By using AWS re:Post, you agree to the Terms of Use

Connection to external VPN from Windows Server 2016


I have to access an on-premise VPN (L2TP/IPSec) via a t3.large instance. However, when I attempt to access the VPN, the server reports error 809.

Things I have done:

  • Set up a new VPC, Routing Table, Subnets, Internet Gateway. Attached everything - pretty much replicated the default VPC.
  • Checked network ACL list to ensure that all traffic is allowed through. (For testing purposes)
  • Allowed incoming ports/protocols in the SG: UDP 500, 1701, 4500; AH all traffic; ESP all traffic; TCP 3389.
  • Opened the same ports and protocols on Windows. (I've even turned off the firewall).
  • Set up the VPN on Windows, including setting the pre-shared key, and setting the other configs that the IT guy on the other side has given me. (MS-CHAP V2)

Are there any obvious steps that I am missing?

1 Answer

Do you have ICMP access to the remote server? 809 refers to network error and best way to ensure you have bidirectional connectivity is using pings. Have you configured elastic IP (EIP) on your EC2 instance. For VPNs, it's best to assign EIP. If you do not have ping access to your remote server, try to ping an IP on the internet (ex: That will ensure you have set up your routing appropriately to be accessible from the Internet.

answered 7 months ago
  • I do have ICMP access to the remote server, I am able to ping it from my side. I did not have a EIP - I have now created one and attached it to the instance, but it made no difference.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions