The symptoms are:
-
I am at home. I am trying to dial a PPTP VPN. It connects fine.
-
Pinging from command line in windows shows about a 30% ping success rate when the PPTP vpn is up, 100% ping success rate when PPTP vpn is not up. So basically It seems PPTP/GRE is broken or blocked by my ISP.
-
I am not able to confirm or deny the function of "GRE" from my home IP to my work IP. I am however able to remote desktop into the server, and obtain brief 5-10 second "usable periods" using remote desktop (windows RDP) which then freeze up completely for 40-50 seconds. I sometimes get another usable spurt of 5-10 seconds.
-
**Updated in response to first answerer:**The home computer that is making the outgoing connection is behind an Apple AirPort router.
I am thinking that taking it out of the loop and directly connecting without the NAT involvement might be a first step in troubleshooting, thanks to the first posted answerer who suggested this.
Is there any way I can confirm or contradict my suspicions? My suspicions are based on googling around, and seeing other random people having the same problem with the same internet service provider, who is either actively blocking or degrading PPTP/GRE performance or perhaps has a misconfigured IPV4 network routing infrastructure which serves the same purpose (Degrade PPTP/GRE performance or destroy its function completely).
If there was some kind of a test I could run on both sides, even if it required some extra software installation, I would like to do such a test.
Not sure if this belongs on SuperUser or ServerFault as it's a client/home computer problem, but it involves a work network (PPTP VPN). I have been advised by someone who knows VPN problems to set up SSTP and have tried to do this, but have not been successful.
Client (home computers) are running Windows 7, Windows 8, and Windows 8.1, and have identical behaviour sometimes. Some days, however everything works fine. It seems subjectively like the ISP's network has "bad hair days" for PPTP and "good hair days".
Is there any test I can run? Anything I can install on the Windows Server 2008 R2 box that will help me test? Any log I can look into for exact error messages? I have looked in all the usual RAS logs and not found anything that seemed interesting, just that a user is connected, and that they have "remotely disconnected". This I have read may be something that has to be troubleshooted on the client side since the client side is timing out and hanging up. If so, how do I do that?
Best Answer
There are a lot of possible problems that you could be having. If you could post your network hardware by model number that might help.
What I would suggest (for a brief period only, and while you arent doing any online banking or sensitive data transactions) would be to set your home computer up as the DMZ host. This will allow all traffic sent to and from your network to be available to your computers connection, and will allow the creation of all sockets, including GRE. If this works (first removing your computer from the DMZ host status) I would check your port forwarding, network address translation rules, and firewall rules concerning vpn passthrough.
I had an issue like this at my house, and the solution was a new router. You might try testing it out at another location (inside the work network would give you the most concrete yes/no answer as to whether it is the hardware at your house.)
P.S. PPTP has been around since the NT4.0 days and is not necessarily the best way to create a VPN if your security is the main concern. I do use it for simple work communication and file transfer purposes, but I would not trust it to sensitive company data. (It opperates with low quality encryption, as low as 40 or 56 bit, which can easily be cracked)
It is possible to get an L2TP or SSTP connection to work behind NAT, but it takes a bit of conjuring, and configuration of certificates.