Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [Resolved] IPVanish Desktop Client not connecting since moving to pfSense

    Firewalling
    2
    3
    2410
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      snuffy last edited by snuffy

      Hi, I had the Windows desktop client version of IPVanish (default install settings) working with my DDWRT router.

      Since swapping to pfSense runnning on an old PC with dual NICs a week ago I've realised that my IPVanish will no longer connect. I can't find any clear instructions when googling this as all responses appear to be about connecting IPVanish directly to pfSense.

      Any ideas where I should look or how to troubleshoot this? I'm thinking it might be additional firewall settings I need, but didn't need them on DDWRT for some reason, so maybe that's not the issue.

      I have tried an any any rule with 443 and 1194 (OpenVPN), but this made no difference.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Nothing in the default configuration would stop an inside OpenVPN client from connecting. It is just an outbound TCP or UDP connection just like any web browsing, DNS lookups, etc.

        What do the logs in your client say when you try to connect?

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • S
          snuffy last edited by

          Hi @Derelict ... By playing with settings I have found that if I change the connection settings from IKEv2 to OpenVPN TCP the connection is established correctly. I'm none the wiser as to why this works and why the other didn't, so you or anyone knows, please educate me, I'd love to understand more. :-)

          Logs stated below. I googled the 809 error, but didn't get much that I could understand/use. The error seems generic to my eyes.

          08:28:12 [Information] (VpnSDK::RAS) Connecting to "zrh-c05", Protocol=IKEv2
          08:28:12 [Information] (VpnSDK::RAS::EventLog) The current user has started dialing a VPN connection using a per-user connection profile named IPVanish. The connection settings are: 
          Dial-in User = MYEMAILADDRESSWASHERE
          VpnStrategy = IKEv2
          DataEncryption = Require
          PrerequisiteEntry = 
          AutoLogon = No
          UseRasCredentials = Yes
          Authentication Type = EAP <Microsoft: Secured password (EAP-MSCHAP v2)>
          Ipv4DefaultGateway = Yes
          Ipv6DefaultGateway = Yes
          IpDnsFlags = 
          IpNBTEnabled = Yes
          UseFlags = Private Connection
          ConnectOnWinlogon = No
          Mobility enabled for IKEv2 = Yes.
          08:28:12 [Information] (VpnSDK::RAS::EventLog) The current user is trying to establish a link to the Remote Access Server for the connection named IPVanish using the following device: 
          Server address/Phone Number = 45.82.223.11
          Device = WAN Miniport (IKEv2)
          Port = VPN2-1
          MediaType = VPN.
          08:28:12 [Information] (VpnSDK::RAS::EventLog) The current user has successfully established a link to the Remote Access Server using the following device: 
          Server address/Phone Number = 45.82.223.11
          Device = WAN Miniport (IKEv2)
          Port = VPN2-1
          MediaType = VPN.
          08:28:12 [Information] (VpnSDK::RAS::EventLog) The link to the Remote Access Server has been established by the current user .
          08:28:18 [Error] (VpnSDK::RAS::EventLog) The current user dialed a connection named IPVanish which has failed. The error code returned on failure is 809.
          08:28:18 [Fatal] (VpnSDK::Internal::RAS) The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.. Code=809
          DotRas.RasDialException: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
             at async Task Zorg.VPN.RAS.RasConnection.Connect(CancellationToken cancellationToken)
          08:28:18 [Error] (VpnSDK::RAS) RAS connection failed. Error: 809 Extended: 0
          08:28:18 [Error] (VpnSDK) An exception occurred during connection process.
          VpnSDK.VpnException: Unable to connect to the VPN server.  (809) ---> DotRas.RasDialException: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
             at async Task Zorg.VPN.RAS.RasConnection.Connect(CancellationToken cancellationToken)
             at async Task VpnSDK.Internal.Managers.RasManager.Connect(Server server, IRasConnectionConfiguration connectionConfiguration, IUser user, CancellationToken token)
             --- End of inner exception stack trace ---
             at async Task VpnSDK.Internal.Managers.RasManager.Connect(Server server, IRasConnectionConfiguration connectionConfiguration, IUser user, CancellationToken token)
             at async Task VpnSDK.SDKCore.Connect(Server serverToConnect, IConnectionConfiguration connectionConfiguration, CancellationToken cancellationToken)
          08:28:18 [Verbose] (VpnSDK) VpnConnectionStatus=Disconnected
          08:28:19 [Information] () Will attempt to reconnect. Attempts made: 0, Max attempts 10
          08:28:21 [Information] () Reconnecting...
          08:28:21 [Verbose] (VpnSDK) VpnConnectionStatus=Connecting
          08:28:21 [Information] (VpnSDK::RAS) Connecting to "zrh-c05", Protocol=IKEv2
          08:28:21 [Information] (VpnSDK::RAS::EventLog) The current user has started dialing a VPN connection using a per-user connection profile named IPVanish. The connection settings are: 
          Dial-in User = myemailaddress
          VpnStrategy = IKEv2
          DataEncryption = Require
          PrerequisiteEntry = 
          AutoLogon = No
          UseRasCredentials = Yes
          Authentication Type = EAP <Microsoft: Secured password (EAP-MSCHAP v2)>
          Ipv4DefaultGateway = Yes
          Ipv6DefaultGateway = Yes
          IpDnsFlags = 
          IpNBTEnabled = Yes
          UseFlags = Private Connection
          ConnectOnWinlogon = No
          Mobility enabled for IKEv2 = Yes.
          08:28:21 [Information] (VpnSDK::RAS::EventLog) The current user is trying to establish a link to the Remote Access Server for the connection named IPVanish using the following device: 
          Server address/Phone Number = 45.82.223.11
          Device = WAN Miniport (IKEv2)
          Port = VPN2-1
          MediaType = VPN.
          08:28:21 [Information] (VpnSDK::RAS::EventLog) The current user has successfully established a link to the Remote Access Server using the following device: 
          Server address/Phone Number = 45.82.223.11
          Device = WAN Miniport (IKEv2)
          Port = VPN2-1
          MediaType = VPN.
          08:28:21 [Information] (VpnSDK::RAS::EventLog) The link to the Remote Access Server has been established by the current user .
          
          1 Reply Last reply Reply Quote 0
          • First post
            Last post