error 800: Unable to establish the VPN connection.
When trying to establish a VPN connection to a computer the following error is encountered:
Error connecting to VPN
Error 800: The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use L2TP/IPsec tunnel, the securityparameters required for IPsec negotiation might not be configured properly.
or for Windows XP the error is:
Error Connecting to VPN
Error 800: Unable to establish the VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection.
Where "VPN" is the DNS name of the server or the name of the VPN connection.
Possible Causes and Remedies:
Unfortunately Error 800 seems to be a general catch all error and does not give any indication as to why it failed. The following list of things to check may therefore be incomplete:
- Double check the address of the server.
- Check that there is a valid network connection between your pc
and the server. The simple way of doing this is to run ping at the
Replace "vpn-server" with the address of the vpn server. Unfortunately an increasing number of firewalls block ping, so a positive result indicates that you are taking to the vpn server, but a negative result does not necessarily mean there is no network connectivity.
- Check that port 1723 is open on the firewall. The easiest way be to
use cryping, which allows
a ping link connection to be made to the port:
cryping -p 1723 vpn-server
Replace "vpn-server" with the address of the vpn server. This will show a successful connection, indicating that port 1723 is open and something listening or that either the port is closed or that nothing is listening.
If you get no response on port 1723 then either that port is being blocked by a firewall or there is no vpn server listening. You will need to establish which.
Other things to try if the above does not help, but which I've no first hand experience of, include:
- Check that the firewall is forwarding IP Protocol 47 (GRE - not to be confused with IP port 47). However, if GRE is not forwarded then you would probably receive a different error.
- Ensure that the router (or firewall) protecting the VPN server support VPN connections. Check with the manufacturer's website to see if a firmware update is required. Its generally good practice to ensure that your router (or firewall) is running with the latest firmware.
- Check the event logs on the VPN server - there may be an error there, such as not having a free IP address to allocate.
- Check that the router (or firewall) supports PPTP Pass-Through. Most do. If this needs to be switched on then switch it on (it may be an automatic feature).
These notes have been tested with Windows 8, Windows Server 2010 and Windows XP.
About the author: Brian Cryer is a dedicated software developer and webmaster. For his day job he develops websites and desktop applications as well as providing IT services. He moonlights as a technical author and consultant.