Troubleshooting VPN connections

If you have set up your VPN but it does not connect, what should you do first?

The very first thing to do is determine whether anyone else using the Stratosphere VPN can connect to your EPN environment. If someone--anyone--can, then the problem is most likely with your client.  There are a few things, however, that you should rule out on the Stratosphere side.

On the Datapipe Stratosphere side:

Step 1:  Check that the Stratosphere VPN is enabled.  If it is disabled, no one can connect.  To re-enable, click on the green button on the far right.  You will be prompted again to enter a range of addresses to assign to your VPN connections.

Troubleshoot 1

Step 2: Check that the user account you are using exists within EPN.  Stratosphere's VPN uses two-factor authentication.  Connecting requires both a valid user account and password; and preshared key.  If one is missing or incorrect, the connection will be denied.

Troubleshoot 2

NOTE: If you think you may have the password incorrect, there is no way to change it within EPN.  You will need to delete the user account and recreate it, entering the password again.

Step 3:  Check that the preshared key you are using is correct. Since the key is a jumble of characters, not recognizable or familiar words, typing errors are common.  If you cut and pasted the key from your browser view, you may have inadvertantly added or deleted a character.  

Troubleshoot 3

Step 4: Check that the network you assigned to your VPN does not conflict with your system. If your workstation is addressed in the same network range as the VPN pool of addresses you defined, establishing a connection will likely cause routing issues.  Eg., if your workstation uses an address in the 192.168.0.0 network space and you allocated a VPN range in the same space, routing would not be able to direct traffic to the correct path.

Also check that the range of addresses you allocated for VPN clients is sufficient.  If you allocated 20 and they have been assigned, there are no additional addresses available for your connection.  

If you need to change the range of addresses, you must disable the VPN.  When you re-enable the VPN, it will prompt you to enter a new range of addresses.  CAVEAT: Disabling the VPN will abort all current connections so do that only as a last resort or as a scheduled maintenance event.

Troubleshoot 4

If everything looks OK on the Stratosphere side but you still cannot connect, try starting over.  It will not take very long to recreate everything.

On the client side:

There are as many variables to the client-side configuration as there are clients.  The most common issues that could prevent successfully establishing a VPN connection from the client to Datapipe's Stratosphere are, in no particular order of preference,

  • Internet or dial-up connectivity in general
  • Site or address black listing or quarantines, either by internal systems or ISP
  • Organizational firewall rules
  • Organizational network restrictions (Access Control Lists, WLAN secuity, etc.)
  • Organizational or local workstation policies or restrictions
  • Organizational intrusion detection, anti-virus, content filtering systems
  • Domain or directory service policies or restrictions
  • VPN client, operating system or hardware incompatibilities or shortcomings
  • Missing software dependencies or components
  • VPN or network connector misconfiguration
  • PEBKAC (Problem Exists Between Keyboard And Chair)

The first step would be to start over with the client-side configuration.  Destroy what you have that is not working and recreate everything from scratch.  If that fails to resolve the problem, a basic troubleshooting step would be to try establishing the connection from another machine or network.  If it connects from A but not B, then you know there is a problem somewhere on B.