Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » VPN Trouble!!! Please help....
  •  
Dj-Chronicle

Messages: 7
Karma: 0
Send a private message to this user
Hello everybody!!

3 weeks ago I launched a new Citrix Server. It worked fine for a week then the Tuesday after the clients (connect through VPN) started to dropped out randomly (VPN connection stays up, but the data is cut off?), about 12 times a day. I started a LAN session and it worked fine.

I remembered that I updated Winroute Firewall version 6.1.9 to version 6.2.1. I called the support desk in Holland and I explained the situation. They logged in on my Administration Console and they told me that my rules where a mess and that is should correct them. But they also told me that they didn’t support configuration troubles. So I reordered my rules so everyone could logon to VPN again.

The day after people still called me with the same problem. I checked all the log files again. I even launched the old Citrix Server to check if the problem remained. It did. I began to check the internet connection and even contacted the provider to check something was wrong but everything was fine.
I even configured the Winroute Kerio VPN server by the book and the problem remains. (My current VPN server is Routing and Remote Access on a Windows 2000 server).
If the Problem is solved I change to the Kerio VPN server, it is easer to manage.
Last weekend I checked it with PCanywhere and also had the same problem.

An hour ago I started to search on Google for bugs in Winroute Firewall and I found that something was improved:
* improved handling of ICMP destination unreachable messages
(this sometimes caused VPN tunnels to stop working)

Is this really fixed? I am out of options!

Can someone please help me? It is really important. Everyday co-workers connect through VPN on the new Citrix Server.

Kind Regards!

Tim Wijgers
  •  
Dj-Chronicle

Messages: 7
Karma: 0
Send a private message to this user
Update:

It is not in the rules of the firewall. If I create the following rule it olso happens:

Source: Any
Destination: Firewall
Protocol: Citrix
Action: Permit
Translation: MAP ipadress citrix server

Someone an idear?

Kind Regards,
Tim Wijgers
  •  
frankxs

Messages: 85
Karma: 0
Send a private message to this user
Dj-Chronicle wrote on Mon, 26 June 2006 22:37

It worked fine for a week then the Tuesday after the clients (connect through VPN) started to dropped out randomly (VPN connection stays up, but the data is cut off?)

Perhaps you can elaborate on the above? Offhand, it sounds possible that you might have a DNS issue. The reason I say that is because often a DNS misconfiguration (client or server side) can cause an *apparent* intermittent loss of connection. Have you double checked your DNS (computer DNS client and server as well as VPN DNS client and server) to ensure you don't have a mix of local/vpn/public IPs anywhere they shouldn't be? Just a thought.

-Frank
  •  
Dj-Chronicle

Messages: 7
Karma: 0
Send a private message to this user
Hello Frank,

1 question: in the computer i have 2 networkcards.

1. to local
2. to internet



What DNS settings do you have to install on the local ? i have the external DNS servers because when i use the internal i get dns errors the he updates his own A-hosts...

do i have to change them to local ? the dns server is running also on the vpn server/ kerio server
  •  
rons

Messages: 3
Karma: 0
Send a private message to this user
Having just setup a Kerio client to server VPN I am experiencing a similar problem.

The VPN connection appears to connect ok and remains up.

Initially I can connect to my mailserver, but shortly thereafter the connection fails even though the Kerio VPN connection appears to be up. I have to disconnect and reconnect the VPN to get back the mailserver connection. This is pretty consistent behaviour. The connection doesn't fail during a message transfer but only between message sends.

Any further light on the problem would be appreciated.

Cheers

Ron
  •  
Dj-Chronicle

Messages: 7
Karma: 0
Send a private message to this user
Hi Ron,

I don't think it's in the rules anymore. I olso checked all my DNS settings and everything appears to be running fine.

Maybe you can check if it is a VPN problem or a Firewall problem by hooking him up to the internet. I have tried it with the citrix server. It also disconnects. I think there is an problem in the firewall itself. I contacted the support team of Kerio in the UK there was much e-mail traffic but nothing usefull. Now there is only silence.

I don't know what the solution is... hopefully there will be one soon!

Best Regards,

Tim Wijgers
  •  
rons

Messages: 3
Karma: 0
Send a private message to this user
Hi Tim

Thanks for getting back. Yes, rule problems seem unlikely. I also looked at DNS. The client is connecting via the Internet. As soon as the connection is established it talks to the mail server ok. If the connection is kept alive by data transfer between client and mail server then it stays up, however as soon as there's a gap, maybe 30 seconds the connection with the mail server is lost and cannot re-establish without bringing VPN down then up again. Also, I always have to try twice to bring-up the VPN, the first time there is always a timeout error. The second attempt connects quite quickly. Somethings not tuned right and maybe a software fault. No doubt have to wait for a release fix now or shift to IPSEC.

Cheers

Ron
  •  
Dj-Chronicle

Messages: 7
Karma: 0
Send a private message to this user
Hi Ron!

I have some news again. The Second Support line of Kerio is now investigating my problem. They still think it is in the VPN or something. I just think its in the program!

Just check this forum every day and I will keep you informed!

Best regards from the Netherlands!

Tim Wijgers
  •  
rons

Messages: 3
Karma: 0
Send a private message to this user
Thanks Tim

Sounds promising. Be most interested to learn what outcome you get.

Cheers

Ron
  •  
frankxs

Messages: 85
Karma: 0
Send a private message to this user
Dj-Chronicle wrote on Fri, 30 June 2006 15:36

Hello Frank,

1 question: in the computer i have 2 networkcards.

1. to local
2. to internet



What DNS settings do you have to install on the local ? i have the external DNS servers because when i use the internal i get dns errors the he updates his own A-hosts...

do i have to change them to local ? the dns server is running also on the vpn server/ kerio server
The local NIC would typically have internal LAN static IP assignment along with internal LAN DNS server. The external NIC would have ISP assigned static public IP as well as ISP assigned DNS server IP.

If you are getting errors when using internal DNS servers on the internal NIC you should probably look into fixing that.

The KWF can be configured to use specific DNS servers or servers "known to the operating system". I configure mine to use specific DNS servers and I put in the ISP assigned public DNS servers.

Hope this helps.

-Frank

[Updated on: Wed, 12 July 2006 22:28]

  •  
Dj-Chronicle

Messages: 7
Karma: 0
Send a private message to this user
rons wrote on Wed, 05 July 2006 22:56

Thanks Tim

Sounds promising. Be most interested to learn what outcome you get.

Cheers

Ron



Hi Ron,

Finally i had some time to react on this forum.
I almost e-mailed three weeks with kerio and finally came friday an e-mail that they think it's a bug in kerio.

There is still no solution but the development department of kerio is working on it!

Greetings,

Tim
Previous Topic: HTTPS Problem
Next Topic: KWF Recommand Hardware Configure
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 04:41:44 CET 2017

Total time taken to generate the page: 0.00459 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.