cancel
Showing results for 
Search instead for 
Did you mean: 

VPN access or lack of

mazdaman
Interested
Posts: 2
Registered: ‎15-01-2019

VPN access or lack of

Hi New customer to Plusnet and having an issue with VPN access working from Home. Connect to the internet is fine when I try to access my workplace remotely the following error comes up 

Secure VPN connection terminated by local client Reason 422 Lost contact with the secure connection.

I have tried logging in from my brother's house and no issue I was previously with Now TV broadband no issues. Yesterday IT support at work took my laptop home and tested again and had no issues logging into our site. The IT guy is also a Plusnet customer.

I have spent 15 minutes on hold this morning contacting Plusnet support finally got through to be told VPN access is not a Plusnet issue. So now at a dead end 

VPN client is Cisco version 5.0.07.0290

 

8 REPLIES 8
Farrinaf
Grafter
Posts: 54
Thanks: 7
Registered: ‎22-03-2013

Re: VPN access or lack of

Hello

I would not expect Plusnet to investigate this for you (unless you can come up with specific observations/issues as to their connection).

If you have workplace IT support and your VPN is required for work use, personally I would dump the problem back on them to investigate and resolve.

 

For troubleshooting purposes (if not already acquired) it may be worth considering paying a one off fee to obtain a static WAN IP address on your Plusnet home connection (I am assuming this is still available - used to be a one off £5 fee).


However if you wish to attempt to self diagnose some initial  thoughts/observations in no particular order;

Is there a local Cisco connection log on your laptop to review ?

Is your home internet connection DNS resolving the company gateway IP address correctly ? (nslookup via command line)

 

Can you "ping" the company gateway (undertake ping via command line) and if yes, are there any dropped packets ? (note the gateway may have been configured by Company IT to not respond to external "ping" requests, so check with them if no response)

Is your home connection attempts actually reaching your company gateway - what do their gateway logs show ? (undertake a tracert via command line to the company VPN gateway from your laptop whilst using your home connection)


Does the company IT guy (who also uses Plusnet) have the same router as you ? Is he using a cable or WiFi connection from your laptop to his router to test from his home ?

Should you choose to post diagnostic information to this forum, please be mindful this is a public forum so you may wish to consider any security implications of doing so (apologies if I am stating the obvious)

 

 

MisterW
Superuser
Superuser
Posts: 11,121
Thanks: 3,401
Fixes: 260
Registered: ‎30-07-2007

Re: VPN access or lack of

@mazdaman

There has been problems in the past with some VPN clients and certain public address ranges. 

Does the company IT guy (who also uses Plusnet) have the same router as you ? Is he using a cable or WiFi connection from your laptop to his router to test from his home ?

Good advice from @Farrinaf there if the other troubleshooting checks don't show anything, It would also be useful to know what public IP the IT guy has been allocated compared to yours. The first 2 octets are the significant ones...so no need to post any full IP addresses

For troubleshooting purposes (if not already acquired) it may be worth considering paying a one off fee to obtain a static WAN IP address on your Plusnet home connection (I am assuming this is still available - used to be a one off £5 fee).

again, another good idea. The static IP's are allocated from a completely different range to the normal dynamic ones and do not suffer from the problem with some VPN clients.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

mazdaman
Interested
Posts: 2
Registered: ‎15-01-2019

Re: VPN access or lack of

Hi Thanks for replying Re: VPN access or lack of

Hello I would not expect Plusnet to investigate this for you (unless you can come up with specific observations/issues as to their connection).

If you have workplace IT support and your VPN is required for work use, personally I would dump the problem back on them to investigate and resolve.

For troubleshooting purposes (if not already acquired) it may be worth considering paying a one off fee to obtain a static WAN IP address on your Plusnet home connection (I am assuming this is still available - used to be a one off £5 fee). However if you wish to attempt to self diagnose some initial thoughts/observations in no particular order;

Is there a local Cisco connection log on your laptop to review ? –

 

need to have a look

Is your home internet connection DNS resolving the company gateway IP address correctly ? (lookup via command line) -

 

IP address as below

Can you "ping" the company gateway (undertake ping via command line) and if yes, are there any dropped packets ? (note the gateway may have been configured by Company IT to not respond to external "ping" requests, so check with them if no response)

Host is 62.189.75.59 – open Command prompt and type ping 62.189.75.59

Is your home connection attempts actually reaching your company gateway - what do their gateway logs show ? (undertake a tracert via command line to the company VPN gateway from your laptop whilst using your home connection)

Does the company IT guy (who also uses Plusnet) have the same router as you

YES ?

