Versionen im Vergleich

Alte Version 6

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Seiteneigenschaften


Description:
This document deals with a number of reasons why data transmission may not be possible even if you have successfully established a VPN connection with the LANCOM Advanced VPN Client.

Requirements:

Scenario:
It is impossible to communicate via the VPN tunnel, even though the tunnel has been established. As illustrated in the image below, the VPN connection is established, but we have not received any RX data packets from the remote network.
Image Removed
Image Added

Procedure:
The following settings should solve the problem:
Step 1:
1.1) Check if NAT-traversal is activated on the remote router you wish to connect to in the menu item VPN → General.

Image Removed

Image Added

Step 2:

Check the order or the network adapters as found by your operating system.


Windows Vista, Windows 7 & Windows 8:

2.1) Open the Network and Sharing Center via Control Panel → Network and Sharing Center.

Image Removed

Image Added

2.2) Click on the option Change adapter settings.

Image Removed

Image Added

2.3) Open you the menu Advanced → Advanced settings.

2.4) Re-order your network adapters as follows:

  • First position: Physical network adapter
  • Middle position: WLAN network adapters, Firewire, UMTS, etc.
  • Final position: Virtual network adapter LANCOM Advanced VPN Client

These changes come into effect after the computer's operating system is restarted.

Image Removed

Image Added

Step 3:

Add the remote local IP network to the VPN configuration of the LANCOM Advanced VPN Client.

3.1) In the LANCOM Advanced VPN Client, open the menu Configuration → Profiles.

Image Removed

Image Added

3.2) Select the profile which you wish to edit and click on the Edit button.

Image Removed

Image Added

3.3) Navigate to the menu Split tunneling.

3.4) Enter the local IP network(s) which are to be accessed via the VPN tunnel.

If you do not specify an IP network here, your Internet traffic will also be directed via the VPN tunnel!

Image Removed

Image Added

Step 4:

Check if you require an IPSec pass-through, or whether this has been set up already.

By default an IPSec connection uses the port 500 UDP, the IP protocol ESP (50), or port 4500 UDP. The VPN tunnel may occasionally be directed via routers which do not support IPSec pass-through. In these cases, the IPSec packets may be handled incorrectly, or they may even be dropped.

A result of this is that, even though the tunnel has been established, it cannot be used for communications. This problem can be avoided by activating port forwarding for the UDP ports 500 and 4500 on the client-side of the router.

For a description on how to set up port forwarding on a LANCOM router, see this Knowledge Base article.

Step 5:

If you cannot use IPSec pass-through, you have the option of setting up a VPN connection based on IPSec over HTTPS. All you have to do in this case is to open the HTTPS port 443.

With IPSec over HTTPS, an attempt is first made to transfer data using standard IPSec. If the connection cannot be established (e.g. because IKE port 500 is blocked), then an attempt is then automatically made to establish a connection that encapsulates the IPSec VPN in an additional SSL header (port 443, like HTTPS).

For a guide on setting up a VPN with IPSec over HTTPS, see this Knowledge Base document.

Step 6

– other possible error sources:

Generally speaking, the LANCOM Advanced VPN Client is not the only security software installed on a system to protect it from unauthorized access.

The system may also be running a virus scanner, a firewall, and/or a Spy Doctor. These programs often integrate deeply into the system, and they can cause software conflicts. A potential effect of this is that the LANCOM Advanced VPN Client may not be able to communicate over an active VPN tunnel.

In this case the connection problems cannot be solved simply by deactivating the program. To find out whether the programs being used are affecting communications, they must first be uninstalled and the operating system then restarted. LANCOM Systems has experienced problems of this nature with the programs listed below. The only way of assisting our customers was for them to uninstall this anti-virus or firewall software:

  • Norton Internet Security
  • Panda Antivirus
  • Trendmicro
  • Kasperski

:

If you are using a computer or a notebook from HP (Hewlett Packard), where the HP Velocity software is installed, deinstalling HP Velocity fixes the issue

Info:
Generally the security software can be reinstalled after the Advanced VPN Client is installled correctly without negative effects to the Advanced VPN Client

.

Step 7:
The VPN tunnel does not work using a UMTS/3G or LTE/4G connection. The following reasons may be causing the problem where a LANCOM Advanced VPN Client is operating on a computer which uses 3G/4G for its Internet connection.
7.1) The 3G/4G provider blocks communications on ports 500 and 4500, or the provider blocks the ESP protocol. In this case, contact the provider of your connection.
7.2) There is a conflict between the LANCOM Advanced VPN Client and the 3G/4G management software. If this is the case, you should prevent the 3G/4G management software from starting with the operating system, and you should allow the 3G/4G connection to be established by the LANCOM Advanced VPN Client.
For a description of how to set up a VPN client connection via 3G or 4G, see this Knowledge Base article.
Step 8:
If your workstation has more than one active network adapter, please check the default gateway. Having more than one default gateway on a workstation may cause the packets to be sent in the wrong direction, or not to be sent at all.
8.1) You can read out your network settings by entering the command ipconfig at the Windows command-line prompt. To run this, click on Start, Run... and enter the command cmd.
Image Removed
Image Added
8.2) At the command-line prompt you then type the command ipconfig.
In this example the workstation has just one default gateway.
Image RemovedImage Removed
Image AddedImage Added
8.3) You can adjust your network settings in the Properties for your network adapter.

Image Added Image Added

Step 9 – other possible error sources:

In most cases security software is installed on the system with the LANCOM Advanced VPN Client to protect it from unauthorized access.

The system may be running a virus scanner, a firewall, and/or a Spy Doctor.

Image Removed Image Removed

These programs often integrate deeply into the system, and thus can cause software conflicts with the Advanced VPN Client. A potential effect of this is that the LANCOM Advanced VPN Client may not be able to communicate over an active VPN tunnel.

In most cases the connection problems cannot be solved simply by deactivating the security program. To find out whether the programs being used are affecting communications, they must first be uninstalled and the operating system then restarted. LANCOM Systems has experienced problems of this nature with the programs listed below. The only way of assisting our customers was for them to uninstall this anti-virus or firewall software:

  • Norton Internet Security
  • Panda Antivirus
  • Trendmicro
  • Kaspersky
Info

Generally the security software can be reinstalled after the Advanced VPN Client is installled correctly without negative effects to the Advanced VPN Client.