First a disclaimer, I am an experienced software developer with a decent knowledge of networking fundamentals but little practical experience. Unfortunately, it has fallen on me to solve this problem for our small software shop. I am confident this is not a problem with Windows Vista but I'm hoping someone can help me work around the issue. I have a Linksys RVS4000 router running firmware v1.2.11. For the past two years, we have successfully had Windows XP clients outside the network connect to a Windows Server 2003 PPTP VPN inside the network. We have recently discovered that Windows Vista clients cannot connect. I upgraded the router firmware and verified we were using CHAPS2 on the server. I even allowed unencrypted authentication on the client and server to verify that it was not an encryption issue. (This seems to be a common problem with Vista VPN connections.) Usingthe PPTPCLNT tool, I was able to narrow it down to an issue with the GRE packets. Using WireShark captures I saw that the connection is being successfully established but the client then requests a disconnect. Additionally, if I bypass the router, I am able to connect successfully from a Vista client. My theory is that the NAT router is modifying the GRE packets or another packet type that GRE relies on. (We are using IP forwarding for TCP port 1723.) Windows Vista must be rejecting the connection when it sees the packet in a state different from what it expected and then disconnects. That theory is based on a shaky understanding of routing protocols so it might be completely wrong. I am quite confident this is an issue with the router but I am open to using a different client and server configuration if it solves the problem. I have started to look at changing to a L2TP VPN but my limited experience is making that go very slowly. I would think that SSTP would be very easy to get through the firewall but it appears to not be supported by Windows Server 2003.

Hi, Thank you for posting. May I know if you have configured the GRE (IP Protocol 47) forward on the internal VPN server? Meanwhile, I would like to share the following document with you: Configuring Packet Filters for a VPN Server http://technet.microsoft.com/en-us/library/cc779096.aspx If the issue persist, please provide the exact result from PPTPCLNT tool for our further research. Thanks. Nicholas Li - MSFT

Hi Nicholas, thanks for the response. Unfortunately, the router does not have any settings specific to GRE. I do have IPSec PassThrough enabled but I'm unclear if this also includes IPSec tunneled through GRE. I verified that the router firewall as shown in theTechnet article. However, I amonly able to configure UDP and TCP ports, not IP protocols.Below are the results from the PPTPCLNT and PPTPSRV.Successful Windows XP PPTPCLNT Initializing WinSock... Obtaining host information... Successfully resolved server's host information ====================================== Enter data to send to server (between 1 and 255 chrs.), then hit enter: -->asdf Successfully connected to server using TCP port 1723 (PPTP) Sending data to server Waiting for a reply to the data which was just sent... Received a reply. Reply contains the following text: ---> ================================= Connectivity test to TCP Port 1723 was successful!!! Closing down socket... ================================= Creating a socket to test GRE protocol traffic... Total GRE packets sent = 1 Total GRE packets sent = 2 Total GRE packets sent = 3 Total GRE packets sent = 4 Total GRE packets sent = 5 ===================================== Check server to see if the GRE packets were received successfully ===================================== Closing down socket Goodbye! Successful PPTPSRV Error 10048 binding Socket: WSAEADDRINUSE: Address already in use Created socket for GRE protocol test Listening on PROTOCOL 47 for incoming GRE packets... Total GRE packets received = 1 Total GRE packets received = 2 Total GRE packets received = 3 Total GRE packets received = 4 Total GRE packets received = 5 ====================================== GRE protocol test was successful! ====================================== Closing socket Goodbye! Failed WindowsVista PPTPCLNT Initializing WinSock... Obtaining host information... Successfully resolved server's host information ====================================== Enter data to send to server (between 1 and 255 chrs.), then hit enter: -->asdf Successfully connected to server using TCP port 1723 (PPTP) Sending data to server Waiting for a reply to the data which was just sent... Received a reply. Reply contains the following text: ---> ================================= Connectivity test to TCP Port 1723 was successful!!! Closing down socket... ================================= Creating a socket to test GRE protocol traffic... WSASocket() failed: 10013 Failed PPTPSRV Error 10048 binding Socket: WSAEADDRINUSE: Address already in use Created socket for GRE protocol test Listening on PROTOCOL 47 for incoming GRE packets... This never progresses past this point when PPTPCLNT is used on the Vista client.

Hi, Thank you for your update. At this time, please try the following: 1. Please let me know the Topology of the network. Where do the Windows Vista computer, the Windows XP computer, the router and the VPN server locate? 2. Just for a test, try to setup DMZ host for the VPN server and establish the connection from the Windows Vista client: You can refer to Page 12 Setup > DMZ of the User Guide: User Guide of Linksys RVS4000 Router http://www.cisco.com/en/US/docs/routers/csbr/rvs4000/administration/guide/RVS4000_V10_UG_B_web.pdf Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. 3. You can also try another router which supports the configuration of IP Protocol and see if it works. Hope this helps. Thanks. Nicholas Li - MSFT