[Resolved] IPVanish Desktop Client not connecting since moving to pfSense



  • Hi, I had the Windows desktop client version of IPVanish (default install settings) working with my DDWRT router.

    Since swapping to pfSense runnning on an old PC with dual NICs a week ago I've realised that my IPVanish will no longer connect. I can't find any clear instructions when googling this as all responses appear to be about connecting IPVanish directly to pfSense.

    Any ideas where I should look or how to troubleshoot this? I'm thinking it might be additional firewall settings I need, but didn't need them on DDWRT for some reason, so maybe that's not the issue.

    I have tried an any any rule with 443 and 1194 (OpenVPN), but this made no difference.


  • LAYER 8 Netgate

    Nothing in the default configuration would stop an inside OpenVPN client from connecting. It is just an outbound TCP or UDP connection just like any web browsing, DNS lookups, etc.

    What do the logs in your client say when you try to connect?



  • Hi @Derelict ... By playing with settings I have found that if I change the connection settings from IKEv2 to OpenVPN TCP the connection is established correctly. I'm none the wiser as to why this works and why the other didn't, so you or anyone knows, please educate me, I'd love to understand more. :-)

    Logs stated below. I googled the 809 error, but didn't get much that I could understand/use. The error seems generic to my eyes.

    08:28:12 [Information] (VpnSDK::RAS) Connecting to "zrh-c05", Protocol=IKEv2
    08:28:12 [Information] (VpnSDK::RAS::EventLog) The current user has started dialing a VPN connection using a per-user connection profile named IPVanish. The connection settings are: 
    Dial-in User = MYEMAILADDRESSWASHERE
    VpnStrategy = IKEv2
    DataEncryption = Require
    PrerequisiteEntry = 
    AutoLogon = No
    UseRasCredentials = Yes
    Authentication Type = EAP <Microsoft: Secured password (EAP-MSCHAP v2)>
    Ipv4DefaultGateway = Yes
    Ipv6DefaultGateway = Yes
    IpDnsFlags = 
    IpNBTEnabled = Yes
    UseFlags = Private Connection
    ConnectOnWinlogon = No
    Mobility enabled for IKEv2 = Yes.
    08:28:12 [Information] (VpnSDK::RAS::EventLog) The current user is trying to establish a link to the Remote Access Server for the connection named IPVanish using the following device: 
    Server address/Phone Number = 45.82.223.11
    Device = WAN Miniport (IKEv2)
    Port = VPN2-1
    MediaType = VPN.
    08:28:12 [Information] (VpnSDK::RAS::EventLog) The current user has successfully established a link to the Remote Access Server using the following device: 
    Server address/Phone Number = 45.82.223.11
    Device = WAN Miniport (IKEv2)
    Port = VPN2-1
    MediaType = VPN.
    08:28:12 [Information] (VpnSDK::RAS::EventLog) The link to the Remote Access Server has been established by the current user .
    08:28:18 [Error] (VpnSDK::RAS::EventLog) The current user dialed a connection named IPVanish which has failed. The error code returned on failure is 809.
    08:28:18 [Fatal] (VpnSDK::Internal::RAS) The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.. Code=809
    DotRas.RasDialException: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
       at async Task Zorg.VPN.RAS.RasConnection.Connect(CancellationToken cancellationToken)
    08:28:18 [Error] (VpnSDK::RAS) RAS connection failed. Error: 809 Extended: 0
    08:28:18 [Error] (VpnSDK) An exception occurred during connection process.
    VpnSDK.VpnException: Unable to connect to the VPN server.  (809) ---> DotRas.RasDialException: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
       at async Task Zorg.VPN.RAS.RasConnection.Connect(CancellationToken cancellationToken)
       at async Task VpnSDK.Internal.Managers.RasManager.Connect(Server server, IRasConnectionConfiguration connectionConfiguration, IUser user, CancellationToken token)
       --- End of inner exception stack trace ---
       at async Task VpnSDK.Internal.Managers.RasManager.Connect(Server server, IRasConnectionConfiguration connectionConfiguration, IUser user, CancellationToken token)
       at async Task VpnSDK.SDKCore.Connect(Server serverToConnect, IConnectionConfiguration connectionConfiguration, CancellationToken cancellationToken)
    08:28:18 [Verbose] (VpnSDK) VpnConnectionStatus=Disconnected
    08:28:19 [Information] () Will attempt to reconnect. Attempts made: 0, Max attempts 10
    08:28:21 [Information] () Reconnecting...
    08:28:21 [Verbose] (VpnSDK) VpnConnectionStatus=Connecting
    08:28:21 [Information] (VpnSDK::RAS) Connecting to "zrh-c05", Protocol=IKEv2
    08:28:21 [Information] (VpnSDK::RAS::EventLog) The current user has started dialing a VPN connection using a per-user connection profile named IPVanish. The connection settings are: 
    Dial-in User = myemailaddress
    VpnStrategy = IKEv2
    DataEncryption = Require
    PrerequisiteEntry = 
    AutoLogon = No
    UseRasCredentials = Yes
    Authentication Type = EAP <Microsoft: Secured password (EAP-MSCHAP v2)>
    Ipv4DefaultGateway = Yes
    Ipv6DefaultGateway = Yes
    IpDnsFlags = 
    IpNBTEnabled = Yes
    UseFlags = Private Connection
    ConnectOnWinlogon = No
    Mobility enabled for IKEv2 = Yes.
    08:28:21 [Information] (VpnSDK::RAS::EventLog) The current user is trying to establish a link to the Remote Access Server for the connection named IPVanish using the following device: 
    Server address/Phone Number = 45.82.223.11
    Device = WAN Miniport (IKEv2)
    Port = VPN2-1
    MediaType = VPN.
    08:28:21 [Information] (VpnSDK::RAS::EventLog) The current user has successfully established a link to the Remote Access Server using the following device: 
    Server address/Phone Number = 45.82.223.11
    Device = WAN Miniport (IKEv2)
    Port = VPN2-1
    MediaType = VPN.
    08:28:21 [Information] (VpnSDK::RAS::EventLog) The link to the Remote Access Server has been established by the current user .
    

Log in to reply