Is he using a cable or WiFi connection from your laptop to his router to test from his home ?

Wired and wireless

Should you choose to post diagnostic information to this forum, please be mindful this is a public forum so you may wish to consider any security implications of doing so (apologies if I am stating the obvious)

Moderator's note by Adie (Dvorak) inserted relevant quote blocks

Farrinaf
Grafter
Posts: 54
Thanks: 7
Registered: ‎22-03-2013

Re: VPN access or lack of

I am assuming that the gateway IP address of the Company VPN server is 62.189.75.59

I can successfully "ping" this address from both a non PlusNet address and also a PlusNet IP (this with a static IP assigned). Connection appears stable with a very, very occasional dropped ping.

For what its worth a tracert from a PlusNet domiciled (static) IP shows

C:\Users\Administrator>tracert 62.189.75.59

Tracing route to 62.189.75.59 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.1.254
2 12 ms 12 ms 12 ms vl241.ptw-ag02.plus.net [84.93.253.120]
3 13 ms 13 ms 13 ms 84.93.253.123
4 13 ms 13 ms 12 ms core1-be1.southbank.ukcore.bt.net [195.99.125.130]
5 13 ms 13 ms 13 ms peer8-et-0-0-2.telehouse.ukcore.bt.net [62.172.103.172]
6 * * * Request timed out.
7 13 ms 13 ms 13 ms ge-0-3-0.cr2.lnd8.alter.net [158.43.188.97]
8 * * * Request timed out.
9 13 ms 13 ms 13 ms pos2-0.gw1.lnd9.alter.net [158.43.150.146]
10 13 ms 13 ms 29 ms lnd2s601.mcilink.com [194.202.139.254]
11 14 ms 14 ms 13 ms 62.189.75.59

Given that both your and Company IT guy's configuration (router/connection method) appear pretty much the same (is he assigned a static PlusNet IP address ?) and the comments of MisterW above regarding known issues with dynamically assigned addresses, I would be inclined to go down the extravagant route of purchasing a static IP address for £5 to see if this does the trick for you.

Whilst I have no specific expertise in the networking area, I believe that PlusNet have relatively recently (12/24 months) undertaken a large network migration and wonder if they are doing something clever with dynamically assigned IPv4 addresses e.g. using Carrier Grade Network Address Translation CGNAT to conserve limited public IPv4 addresses for those whose who actually want static addresses. Hopefully someone more knowledgeable than I might care to comment (eg the learned Bob Pullen ?)

If you go to dnsleaktest.com it should show your current public IP address - might be worth recording this and that assigned post static IP assignment (ensuring that you reboot your router post purchase).

If you login to your account with Plusnet assigning a static IP is an option under Add-ons (see menu bar top right hand side)

MisterW
Superuser
Superuser
Posts: 11,121
Thanks: 3,401
Fixes: 260
Registered: ‎30-07-2007

Re: VPN access or lack of

I believe that PlusNet have relatively recently (12/24 months) undertaken a large network migration and wonder if they are doing something clever with dynamically assigned IPv4 addresses e.g. using Carrier Grade Network Address Translation CGNAT to conserve limited public IPv4 addresses for those whose who actually want static addresses. Hopefully someone more knowledgeable than I might care to comment (eg the learned Bob Pullen ?)

PlusNet do not use CGNAT. There was a limited trial a few years ago but any ideas about implementing it were scrapped.

There has been additional IP ranges brought on over the last couple of years or so, as IPV4 addresses become more used up. Some of these were originally owned by BT and some were US based , although they are now correctly UK registered. Both types can (sometimes) cause issues, the BT ones are (I think) still treated as internal IP's by some older VPN  client software and therefore are blocked t. The ex US ones can sometimes be wrongly located by out-of-date geolocation databases and, again cause problems.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Farrinaf
Grafter
Posts: 54
Thanks: 7
Registered: ‎22-03-2013

Re: VPN access or lack of

MisterW

Thank you for the CGNAT and wider PlusNet network reconfiguration clarification.

I hereby class you as "learned" as well 🙂

Kelly
Hero
Posts: 5,496
Thanks: 375
Fixes: 9
Registered: ‎04-04-2007

Re: VPN access or lack of

HI @mazdaman Does it ever work on your connection?  Or does it always fail?

Kelly Dorset
Ex-Broadband Service Manager
Kelly
Hero
Posts: 5,496
Thanks: 375
Fixes: 9
Registered: ‎04-04-2007

Re: VPN access or lack of

Ah! @mazdaman Just seen on your ticket that you've got it working.  Yell if not Smiley

Kelly Dorset
Ex-Broadband Service Manager