Remote VPN clients stuck/hang at "Loading Personal Settings" after installing filtering gateway

Posted on 2009-05-05
Last Modified: 2012-05-06
Let me first explain how the network is set up.

Main Office: VPN Router > Switch > SBS 2003 Server (only DC)

Each of 7 Branch Offices: VPN Router > Switch > Clients (all running XP, all either SP2 or SP3)

Each of the branch offices has an ipsec vpn tunnel into the main office. The DNS setting on each of the clients points only to the SBS 2003 server at the main office. When the users log on group policy is applied and their documents/desktop/application data are redirected to storage locations at their respective branch offices.

Now, I've added a filtering machine (running Untangle in bridge mode) to the main office. It is only filtering for viruses, spam, phishing, inappropriate content based on categories. No protocol filtering or intrusion detection.

New Main Office network setup: VPN Router > Filtering Computer > Switch > SBS 2003 Server

All of a sudden when people started logging on today from the remote sites (first day with the filtering computer in the mix), they are getting stuck at "Loading your personal settings" and it will hang there.

I remove the filtering gateway and everything goes back to normal. Clients that never logged off last night had no problems during the day (exchange mail worked in Outlook, could browse shared on the SBS 2003 server, etc).

So I guess my question is, what would cause logons to fail at "loading your personal settings" in respect to the filtering computer? What is is blocking that the clients need?
Question by:tvacc
  • 4
  • 3
LVL 77

Expert Comment

by:Rob Williams
ID: 24318420
I am not familiar with Untangle, but I assume it uses two network cards? If so are the 'in' and 'out' on the same subnet?

Can the remote client machines ping the SBS?
LVL 77

Expert Comment

by:Rob Williams
ID: 24318443
The Untangle computer needs to be configured in "transparent bridge mode". Is this the case?

Author Comment

ID: 24323299
Yes it is. Only the external address is statically configured in this mode. My clients are all set up as 192.168.4.X, 192.168.5.X, 192.168.6.X, etc The main office is set up as 192.168.3.X

I set the Untangle ip for the external interface to be Still nothing. Clients at branch offices can ping the SBS 2003 server by ip address, but not by hostname.
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

LVL 77

Expert Comment

by:Rob Williams
ID: 24324998
One issue: Every site must use a different subnet (network ID). With a subnet mask of /16 ( all sites are on the same subnet, it will not work. Try changing to /24 ( I appreciate this may not be an easy change, but it is a basic routing requirement.

Author Comment

ID: 24327415
Each site has their own subnet /24. Someone at Untangle suggested that I make the external interface of the Untangle be /16. That's the only IP that is /16.
LVL 77

Expert Comment

by:Rob Williams
ID: 24327770
You will need to change that one as well. All network segments between client and server must use a different network ID (Subnet) or routing cannot take place.

However, is routing the main issue? Can users ping all resources? It is very possible they will not be able to resolve names without some tweaks. See my Blog regarding VPN client name resolution:

Accepted Solution

tvacc earned 0 total points
ID: 24670428
I am resolving this with the Untangle people. This can be closed.

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Spam invasion 8 70
Server Backup on 2016 Essentials Box 1 61
Mapping drives cross domain via logon script 2 37
ASA Tunnel 18 42
Let’s list some of the technologies that enable smooth teleworking. 
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question