VPN TroubleshootingThe purpose of this guide is to provide basic setup and troubleshooting for VPN-related issues. Please choose which issue you need help with.
2. VPN Troubleshooting - Mobile Setup
VPN Setup on MobileVPN providers support different protocols. The most popular protocols are L2TP/IPsec, OpenVPN, IKEv2 and PPT. Typically, the VPN provider will provide client software (in this case, mobile apps) for their customer so that they do not have to add VPN settings manually into their OS settings. This software usually has additional benefits, such as providing an up to date list of VPN servers to connect to, easy connect/disconnect to multiple servers across their network, and more. Some VPN providers require their customers to use their software, others do not. Typically, it is simpler and recommended to have the customer download and use the software from their provider.
However, if the customer prefers an "always on" solution, configuring the VPN natively may be a better choice. Additionally, the OS must support the protocol required by the VPN provider (see specific OS support under the setup tabs below).
Native Android VPN Setup
Android supports PPTP, L2TP, and IPSec. These are not the best options available. It is preferred that you have the customer set up their VPN by using the app provided by the VPN service.
NordVPN requires the use of a VPN client on Android - it is recommended to use the standard NordVPN client as it has many useful features over alternatives such as OpenVPN, and is much easier to set up.
Go to Settings > Wi-Fi & internet > VPN.
Tap on the + (plus) symbol and enter in all of the required information to log in. Some providers do not provide a static list of servers publicly, therefore the customer must log into their account on the VPN provider's website in order to obtain a list of servers and supported protocol(s). Select "Always-on VPN" if available.
PPTP and L2TP/IPSec are very weak in terms of security and should only be used for changing locations and light anonymization. Consider using another protocol such as SSTP if the provider supports it. If the customer is concerned about security, advise them to use their provider's VPN client.
Native iOS VPN Setup
iOS currently supports IKEv2, L2TP/IPSec and Cisco IPSec protocols. If the customer's VPN provider does not use any of these protocols, you will have to download and configure the client provided by the VPN provider.
NordVPN requires the use of a VPN client on iOS - it is recommended to use the standard NordVPN client as it has many useful features over alternatives such as OpenVPN, and is much easier to set up.
Tap on Settings > General > VPN > Add VPN Configuration...
Enter in all of the required information to log in. Some providers do not provide a static list of servers publicly, therefore the customer must log into their account on the VPN provider's website in order to obtain a list of servers and supported protocol(s).
Test the VPN configuration by moving the slider next to Status.
3. VPN Troubleshooting - Common Issues
Common VPN Issues
Problem
The customer is unable to connect to the VPN.
Solution
Try another server provided by the VPN service. It is not uncommon for a server to go down.
Ensure that the customer has the latest version of the VPN client installed.
Review all VPN clients installed on the customer's machine. If they have multiple clients installed, conflicts may arise.
Restart the VPN client. Many VPN clients also have an associated Windows Service. If restarting the client does not work, restart the service by going to Start > Run > services.msc
Find the service for the VPN client in question (E.G. Cisco AnyConnect), double-click on it, click Stop if it is running, and then Start.
Ensure that a firewall is not blocking VPN access.
Try changing the VPN tunneling protocol.
The customer may have an old router that does not support VPN Passthrough, or the router may need VPN Passthrough enabled.
Problem
The customer is experiencing slow speeds while using the VPN.
Solution
Try another server provided by the VPN service. Typically, VPN services allow the user to access the VPN via multiple servers. The server in question may be experiencing load issues.
Problem
The customer receives the error message: "FATAL:All TAP-Windows adapters on this system are currently in use." when trying to connect.
Solution
Try restarting the TAP adapter. Go to Control Panel > Network and Sharing Center > Change Adapter Settings. Find the connection which is prefixed with "TAP". Right click on it and select Disable, then Enable.
Problem
The customer receives the error message: "FATAL:There are no TAP-Windows adapters on this system", or, "FATAL: Blocking DNS failed."
Solution
TAP drivers should be reinstalled. They should be downloaded from the VPN's provider website.
Problem
The customer cannot access local network shares/printers while connected to the VPN.
