Windows 10 VPN Server - port 1723/3389 closed

iseeuseeingme

Prominent
Jan 22, 2018
5
0
510
I have been trying to setup my windows 10 VPN server (just the included windows VPN connection) and I think I got it all set properly. I have followed some very detailed guides, but I can't get my port 1723 open. I have set up the router (ATT NVG599) to forward the ports to my static PC IP address, and I have opened the ports in the windows firewall. But it is still closed when checking via an online port checking tool. What is the next step?

-EDIT. I have finally achieved 1723 as an open port, but not I can't open 3389! god I hate networking...
Here are a few pics of my settings. I cant figure out what else I need to do in order for 3389 to become open. Canyouseeme.org still says it is closed after the firewall, and router have open connections. The other ports, like 1723, 32400, show as open.

Open Router Ports:
XG89fPK.png


Static IP settings:
GkGBSZf.png


Remote Services are running:
sRaWlAB.png


Firewall ports are open:
8AL7aOg.png


When I try to connect my remote PC to the remote desktop connection, it tries to connect and gets hung up on the verifying username and password. and then I get the error 806. I have confirmed that the GRE protocol is being allowed, so that is not causing the connection issue.

rppFj8O.png


YXNsFBS.png


oh, and last night I had this laptop connected to the same LAN as my hosting PC, tried the remote connection, and the connection worked. so there is something set up right. Just can't get it to connect when off the LAN.

My connection log after trying to connect remotely:
kGmlhQr.png
 
Solution
It's kinda of a last resort thing, but 2 tabs over from NAT/Gaming is IP passthrough. Set it to passthrough, DHCP fixed, and select your computer from the list. here is the thing ... everything will get through (aka ... no firewall for that computer).
I assume your router has a logging feature. Open the firewall log and clear it. Attempt to connect to your VPN. After it fails, refresh your firewall log. Do you see anything?

You can do the same with the windows firewall, but I find it is easier just to disable it.

I did read something about passwords with special character being an issue. You might try something simple while testing.
 


Yes I have reduced the password requirements, and will try and make a connection log asap. still can't get the 3389 port to be open, and I am assuming (maybe incorrectly?) that is the reason for the non-connection. Will try more research over the next few days and hopefully a few more ideas get posted as well. I did the same procedure for port 3389 as for 1723, and I can't see why this one is blocked and 1723 is open.. grr.

 
https://blogs.technet.microsoft.com/rrasblog/2007/06/13/ports-affecting-the-vpn-connectivity/

"Please note: The 47 is IP protocol number of GRE and not a port number inside TCP or UDP header"

On your router, look under the firewall tab and you should see NAT/Gaming ... in the long list you will find PPTP. Try turning that on.


 
It's kinda of a last resort thing, but 2 tabs over from NAT/Gaming is IP passthrough. Set it to passthrough, DHCP fixed, and select your computer from the list. here is the thing ... everything will get through (aka ... no firewall for that computer).
 
Solution