Common Problems of virtual private network
Virtual Private Network or VPN is an effective way to achieve secure network connections. Although business organizations, offices and other institutions normally utilize the services of VPNs, they can also be accessed via home networks. VPNs have gained popularity and are considered as an essential part of any network system. Therefore, the users should be aware of the problems that are commonly associated with VPN.
We discuss some common problems associated with VPN along with their troubleshooting tips below:
Instead of accepting, the connection is rejected
- It should be verified by using Ping command that whether the IP address of VPN server is accessible or not. ICMP messages either going to or coming from VPN server fail to get delivered due to packet filtering and as a result may cause Ping to stop working.
- Remote Access and Routing services on VPN server should be verified.
- In case of VPN connections used for remote access, it should be verified that VPN server is capable of permitting remote access. It should also be verified that VPN server is capable of supporting demand-dial routing in case of router-to-router connections.
- For inbound remote access, L2TP and PPTP ports should be enabled in remote access connections. For outbound and inbound demand-dial connections, L2TP and PPTP ports should be enabled in router-to-router connections.
- At least 1 similar authentication method should be used by the VPN server, VPN client along with one remote access policy.
- At least 1 similar encryption method should be used by the VPN server, VPN client along with one remote access policy.
- It should be verified that LAN protocols utilized by VPN clients should permit remote access on VPN server in case of remote access connections.
- It should be verified that whether all the L2TP or PPTP ports on VPN server have already been utilized or not.
- It should be verified that credentials of the VPN client like domain name, password, and username are accurate and whether the VPN server can validate them.
Instead of rejecting, the connection is accepted
It should be verified that parameters of connection should not be authorized via remote access policies. The permission of remote access by parameters of connection attempt should be denied through user account’s remote access permission.
Cannot reach locations that are far away from VPN server
- In case of VPNs for remote access, it should be verified that whether the protocol can permit routing. Also the option “Entire network” should be selected such that LAN protocols can be used by VPN clients.
- In case of VPNs for remote access, the VPN server’s IP address pools should be verified.
- In case of router-to-router VPN connection supporting two-way traffic exchange, bidirectional routes should be verified.
- There should not be any TCP/IP packet filters in profile properties of remote access policy that is used by VPN connection on VPN server because these can prevent receiving/sending of TCP/IP traffic.
- There should not be any TCP/IP packet filters in demand-dial interfaces which can prevent receiving/sending of traffic.