Forum Discussion
VPN on Windows Server 2016 not working
Hi, the server and RRAS are configured correctly: the problem is the Fios G1100 router, which does not forward the GRE protocol (needed for PPTP). Opening only TCP port 1723 is not enough
The ways are:
-replace or bridge the G1100 with a router that supports PPTP-passthrough
-or change VPN on Windows Server and use SSTP (TCP 443) or L2TP/IPsec, which do not require GRE
putting the server in DMZ on the G1100 can work, but it is not guaranteed
It is not Windows' fault, it is the router that blocks GRE; you need a new router or a different protocol
To avoid my Fios router, I tried my Android device without Wi-Fi (i.e., using only cellular connection). The Android built-in VPN client does not work and gives no information about why the connection fails.
I downloaded the app strongSwan. Its connection fails too, but it has a log:
Hi, the NO\_PROPOSAL\_CHOSEN error happens because the client and server can’t agree on encryption and DH parameters for IKE. Your strongSwan settings don’t match what the server accepts.
- Align IKE proposals in strongSwan to match the server (e.g., aes256-sha256-modp2048)
2. Check IPsec settings on the Windows server (Encryption, Integrity, DH Group) and make sure they match.
3. Verify PSK or certificates are correct and identical on both sides.
4. Test again to see if the negotiation succeeds.
If syncing the IPsec policies is too tricky, you can temporarily try SSTP (HTTPS-based VPN) to check if the rest of the setup is fine.
Thanks a lot for all the help. It is greatly appreciated.
I tried but could not figure out what the server had for handshaking.
I am giving up. I have spent too much time on this, and I don't want to waste the time of others like you.
- Align IKE proposals in strongSwan to match the server (e.g., aes256-sha256-modp2048)