Home > Tips > Windows VPN Ports – PPTP and GRE

Windows VPN Ports – PPTP and GRE

September 28th, 2009 Leave a comment Go to comments

So I’ve set up a VPN server at work. Great for connecting from home to access the network. I’m using just the built in VPN server in Windows Server 2003 and creating a VPN connection from Windows Network and Sharing Centre. It’s a piece of cake to set up.

The only extra thing you need to do is open the ports in the firewall to allow the connection. Windows VPN by default uses PPTP, which uses port 1723. We have a Juniper firewall which comes set up with lots of predefined services so you can quickly and easily open all the right ports for the application you are using. Great. So I allowed the PPTP service for the mapped IP address the server uses. Done. Or so I thought.

It just wouldn’t connect. I turned off the firewall, tried it again, and it worked straight away. So why wasn’t it working?! After a quick search on the internet I read that you also need to pass GRE. Quick check on the Juniper, GRE was listed on predefined services, added that to the policy for the VPN server. Bingo, it works!

Not sure if that applies to other firewalls. I’ve set this up before and never encountered this problem. Maybe it’s just on the Junipers?

If your firewall doesn’t have predefined services, for GRE you need to open protocol 47 on any port, or ports 0-65535 (all ports).

Categories: Tips Tags: , , , , ,
  1. August 2nd, 2013 at 16:58 | #1

    Thank you for this. You just saved me a few hours 🙂 It’s not obvious that GRE is required (and I couldn’t see any blocked packets).

  1. No trackbacks yet.