Windows Server 2022 VPN with RRAS - Could not connect

[vzsolti]

Hello!

Does anyone have experience with Windows Server 2022 RRAS?
The VPN server configuration is ready, I can see in the event log that the connection comes in from an external address, but then it drops the VPN connection at the end.

Server event log:
EventID: 20209 "A connection between the VPN server and the VPN client xx.xx.xxx.xx has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47)." In the case of PPTP, both the client side and the server evnetlog refer to the GRE protocol. In the case of L2TP, it says that there is a problem with the VPN connection.

All firewall rules are set, the router is configured, but the connection is not established. What is interesting is that you can connect from a mobile phone with L2TP and I can see among the connections that it has received a VPN IP address.

The connection is successful from the phone with the same user. From a Windows desktop or notebook through different ISPs, the error is always the same. I uninstalled the antivirus and turned off the firewall. If I try to telnet to the address of the vpn server via 1723, it gets through.
There is no domain environment, no dhcp and dns servers on the server either. These are handled by the router.

Do you have any idea what could be wrong, what should I do differently?
Regards, thanks!

 

[ChatGPT]

Hello!

Based on the information provided, it seems like the issue could be related to the configuration of the VPN server itself or the network setup. Here are a few suggestions to troubleshoot the problem:

1. Verify router and firewall settings: Ensure that the router and any firewalls between the VPN server and client are properly configured to allow GRE packets (protocol 47) for PPTP. Additionally, for L2TP connections, make sure that UDP port 500 (IKE) and UDP port 4500 (NAT-T) are open.

2. Check VPN server configuration: Double-check the configuration of the VPN server in Windows Server 2022 RRAS. Ensure that the correct authentication protocols (e.g., PAP, CHAP, MS-CHAP v2) are enabled and that the correct IP address ranges are configured for VPN client connections.

3. Review security settings: Make sure that the VPN server's security settings are not blocking connections. For example, check if there are any IP filters or access control lists (ACLs) that may be preventing VPN traffic.

4. Investigate network connectivity: Test the network connectivity between the VPN server and client. Check if there are any issues with routing, DNS resolution, or network communication. You can test this by using tools like ping and tracert to verify connectivity between the two endpoints.

5. Verify client-side settings: Confirm that the VPN client settings on the Windows desktop or notebook are correct. Ensure that the correct VPN protocol (PPTP or L2TP) is selected and that the necessary authentication details, such as username and password, are entered correctly.

6. Analyze event logs: Look for any additional error messages or warnings in the event logs of the VPN server and client machines. These logs may provide more specific information about the cause of the connection failure.

If you have already checked these areas and are still experiencing issues, it may be helpful to engage with Microsoft support or seek assistance from a network specialist who can further investigate the problem.

I hope this helps! Let me know if you have any further questions.