Solving the problem of VPN blocking by Windows Firewall

This material will be of interest to users who have difficulty connecting to a VPN due to blocking by the Windows firewall. This is especially true for those who often use VPN to work from remote locations or to ensure secure access to the Internet. Understanding how to configure a firewall to allow a VPN can help users maintain their privacy and security online by ensuring a reliable and uninterrupted Internet connection through a VPN.

How to configure your firewall and security tools to allow VPN to work

You've probably already encountered problems with Windows Firewall blocking your VPN. This is usually a given configuration, but you can always find a way around it and establish the connection again. Below are solutions for this problem using the FastVPN application as an example.

Adding an exception for VPN:

• Open Windows Defender Security Center.
• Go to the virus protection and threat settings section. Select Exceptions. Add or remove exceptions.
• Select add exception and add FastVPN (C:\Program Files (x86)\FastVPN\FastVPN.exe).

Changing application permission settings:

• Open Control Panel.
• Select the System and Security section.
• Click on Windows Defender Firewall.
• Under Allow apps through Windows Firewall, select Change settings.
• Find your VPN in the list of programs and applications for which you need to allow access through the firewall.
• Select the type of network (public or private) on which the VPN should work.
• If FastVPN is not found, click "Allow another app" and add FastVPN (C:\Program Files (x86)\FastVPN\FastVPN.exe).

Changing adapter settings is carried out according to the following algorithm:

• Open the control panel and go to the Network and Internet section.
• Select your network and sharing center.
• Click on change adapter settings in the left panel.
• Create a new incoming connection by selecting all users who need access to the VPN.
• Make sure the “Via the Internet” option is selected.
• In the protocols section, select the Internet protocols through which the VPN should connect.
• Find Windows Firewall in Control Panel and open its settings.
• Click on advanced settings and then on incoming rules actions.
• Create a new rule by selecting the port that your VPN uses (for example, TCP port 1723).
• Specify that the connection should be allowed.
• Apply the rule to all network types (domain, private, public).
• Give a name and description for the rule and end it.

Creating a new rule for incoming connections:

• Open Windows Firewall with advanced settings.
• Go to the incoming rules section.
• Click the "New Rule" button right.
• Select the "Custom Rule" option.
• Specify the programs you need or leave all programs.
• Set ports or leave all ports.
• Click on "Specified IP Addresses" under the remote IP.
• Select "This IP address range".
• Enter the IP address range from 10.8.0.1 to 10.8.0.254.
• Close the window and click Next, then make sure the Allow connection option is selected. Apply the rule to all profiles.
• Give the profile a name and click "Done."

After this, you will be able to connect to your home devices via VPN.

Enabling a rule for the PPTP protocol is carried out according to the following steps:

• Open the control panel.
• Select Windows Firewall.
• Go to advanced settings.
• Find the "Routing and Remote Access" option in incoming and outgoing rules. For inbound rules: Right-click "Routing and Remote Access (PPTP-In)" and select "Enable Rule". For outbound rules: Right-click "Routing and Remote Access (PPTP-Out)" and select "Enable Rule".

To allow your VPN traffic to pass through your firewall, open the following ports:

• IP-protocol=TCP, TCP port number=1723 – used to manage PPTP.
• IP-protocol=GRE (value 47) – used for PPTP data transfer.
• Make sure these ports are allowed in Windows Firewall with the appropriate network profiles.
• Do not configure static RRAS filters if you are using NAT routing functionality on the same RRAS server. This is because static RRAS filters are stateless, and NAT translation requires a stateful firewall, such as an ISA firewall.
• If VPN error 807 appears, it indicates that the network connection between your computer and the VPN server has been interrupted. This can also be caused by a problem in the VPN transmission and is usually the result of internet lag or simply means that your VPN server has reached its capacity limit. Try reconnecting to VPN server.

Disable SSL monitoring

Depending on your firewall or security software, there are steps you can take to resolve the Windows Firewall blocking VPN issue. Here's what to do if you're using NOD32 or Kaspersky.

• NOD32: select "Settings", "Advanced Settings", "Antivirus and Anti-Spyware", "Web Access Protection", then "HTTP, HTTPS" Setting up HTTP scanning" and set the HTTPS filtering mode to "Do not use HTTPS protocol inspection."
• Kaspersky: select "Settings", "Traffic Dashboard", "Port Settings" or "Settings", "Network", then "Port Settings" and uncheck port 443/SSL.

Private VPN server: possibilities without problems

When using a private VPN server, the user manages the settings and security settings according to his needs. For example, you can choose ports and protocols that your firewall won't block, or configure your VPN server to use alternative connection methods that aren't blocked. In addition, having your own VPN server allows you to avoid restrictions that may be imposed on public VPN services by providers or organization-managed firewalls. Thus, using a private VPN server is an effective way to bypass VPN blocking by firewalls.

On Private VPN server you will find out why it is profitable to buy a private VPN server. It also describes in detail the features and options for using such servers, provides detailed information about rental options, provides answers to frequently asked questions and offers useful articles about VPN.

Share this article: