cancel
Showing results for 
Search instead for 
Did you mean: 

Interpreting the Event Log

FIXED
dvorak
Moderator
Moderator
Posts: 29,473
Thanks: 6,623
Fixes: 1,482
Registered: ‎11-01-2008

Re: Interpreting the Event Log

Yeah agree with @MisterW, I have phantom devices attached to my wireless network - even though the wireless has been switched off for well over a year and had numerous firmware updates etc.
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
MisterW
Superuser
Superuser
Posts: 14,573
Thanks: 5,408
Fixes: 385
Registered: ‎30-07-2007

Re: Interpreting the Event Log

@Turtlestacker so the port forwarding looks like itscworking. Is there anything in the server log ?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Turtlestacker
Dabbler
Posts: 23
Registered: ‎07-01-2021

Re: Interpreting the Event Log

Again apologies @MisterW - when I VPN over LAN I see the logs in Event Viewer > Windows Logs > System I see the full successful trace of events - but nothing registers here when I try from externally?  Where else do I look to see activity which I can debug?Huh

MisterW
Superuser
Superuser
Posts: 14,573
Thanks: 5,408
Fixes: 385
Registered: ‎30-07-2007

Re: Interpreting the Event Log

@Turtlestacker I'm really not sure what to suggest now. From the router event log it would appear that the port forwarding is working correctly. That there's nothing in the windows event log is strange! Have you tried disabling the windows firewall ? I wonder if the IP change has reset the firewall and it now needs PPTP allowing through again, although I can't see why a simple IP change staying in the same subnet should do that, but heh! its Windows.

The other possibility, does the RAS configuration need modifying for the IP change, again I cant quite see why but you never know.

If neither of those has any effect then it's maybe time to start looking a packet capture on the server to confirm whether PPTP packets are actually being forwarded by the router . I've used this https://www.wireshark.org/ in the past although Windows does have an inbuilt network trace https://techcommunity.microsoft.com/t5/iis-support-blog/capture-a-network-trace-without-installing-a...

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Dan_the_Van
Aspiring Hero
Posts: 2,484
Thanks: 1,117
Fixes: 73
Registered: ‎25-06-2007

Re: Interpreting the Event Log

Hi @Turtlestacker 

netstat is a useful command to use for network activity

netstat -an 2 | findstr 1723

what this command does is look for activity on port 1723 only, the syntax provided repeats every two seconds.

using telnet I get an established connection to port 1723 which suggests the port forward rule for 1723 is working

telnet 80.229.nnn.nnn 1723

C:\Users\Dan>netstat -an 2 | findstr 1723
TCP 192.168.1.101:50376 80.229.nnn.nnn:1723 ESTABLISHED
TCP 192.168.1.101:50376 80.229.nnn.nnn:1723 ESTABLISHED

which vpn app are you using for your connection?

When you try connecting the external connection are you using mobile data or just changing the target IP address to be your public one and trying from your internal lan?

Dan

 

 

 

 

MisterW
Superuser
Superuser
Posts: 14,573
Thanks: 5,408
Fixes: 385
Registered: ‎30-07-2007

Re: Interpreting the Event Log

@Dan_the_Van 

When you try connecting the external connection are you using mobile data or just changing the target IP address to be your public one and trying from your internal lan?

I did wonder about that possibility but from the router logs it looks like the connection is coming (via the public IP) from 84.17.51.32 which I assume is a mobile network ?

 

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Mook
Seasoned Champion
Posts: 1,266
Thanks: 870
Fixes: 9
Registered: ‎27-12-2019

Re: Interpreting the Event Log

@Turtlestacker I've not read the entire thread but have you set the firewall on your Windows Server to accept connections from both the LAN and WAN?

Dan_the_Van
Aspiring Hero
Posts: 2,484
Thanks: 1,117
Fixes: 73
Registered: ‎25-06-2007

Re: Interpreting the Event Log

Hi @Mook 

my ability to telnet his public IP on port 1723 and get a connection I would assume there are no issues with the connection to the server. 

@Turtlestacker have you considered the problem could be where you are trying to VPN from rather the issue being with your router and server? Have you someone you can trust see if they can try from another location?

Dan.

Mook
Seasoned Champion
Posts: 1,266
Thanks: 870
Fixes: 9
Registered: ‎27-12-2019

Re: Interpreting the Event Log

But does it @Dan_the_Van all that proves is that the port is open.

MisterW
Superuser
Superuser
Posts: 14,573
Thanks: 5,408
Fixes: 385
Registered: ‎30-07-2007

Re: Interpreting the Event Log

my ability to telnet his public IP on port 1723 and get a connection I would assume there are no issues with the connection to the server.

@Dan_the_Van I hadn't appreciated earlier that you were actually telnetting to HIS public ip.

Given that the connection is accepted that surely means that both the port forward on the router is working and that the server is seeing the connection attempt since it's being accepted. I cant imagine that the router would accept a telnet connection , let alone one on port 1723!

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Turtlestacker
Dabbler
Posts: 23
Registered: ‎07-01-2021

Re: Interpreting the Event Log

@Mook I *think* i have - can you tell me how I would confirm this is the case?

 

Turtlestacker
Dabbler
Posts: 23
Registered: ‎07-01-2021

Re: Interpreting the Event Log

@Dan_the_Van when coming in from outside I have tried two approaches -

1) Connecting my laptop via mobile data hotspot and then trying

2) Connecting to third party VPN (cyberghost) and then attempting to VPN to my machine through that connection

I am going to have a play with your recommended approach and - will report back.  Given I am networking newbie - it is highly likely that I have configured the server incorrectly!

Turtlestacker
Dabbler
Posts: 23
Registered: ‎07-01-2021

Re: Interpreting the Event Log

@MisterW i had a look at wireshark late last night - but started going cross eyed with confusion - I think there are clues there but I am bewildered by the NIC log - will show you guys what it is doing in a moment.

 

Turtlestacker
Dabbler
Posts: 23
Registered: ‎07-01-2021

Re: Interpreting the Event Log

Not sure if i am diong the correct thing - but opened wireshark and examined NIC1 packets

84.17.51.9 is my IP (via Cyberghost VPN - will try the same thing via mobile data next) so I filtered /ordered the log on that address - and thats what is shown below.  The connection looks as though it is being made - and then all the ICMP Destination unreachable?  Which I assume is the problem?

WS_1.PNGWS_2.PNG

MisterW
Superuser
Superuser
Posts: 14,573
Thanks: 5,408
Fixes: 385
Registered: ‎30-07-2007

Re: Interpreting the Event Log

I'm not sure the ICMP is the problem, its a red herring.

You might be better filtering pptp and gre packets

If my memory serves me correctly

port eq 1723 or gre

should work 

Trying from the mobile would be better

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.