client and server.

v. If interested in SSTP, make sure correct machine certificate is installed on the server and correct trusted root certificate is installed on the client machine.

Mino

Posted 2014-04-03T18:50:47.813

Reputation: 26

1As this answer has been checked as complete I would still like to add that because the VPN works from home then, also, it would be wise to check if the VPN port from where else you have tried to connect from isn't blocked - i.e. a cafe might only permit port 80 and 443. – Kinnectus – 2015-01-05T10:42:24.963

Asked: 2014-04-03T18:50:47.813

Viewed: 30 109 times

Active: 2015-01-05T08:46:21.353