The VPN Server has closed the connection.

Forum for all technical support and trouble shooting of the WinGate VPN.

Moderator: Qbik Staff

The VPN Server has closed the connection.

Postby alarosa74 » Apr 18 05 11:00 pm

I'm evaluating WinGate VPN.
I have a client and a server with fixed IP behind a reouter with NAT enabled on port 809. When I try to connect I get the following error:

Object: VPN
Time: 18-Apr-2005 05:05:23
Message ID: 0000
Description: The VPN Server has closed the connection. This can be because it is running an earlier version of WinGate / WinGate VPN or because of a temporary network problem

I'm obviously running the same vewrsion on both machines and the network has no problems I'm aware of.

Please help.

Aleks
alarosa74
 
Posts: 6
Joined: Apr 18 05 10:55 pm

Postby Pascal » Apr 19 05 7:58 am

That message occurs when the server's network traffic does not reach the client (For some reason). This can happen when you have an older version of VPN on one end (As you indicate you do not have) or it can happen when, for some or other reason, the network refuses to deliver the actual traffic.

We've seen this happen occasionally, but it is usually resolved by a subsequent connect (Which, with auto-reconnection should happen shortly thereafter again) In the cases we've seen this it has usually been on a dialup type connectoid (More prevalent on normal 56K modems than on others) and more often on the 9x range of OSs.

Is this a constant problem?
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby alarosa74 » Apr 19 05 9:41 am

Yes it's a constant problem. The reconnect continues indefinitely, but now I get a different problem:

On the client I see for less then a second "SSL control channel negotiated", but then it stays disconnected.

On the server I see in the log " 'x.x.x.x' has disconnected from 'servername' ". Where is x.x.x.x is the correct external IP of my client.

Note that I rebooted the server since my last emails.

Also, I opened port 809 on the router to the server, should I do the same for the client? Any other ports?

Aleks
alarosa74
 
Posts: 6
Joined: Apr 18 05 10:55 pm

Postby Pascal » Apr 19 05 9:45 am

You only need 809 TCP and 809 UDP. But, at this initial stage you are trying to negotiate a control channel connection and that is only TCP.

Would it be possible for you to create a temporary account (WinGate based) so I can try and log in to that VPN of yours? That makes it easier to debug from this side, as we can immediately see what is causing the failure (In most cases). If that is possible, please email me the details required.

If not, try the following:

1. Ensure that you have the certificate generated and setup correctly on the VPN Host.
2. On the client you must have the correct certificate fingerprint OR not validate the server's fingerprint.
3. Ensure that you are getting traffic through the routers appropriately
4. Try connecting from a different client (As a test - that will help elliminate / narrow the problem down to the server / the client)
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby alarosa74 » Apr 19 05 9:56 am

How do I create a WinGate based account?
alarosa74
 
Posts: 6
Joined: Apr 18 05 10:55 pm

Postby Pascal » Apr 19 05 9:58 am

Are you using the NT User database for your WinGate installation? If not, simply go into the "Users" tab and right click on the "Users" list and select "New User".

Grant that user access to login to the VPN (Policies for VPN). Remember, that login is only for the control channel - it does not allow access to your network - so all we will be doing will be checking the ability to connect.
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby alarosa74 » Apr 19 05 12:17 pm

Actually, I'm using NT users.

Can I change back to WG users?
alarosa74
 
Posts: 6
Joined: Apr 18 05 10:55 pm

Postby Pascal » Apr 19 05 12:23 pm

You can change back, but that might become too involved. (Too many configuration changes just to test this problem). Do you have another machine you can use as a client? [Just temporarily]
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby alarosa74 » Apr 19 05 12:33 pm

I tried with a different PC and it worked... but why?
alarosa74
 
Posts: 6
Joined: Apr 18 05 10:55 pm

Postby Pascal » Apr 19 05 12:57 pm

The answer to that question will be in the differences between the two clients. Most likely the method of connection (Router or actual hardware, etc.) It could be outdated drivers for the network cards, a whole variety of things. (As the problem could be caused by a driver discarding packets it deems unsuitable, etc.)

The easiest way to diagnose now would be to look at the differences one at a time and see which could possibly play a role.
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby alarosa74 » Apr 19 05 1:11 pm

Ok, thanks for all your help. I will investigate further.

Aleks
alarosa74
 
Posts: 6
Joined: Apr 18 05 10:55 pm

Postby Pascal » Apr 19 05 1:34 pm

Sure, post back as you go along. This type of information is very useful to other customers as well and maybe more eyes looking at it can help pick out what is different and what causes the problem.

Good luck!
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand


Return to WinGate VPN

Who is online

Users browsing this forum: No registered users and 1 guest