服务器位于防火墙后面,TCP1723打开以及GRE.我们办公室的其他客户能够很好地连接.我们的办公室位于Juniper SSG5-Serial防火墙之后,但允许所有传出流量,并且其他多个客户端可以毫无问题地连接到VPN服务器.

我还在办公室外的另一个网络上设置了一个完全不同的VPN服务器.功能正常的客户端连接得很好 – Server 2008 R2机器没有.因此,这特别是这台机器的问题.

我重启了它.我已禁用防火墙,两者都没有骰子.

我在服务器/客户端上运行PPTPSRV和PPTPCLNT,它们能够完美地通信 – 表明使用TCP1723和GRE都没有问题.

Server 2008 R2计算机也作为VPN服务器本身(传入连接)运行,并且运行正常.无论是否存在活动的传入连接,我们都会遇到问题.

我不确定我的下一个调试步骤是什么;有什么建议？

编辑：服务器上的事件日志具有来自RasMan的以下警告：

A connection between the VPN server and the VPN client xxx.xxx.xxx.xxx has been 
established,but the VPN connection cannot be completed. The most common cause
for this is that a firewall or router between the VPN server and the VPN client
is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47).
Verify that the firewalls and routers between your VPN server and the Internet allow
GRE packets. Make sure the firewalls and routers on the user's network are also
configured to allow GRE packets. If the problem persists,have the user contact
the Internet service provider (ISP) to determine whether the ISP might be blocking
GRE packets.

显然,这表明GRE是一个潜在的问题.但看到我有其他客户端连接没有问题,以及PPTPSRV和PPTPCLNT能够通信,我怀疑这可能是一个红色的鲱鱼.

编辑：以下是客户按时间顺序记录的匿名事件：

CoId={742CB15C-A7E0-47B7-8240-0EFA1139CBD9}: The user XXX\YYY has started dialing a VPN connection using a per-user connection profile named ZZZ. The connection settings are: 
Dial-in User = XXX\YYY
VpnStrategy = PPTP
DataEncryption = Require
PrerequisiteEntry = 
Autologon = No
UseRasCredentials = Yes
Authentication Type = CHAP/MS-CHAPv2 
Ipv4DefaultGateway = No
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
Ipv6DefaultGateway = Yes
Ipv6AddressAssignment = By Server
Ipv6DNSServerAssignment = By Server
IpDnsFlags = Register primary domain suffix
IpNBTEnabled = Yes
UseFlags = Private Connection
ConnectOnWinlogon = No.

CoId={742CB15C-A7E0-47B7-8240-0EFA1139CBD9}: The user XXX\YYY is trying to establish a link to the Remote Access Server for the connection named ZZZ using the following device: 
Server address/Phone Number = XXX.YYY.ZZZ.KKK
Device = WAN Miniport (PPTP)
Port = VPN3-4
MediaType = VPN.

CoId={742CB15C-A7E0-47B7-8240-0EFA1139CBD9}: The user XXX\YYY has successfully established a link to the Remote Access Server using the following device: 
Server address/Phone Number = XXX.YYY.ZZZ.KKK
Device = WAN Miniport (PPTP)
Port = VPN3-4
MediaType = VPN.

CoId={742CB15C-A7E0-47B7-8240-0EFA1139CBD9}: The link to the Remote Access Server has been established by user XXX\YYY.

CoId={742CB15C-A7E0-47B7-8240-0EFA1139CBD9}: The user XXX\YYY dialed a connection named ZZZ which has Failed. The error code returned on failure is 806.

在客户端上运行Wireshark显示它正在尝试并重试发送“71配置请求”

虽然服务器显示传入的客户端请求,但显然没有回复：

鉴于这是GRE流量,我认为排除GRE流量被阻止.问题是,服务器为什么不回复？

这是服务器从非功能客户端接收的配置请求(意味着没有响应发送到客户端请求)：

这是服务器从工作客户端收到的配置请求：

对我来说,它们看起来是相同的,除了不同的键和幻数,以及一个客户端收到响应而另一个客户端没有收到响应的事实.