Solution
Windows uses the DNS server on the VPN side to perform DNS lookups. This requires changing the customer's DNS server while connected to the VPN, and is not recommended for security reasons.
VPN Error Codes
806 - A Connection Between Your Computer And The VPN Server Has Been Established But The VPN Connection Cannot Be Completed
TCP port 1723 is being blocked on the router level. Unblock it
720 - No PPP Control Protocols Configured
The configured VPN protocol does not match what the VPN server supports.
51 - Unable To Communicate With The VPN Subsystem
The service for the VPN client is not running. Restart the service via services.msc
619 - A Connection To The Remote Computer Could Not Be Established
Port or firewall configuration is preventing the VPN connection
4. VPN Troubleshooting - PC Setup
VPN Setup on PCVPN providers support different protocols. The most popular protocols are L2TP/IPsec, OpenVPN, IKEv2 and PPT. Typically, the VPN provider will provide client software for their customer so that they do not have to add VPN settings manually into their OS settings. This software usually has additional benefits, such as providing an up to date list of VPN servers to connect to, easy connect/disconnect to multiple servers across their network, and more. Some VPN providers require their customers to use their software, others do not. Typically, it is simpler and recommended to have the customer download and use the software from their provider.
However, if the customer prefers an "always on" solution, configuring the VPN natively may be a better choice. Additionally, the OS must support the protocol required by the VPN provider (see specific OS support under the setup tabs below).
Native Windows 10 VPN Setup
Windows 10 supports PPTP, L2TP/IPSec, SSTP and IKEv2 protocols. If the customer's VPN provider does not use any of these protocols, you will have to download and configure the client provided by the VPN provider.
NordVPN requires the use of a VPN client on Windows 10 - it is recommended to use the standard NordVPN client as it has many useful features over alternatives such as OpenVPN, and is much easier to set up.
Go to Windows Settings > Network & Internet > VPN.
Enter in all of the required information to log in. Some providers do not provide a static list of servers publicly, therefore the customer must log into their account on the VPN provider's website in order to obtain a list of servers and supported protocol(s).
PPTP and L2TP/IPSec are very weak in terms of security and should only be used for changing locations and light anonymization. Consider using another protocol such as SSTP if the provider supports it. If the customer is concerned about security, advise them to use their provider's VPN client.
The VPN will now appear next to the list of available Wi-Fi networks in the customer's network popup menu. Click on Connect.
Native OSX VPN Setup
OSX currently supports PPTP, L2TP, IPSec and IKEv2 protocols. If the customer's VPN provider does not use any of these protocols, you will have to download and configure the client provided by the VPN provider.
NordVPN requires the download and installation of an IKEv2 certificate before setting up the VPN connection. Please see the dedicated NordVPN setup instructions.
Click the Apple logo and select System Preferences > Network.
Click the plus (+) sign. Under Interface, select VPN. Fill out the remaining information according to the information provided by the VPN provider. Generally, the customer must log into the VPN provider's website in order to get an updated list of VPN servers and their supported protocol(s).
PPTP and L2TP/IPSec are very weak in terms of security and should only be used for changing locations and light anonymization. Consider using another protocol such as SSTP if the provider supports it. If the customer is concerned about security, advise them to use their provider's VPN client.
Once downloaded, open the certificate file from the Downloads folder.
The Add Certificates window will appear. Click Add to add it to the login keychain.
Right-click the NordVPN Root CA certificate in the login keychain, and select Get Info.
Next to When using this certificate, find IP Security (IPsec) and Extensible Authentication (EAP), and selectAlways Trust. Leave any other fields as Never Trust. The customer will then have to enter their Mac password. After that, close the keychain.
Click the Apple logo and select System Preferences > Network.
Click the plus (+) sign. Under Interface, select VPN. Fill out the remaining information according to the information provided by the VPN provider. Generally, the customer must log into the VPN provider's website in order to get an updated list of VPN servers and their supported protocol(s).
PPTP and L2TP/IPSec are very weak in terms of security and should only be used for changing locations and light anonymization. Consider using another protocol if the provider supports it. If the customer is very concerned about security, advise them to use their provider's VPN client.
.png)
