Can you  post a picture/copy of an event log you want interpreting and explain which bits you don't understand?

I wouldn’t put your server in the dmz, personally think it’s better to just forward the required ports for the VPN.

Is it paranoid to remove my public IP??!  Well I have done it anyway!

So is there not a guide?  So I expect it is showing me [IPADDR]:PORT but what does <--> and - - - mean? What is SYN_SENT ppp3 NAPT? etc?  

Hmm - I didnt start with it there - but I am struggling to access it at all so it seemed worth trying?  How would you begin debugging an external VPN rejection?  

I have managed to connect the VPN through LAN - Method 1?  But am unable todo that when I connect via my mobile internet - I setup my VPN to go to my external static IP address (rather than the local LAN IP address when I connect in method 1).

Thanks for helping!

Paul

Soooo. The port 1723 is shown as open on my external static IP.  Good.

When I look at Windows Event Viewer logs I see this

CoId={8EA60326-0D3B-4222-A7BD-5723A0F78AEC}: The user SYSTEM has successfully established a link to the Remote Access Server using the following device:
Server address/Phone Number = XXMy public IPXX
Device = WAN Miniport (PPTP)
Port = VPN4-1
MediaType = VPN. 

Which is great!  But then the next event is 

CoId={8EA60326-0D3B-4222-A7BD-5723A0F78AEC}: The user SYSTEM dialed a connection named Turtlestack External which has failed. The error code returned on failure is 806.

Which according to my googles is https://windowsreport.com/806-error-vpn-gre-blocked/ 

These steps are already 'inplace' on both firewalls - and problem also persists if I turn off both firewalls??  

Hi @Turtlestacker 

Have you checked your connection firewall setting in the members centre? HERE 

The setting should be low or off, as an experiment try turning it off.

Which VPN software you you using? Can you show a image of the port forward rule you have setup? I take it you're using a Hub One?

Regarding the eventog, they don't look like the connection failures for an attempted vpn session.

For me my vpn is running on a raspberry pi 2 using  wireguard.

Dan.

@Turtlestacker Did you manually set up a Port forward for port 1723 ? or did you use the built in 'PPTP Server' Application ?

Using the built in PPTP server adds the port 1723 forward but also adds a firewall rule for GRE ( protocol 47 )

NB like @Dan_the_Van I'm assuming you are using a PlusNet Hub One router

Yes I am using a Plusnet One router and yes I have turned off the connection firewall in the member centre.

So I am running a server with Windows Server Essentials 2019 - so windows VPN.

Hmm - no I manually setup a Port Forward for my device identity - will try that now.

@Turtlestacker if you use the PPTP server to set a forward to your device, then check the Event Log (Firewall), you should see it sets rules for 1723 and GRE

I have given up on obfuscating my public IP 😕

At the bottom of the event log is when my internet attempted VPN connection comes in - but I see no request on the server event log?

@Turtlestacker  that's because the request seems to be being forwarded to 192.168.1.201 not your server on 192.168.1.140

Looks like the Hub One has got its port forwards confused.

Have you changed the server IP by any chance , from a true static of .201 (set on the server) to a static of .140 set as fixed on the router ? Maybe the Hub One still has the old IP .

Try deleting the port forward and creating it again, but set a user defined IP of 192.168.1.140 rather than selecting a device.

@MisterW yes - I saw that but dont understand how that works?? - my server is on static IP of 192.168.1.201 - so that IS where I want things forwarding to - but the device always gets some other (but static) IP when I delete it?