cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to connect to company VPN (resolved)

aesmith
Pro
Posts: 624
Thanks: 76
Fixes: 4
Registered: ‎26-09-2015

Unable to connect to company VPN (resolved)

Hi,
Another issue, which seems to be Plusnet related.  We have a remote access VPN using the normal Cisco VPN client.  I connect from a Windows machine at home using the "Shrewsoft" client (for historical reasons, when Cisco didn't provide a 64bit client).    Alternatively when I use the Macbook it uses the built-in networking.  
From the Plusnet connection it now just times out, reporting no response from remote gateway.     I can connect from our second Internet at the office, from inside the network, or over 4G.    I get the same symptoms with at least one customer remote support VPN, which uses the same client.  
Are there any known Plusnet issues with remote access VPNs?
I'm on normal Plusnet ADSL, what they call "Unlimited broadband".    Router is the same as I was using with my previous ISP.
Thanks,
Tony S
5 REPLIES 5
minkey
Rising Star
Posts: 418
Thanks: 15
Fixes: 2
Registered: ‎22-07-2007

Re: Unable to connect to company VPN

Have you tried with the plusnet firewall turned off?
https://portal.plus.net/my.html?action=firewall
w23
Pro
Posts: 6,347
Thanks: 96
Fixes: 4
Registered: ‎08-01-2008

Re: Unable to connect to company VPN

Quote from: minkey
Have you tried with the plusnet firewall turned off?

Requires disconnect/reconnect after changing the setting.
Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
Townman
Superuser
Superuser
Posts: 22,922
Thanks: 9,539
Fixes: 158
Registered: ‎22-08-2007

Re: Unable to connect to company VPN

That is just drop the PPP session, not xDSL whuch might upset the DLM.
Do check out the various settings of the PlusNET firewall - look at the advanced options. IIRC there is an option which allows VPN without needing to completely switch it off.
Having it switched on will inhibit some unsolicited traffic from utilising your bandwidth.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

aesmith
Pro
Posts: 624
Thanks: 76
Fixes: 4
Registered: ‎26-09-2015

Re: Unable to connect to company VPN

Thanks, it sounds like that's probably the issue.    Will check tonight.   I wouldn't have expected a firewall to interfere, since it's not an inbound connection and all packets are UDP, so a normal statefull firewall should see the return packets as valid replies.   However I see that Plusnet say it does break VPNs.
Slightly bizarre that a firewall should block VPN return traffic, but allow unsolicited inbound ICMP, however I guess it is what it is.
Tony S
aesmith
Pro
Posts: 624
Thanks: 76
Fixes: 4
Registered: ‎26-09-2015

Re: Unable to connect to company VPN (resolved)

Fixed by turning FW Off.  Wireshark shows no reply to initial ISAKMP request, even though that's embedded in a perfectly normal UDP packet.  So I conclude that the firewall must have explicit blocking whether the inbound packet is unsolicited or as a reply to a valid outbound request.  Presumable with exclusions for DNS, NTP etc.