1. Computing

VPN Troubleshooting Guide for Remote Workers

How to solve common VPN problems

By

For a remote worker or telecommuter, having no VPN connection to the office can be almost as bad as having no Internet connection at all. If you're having trouble setting up or connecting to your company's VPN, here are a few things you can try on your own before enlisting your company's IT Department for their help. (Also, VPN issues tend to be on the client's side rather than the company network, though that's not unheard of either.) Be sure to only try the settings/changes you are comfortable with, and rely on your company's IT support for any other troubleshooting.

Double-check the VPN settings

Your employer's IT Department will have provided you with instructions and login information for the VPN, and possibly a software client to install. Make sure the configuration settings are entered exactly as specified; re-enter the login information just in case.

Make sure you have a working Internet connection

Fire up your browser and try visiting a few different sites to make sure your Internet access is really working. If you're on a wireless network and have Internet connection or signal strength problems, you'll need to first solve wireless connection problems before you can use VPN.

If your VPN is browser-based, use the correct, updated browser

SSL VPNs and some remote access solutions work over just a browser (rather than requiring a software client), but often they only work with certain browsers (usually, Internet Explorer). Make sure you're using a browser supported by your type of VPN, check for browser updates, and watch out for any notifications in the browser window that may require your attention before allowing you to connect (e.g., Active X controls).

Test if the issue is with your home network

If you're using a laptop, visit a free wi-fi hotspot and try the VPN from there. If you're able to use VPN over the hotspot's network, the problem lies somewhere with your home network. The next couple of tips can help troubleshoot possible home network settings that can cause VPN problems.

Check if your home network's IP subnet is the same as the company's network

VPN won't work if your home computer appears to be locally connected to the remote office -- i.e., if your IP address is in the same grouping range of IP address numbers (IP subnet) that your company's network uses. An example of this is if your computer's IP address is 192.168.1.[1-255] and the company's network also uses the 192.168.1.[1-255] addressing scheme.

If you don't know your company's IP subnet, you'll have to contact your IT Department to find out. To find your computer's IP address in Windows, go to Start > Run... and type in cmd to launch a command window. In that window, type in ipconfig /all and hit Enter. Look for your network adapter and check the "IP Address" field.

To fix a situation where your home network IP subnet is the same as the company's subnet, you'll need to make some changes in your home router's settings. Go to your router's configuration page (check the manual for the administration URL) and change the router's IP address so that the first three blocks of numbers in the IP address are different from the company network's IP subnet, e.g., 192.168.2.1. Also find the the DHCP Server settings, and change it so the router gives out IP addresses to clients in the 192.168.2.2 to 192.168.2.255 address range.

Make sure your home router supports VPN

Some routers don't support VPN passthrough (a feature on the router that allows traffic to go freely through to the Internet) and/or protocols that are necessary for certain types of VPNs to work. When purchasing a new router, be sure to check if it is labeled as supporting VPN.

If you're having problems connecting to VPN with your current router, do a web search on your router's specific brand and model plus the word "VPN" to see if there are reports of it not working with VPN -- and if there are any fixes. Your router's manufacturer may offer a firmware upgrade that may enable VPN support. If not, you may need to get a new home router, but contact your company's tech support first for more advice.

Enable VPN Passthrough and VPN Ports and Protocols

On your home network, check your router and personal firewall configuration settings for these options:

  • VPN Passthrough: There may be an option, usually in the security settings, to enable IPSec or PPTP (the two most common types of VPN) Passthrough. Your IT Dept. may tell you what kind of VPN your company is using, but, if not, you can enable both. Note: not all routers have this setting, and it doesn't necessarily mean VPN won't work for you if it's missing. It is reassuring to have, though, and lets you know your router is VPN-friendly.
  • Port Forwarding & Protocols: Your firewall (within the router and separately in any installed firewall programs) may need to have specific ports forwarded and protocols opened. IPSec VPNs need to have UDP port 500 (IKE) forwarded, and protocols 50 (ESP) and 51 (AH) opened. For PPTP, Microsoft's VPN tunneling protocol, you'll need TCP port 1723 forwarded and IP protocol 47 (GRE) enabled.

Don't worry if this sounds very complex. First, check your router's manual or website documentation for anything that says "VPN" and you should find the information (with illustrations) you need for your specific device. Also, Tom's Guide to Getting VPN to work through NAT firewalls offers screenshots of these settings using a Linksys router.

Talk to your IT Department

If all else fails, at least you can tell your IT guys you tried! Let them know the workarounds you tried, the kind of set up you have (type of router, Internet connection, operating system, etc.), and any error messages you received.

Feel free to also discuss VPN or other mobile office topics in our forum.

©2014 About.com. All rights reserved.