• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[Resolved] IPVanish Desktop Client not connecting since moving to pfSense

Firewalling
2
3
3.3k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    snuffy
    last edited by snuffy Jul 31, 2019, 6:21 AM Jul 30, 2019, 6:51 AM

    Hi, I had the Windows desktop client version of IPVanish (default install settings) working with my DDWRT router.

    Since swapping to pfSense runnning on an old PC with dual NICs a week ago I've realised that my IPVanish will no longer connect. I can't find any clear instructions when googling this as all responses appear to be about connecting IPVanish directly to pfSense.

    Any ideas where I should look or how to troubleshoot this? I'm thinking it might be additional firewall settings I need, but didn't need them on DDWRT for some reason, so maybe that's not the issue.

    I have tried an any any rule with 443 and 1194 (OpenVPN), but this made no difference.

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Jul 30, 2019, 7:23 AM

      Nothing in the default configuration would stop an inside OpenVPN client from connecting. It is just an outbound TCP or UDP connection just like any web browsing, DNS lookups, etc.

      What do the logs in your client say when you try to connect?

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • S
        snuffy
        last edited by Jul 30, 2019, 7:34 AM

        Hi @Derelict ... By playing with settings I have found that if I change the connection settings from IKEv2 to OpenVPN TCP the connection is established correctly. I'm none the wiser as to why this works and why the other didn't, so you or anyone knows, please educate me, I'd love to understand more. :-)

        Logs stated below. I googled the 809 error, but didn't get much that I could understand/use. The error seems generic to my eyes.

        08:28:12 [Information] (VpnSDK::RAS) Connecting to "zrh-c05", Protocol=IKEv2
        08:28:12 [Information] (VpnSDK::RAS::EventLog) The current user has started dialing a VPN connection using a per-user connection profile named IPVanish. The connection settings are: 
        Dial-in User = MYEMAILADDRESSWASHERE
        VpnStrategy = IKEv2
        DataEncryption = Require
        PrerequisiteEntry = 
        AutoLogon = No
        UseRasCredentials = Yes
        Authentication Type = EAP <Microsoft: Secured password (EAP-MSCHAP v2)>
        Ipv4DefaultGateway = Yes
        Ipv6DefaultGateway = Yes
        IpDnsFlags = 
        IpNBTEnabled = Yes
        UseFlags = Private Connection
        ConnectOnWinlogon = No
        Mobility enabled for IKEv2 = Yes.
        08:28:12 [Information] (VpnSDK::RAS::EventLog) The current user is trying to establish a link to the Remote Access Server for the connection named IPVanish using the following device: 
        Server address/Phone Number = 45.82.223.11
        Device = WAN Miniport (IKEv2)
        Port = VPN2-1
        MediaType = VPN.
        08:28:12 [Information] (VpnSDK::RAS::EventLog) The current user has successfully established a link to the Remote Access Server using the following device: 
        Server address/Phone Number = 45.82.223.11
        Device = WAN Miniport (IKEv2)
        Port = VPN2-1
        MediaType = VPN.
        08:28:12 [Information] (VpnSDK::RAS::EventLog) The link to the Remote Access Server has been established by the current user .
        08:28:18 [Error] (VpnSDK::RAS::EventLog) The current user dialed a connection named IPVanish which has failed. The error code returned on failure is 809.
        08:28:18 [Fatal] (VpnSDK::Internal::RAS) The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.. Code=809
        DotRas.RasDialException: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
           at async Task Zorg.VPN.RAS.RasConnection.Connect(CancellationToken cancellationToken)
        08:28:18 [Error] (VpnSDK::RAS) RAS connection failed. Error: 809 Extended: 0
        08:28:18 [Error] (VpnSDK) An exception occurred during connection process.
        VpnSDK.VpnException: Unable to connect to the VPN server.  (809) ---> DotRas.RasDialException: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
           at async Task Zorg.VPN.RAS.RasConnection.Connect(CancellationToken cancellationToken)
           at async Task VpnSDK.Internal.Managers.RasManager.Connect(Server server, IRasConnectionConfiguration connectionConfiguration, IUser user, CancellationToken token)
           --- End of inner exception stack trace ---
           at async Task VpnSDK.Internal.Managers.RasManager.Connect(Server server, IRasConnectionConfiguration connectionConfiguration, IUser user, CancellationToken token)
           at async Task VpnSDK.SDKCore.Connect(Server serverToConnect, IConnectionConfiguration connectionConfiguration, CancellationToken cancellationToken)
        08:28:18 [Verbose] (VpnSDK) VpnConnectionStatus=Disconnected
        08:28:19 [Information] () Will attempt to reconnect. Attempts made: 0, Max attempts 10
        08:28:21 [Information] () Reconnecting...
        08:28:21 [Verbose] (VpnSDK) VpnConnectionStatus=Connecting
        08:28:21 [Information] (VpnSDK::RAS) Connecting to "zrh-c05", Protocol=IKEv2
        08:28:21 [Information] (VpnSDK::RAS::EventLog) The current user has started dialing a VPN connection using a per-user connection profile named IPVanish. The connection settings are: 
        Dial-in User = myemailaddress
        VpnStrategy = IKEv2
        DataEncryption = Require
        PrerequisiteEntry = 
        AutoLogon = No
        UseRasCredentials = Yes
        Authentication Type = EAP <Microsoft: Secured password (EAP-MSCHAP v2)>
        Ipv4DefaultGateway = Yes
        Ipv6DefaultGateway = Yes
        IpDnsFlags = 
        IpNBTEnabled = Yes
        UseFlags = Private Connection
        ConnectOnWinlogon = No
        Mobility enabled for IKEv2 = Yes.
        08:28:21 [Information] (VpnSDK::RAS::EventLog) The current user is trying to establish a link to the Remote Access Server for the connection named IPVanish using the following device: 
        Server address/Phone Number = 45.82.223.11
        Device = WAN Miniport (IKEv2)
        Port = VPN2-1
        MediaType = VPN.
        08:28:21 [Information] (VpnSDK::RAS::EventLog) The current user has successfully established a link to the Remote Access Server using the following device: 
        Server address/Phone Number = 45.82.223.11
        Device = WAN Miniport (IKEv2)
        Port = VPN2-1
        MediaType = VPN.
        08:28:21 [Information] (VpnSDK::RAS::EventLog) The link to the Remote Access Server has been established by the current user .
        
        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.