Interpreting the Event Log
FIXED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Re: Interpreting the Event Log
07-01-2021 5:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have a server on my LAN and am able to VPN to it directly. Yay.
I want to be able to do the same from outside from the great plains of the tinternet - I have setup a static IP on my router and can ping that address successfully. I have placed the Server in my DMZ. Now I am completely stuck.
Can anyone provide a handy guide to reading the 'Event Log' ? I am hoping this will provide some clues?? Sorry complete networking newbie.
I love you for reading this far.
Fixed! Go to the fix.
Re: Interpreting the Event Log
07-01-2021 5:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Can you post a picture/copy of an event log you want interpreting and explain which bits you don't understand?
Re: Interpreting the Event Log
07-01-2021 5:50 PM - edited 07-01-2021 5:50 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I wouldn’t put your server in the dmz, personally think it’s better to just forward the required ports for the VPN.
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Re: Interpreting the Event Log
08-01-2021 10:05 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Is it paranoid to remove my public IP??! Well I have done it anyway!
So is there not a guide? So I expect it is showing me [IPADDR]:PORT but what does <--> and - - - mean? What is SYN_SENT ppp3 NAPT? etc?
Re: Interpreting the Event Log
08-01-2021 10:10 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hmm - I didnt start with it there - but I am struggling to access it at all so it seemed worth trying? How would you begin debugging an external VPN rejection?
I have managed to connect the VPN through LAN - Method 1? But am unable todo that when I connect via my mobile internet - I setup my VPN to go to my external static IP address (rather than the local LAN IP address when I connect in method 1).
Thanks for helping!
Paul
Re: Interpreting the Event Log
08-01-2021 10:59 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Server <-> router <-> internet
For my setup vpn listens on port 1194 so I have a port forward rule that sends port 1194 request on my home IP address to the server.
You can check if your port forwarding rule is set up correctly by checking it with something like https://www.yougetsignal.com/tools/open-ports/ if that says it's closed then your pf rules aren't quite right.
If it says open then you need to look at your vpn server.
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Re: Interpreting the Event Log
08-01-2021 11:47 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Soooo. The port 1723 is shown as open on my external static IP. Good.
When I look at Windows Event Viewer logs I see this
CoId={8EA60326-0D3B-4222-A7BD-5723A0F78AEC}: The user SYSTEM has successfully established a link to the Remote Access Server using the following device:
Server address/Phone Number = XXMy public IPXX
Device = WAN Miniport (PPTP)
Port = VPN4-1
MediaType = VPN.
Which is great! But then the next event is
CoId={8EA60326-0D3B-4222-A7BD-5723A0F78AEC}: The user SYSTEM dialed a connection named Turtlestack External which has failed. The error code returned on failure is 806.
Which according to my googles is https://windowsreport.com/806-error-vpn-gre-blocked/
These steps are already 'inplace' on both firewalls - and problem also persists if I turn off both firewalls??
Re: Interpreting the Event Log
08-01-2021 1:11 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Have you checked your connection firewall setting in the members centre? HERE
The setting should be low or off, as an experiment try turning it off.
Which VPN software you you using? Can you show a image of the port forward rule you have setup? I take it you're using a Hub One?
Regarding the eventog, they don't look like the connection failures for an attempted vpn session.
For me my vpn is running on a raspberry pi 2 using wireguard.
Dan.
Re: Interpreting the Event Log
08-01-2021 1:25 PM - edited 08-01-2021 1:28 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Turtlestacker Did you manually set up a Port forward for port 1723 ? or did you use the built in 'PPTP Server' Application ?
Using the built in PPTP server adds the port 1723 forward but also adds a firewall rule for GRE ( protocol 47 )
NB like @Dan_the_Van I'm assuming you are using a PlusNet Hub One router
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: Interpreting the Event Log
08-01-2021 1:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Yes I am using a Plusnet One router and yes I have turned off the connection firewall in the member centre.
So I am running a server with Windows Server Essentials 2019 - so windows VPN.
Re: Interpreting the Event Log
08-01-2021 1:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hmm - no I manually setup a Port Forward for my device identity - will try that now.
Re: Interpreting the Event Log
08-01-2021 1:47 PM - edited 08-01-2021 1:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Turtlestacker if you use the PPTP server to set a forward to your device, then check the Event Log (Firewall), you should see it sets rules for 1723 and GRE
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: Interpreting the Event Log
08-01-2021 2:47 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have given up on obfuscating my public IP 😕
At the bottom of the event log is when my internet attempted VPN connection comes in - but I see no request on the server event log?
Re: Interpreting the Event Log
08-01-2021 3:06 PM - edited 08-01-2021 3:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Turtlestacker that's because the request seems to be being forwarded to 192.168.1.201 not your server on 192.168.1.140
Looks like the Hub One has got its port forwards confused.
Have you changed the server IP by any chance , from a true static of .201 (set on the server) to a static of .140 set as fixed on the router ? Maybe the Hub One still has the old IP .
Try deleting the port forward and creating it again, but set a user defined IP of 192.168.1.140 rather than selecting a device.
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: Interpreting the Event Log
08-01-2021 3:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@MisterW yes - I saw that but dont understand how that works?? - my server is on static IP of 192.168.1.201 - so that IS where I want things forwarding to - but the device always gets some other (but static) IP when I delete it?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Re: Interpreting the Event Log