Here are some general troubleshooting tips that will help you figure out 90% of VPN problems.
I will refer to PPTP VPN here as this is the most common.
One thing to help speed up connecting with Windows 7 and PPTP is to specify in your VPN connection the TYPE. Go to properties of your VPN, Networking Tab, Choose PPTP in the drop down. You will see you connect faster as the client doesn’t have to guess at the type anymore, saving time.
When you click connect on your VPN you will see that a smaller window appears and will have some dialogue in it. This dialogue is the connection process and if you understand what each step does, you can generally nail down exactly what your connection problem is.
First. The connection dialogue will say “Connecting to….”. This step is the VPN client trying to communicate with the VPN server using the TCP port 1723. If during this step your vpn just sits there saying Connecting to… and then times out and gives you an error message then you now know that something between you and the VPN server is blocking TCP port 1723. One easy way to “get a second opinion” is to telnet to port 1723. You do so by opening a command prompt (Windows key + R, type CMD and hit enter). You then type this: telnet 1.2.3.4 1723
Substitute 1.2.3.4 with the IP Address or DNS Name of your VPN server. If you are successful the CMD window will go blank with a blinking cursor. If you are being blocked then you will get a message saying Connect Failed. If you get the message “command not recognized”, you don’t have the telnet client installed (See “Turn On/Off Windows Features” to install it).
To remedy this problem you would need to get in touch with your network administrator. And I refer to the network administrator of the network you are on, aka, if you are in a hotel you talk to the hotel, if you are at coffee shop then you would have to talk to Coffee shop, if you are at home then I guess that would most likely be you. Some firewalls have an option you can enable “Allow VPN pass through” that will do the trick. Software firewalls can interfere here. Bloatware apps like All In One security applications have firewalls in them that are generally very intrusive, I would recommend turning off these applications to rule them out as a cause of the issue you are having, if you find it is one of these software firewalls causing the problem you would need to allow an exception for the vpn server you are connecting to.
Second. If step 1 is successful the process brings us here. The connection dialogue will say “Verifying Username and Password”. This step is the VPN trying to communicate with the VPN server using the protocol GRE (notice how this is an entire protocol and no port is associated with it, this is key to understand). GRE is also commonly known as protocol 47, which is important to know if you have to configure an older firewall that doesn’t have a preconfigured setting for GRE, there are firewalls that require you to specify the protocol number in order to be able to allow it. When you are stuck on this step then it is similar to the previous. The GRE protocol is not connecting to your VPN server, so something between you and your server is blocking it. This step is a little more difficult to test outside of the VPN client, so I won’t go into it. Chances are pretty likely that if you get stuck on this step that the firewall between your computer and the internet is blocking.
The remedy here is essentially the same process as step 1. See step 1 remedy.
Third. If steps 1 and 2 are successful you almost have a completed VPN. The connection dialogue will say “Registering computer on remote network”. When you get stuck on this step and it times out then spits out an error then the most likely cause here is actually on the VPN server itself. Common issues that create this error are DHCP pool is out of IP Addresses to hand out (aka, it is full).I have also seen it where a bad NIC driver on the server messes with RRAS and causes this issue. Along those lines, I have seen a corrupt RRAS installation cause this as well.
So the remedy for this step is contact the vpn server administrator and have him investigate the problem.
***Note: Most of the time, the error messages that the M$ VPN Client spits out aren’t helpful at all, but sometimes they are dead on. For example: If you get an error message stating your account doesn’t have permission to dial in, then you know exactly what to do. Contact your admin and ask him to allow you dial in access. Not a connectivity problem at all, just a permission issue.
I hope this information finds itself useful for at least someone. Note that there is no silver bullet here, this is simply a boiled down basic summary of the most common issues I have seen over the span of a few years of supporting PPTP and ways to verify them. The issues I helped clients/employees with that fall outside of the above were so few and far between that they aren’t worth mentioning here.