Remote VPN clients stuck/hang at "Loading Personal Settings" after installing filtering gateway

Posted on 2009-05-05
Last Modified: 2012-05-06
Let me first explain how the network is set up.

Main Office: VPN Router > Switch > SBS 2003 Server (only DC)

Each of 7 Branch Offices: VPN Router > Switch > Clients (all running XP, all either SP2 or SP3)

Each of the branch offices has an ipsec vpn tunnel into the main office. The DNS setting on each of the clients points only to the SBS 2003 server at the main office. When the users log on group policy is applied and their documents/desktop/application data are redirected to storage locations at their respective branch offices.

Now, I've added a filtering machine (running Untangle in bridge mode) to the main office. It is only filtering for viruses, spam, phishing, inappropriate content based on categories. No protocol filtering or intrusion detection.

New Main Office network setup: VPN Router > Filtering Computer > Switch > SBS 2003 Server

All of a sudden when people started logging on today from the remote sites (first day with the filtering computer in the mix), they are getting stuck at "Loading your personal settings" and it will hang there.

I remove the filtering gateway and everything goes back to normal. Clients that never logged off last night had no problems during the day (exchange mail worked in Outlook, could browse shared on the SBS 2003 server, etc).

So I guess my question is, what would cause logons to fail at "loading your personal settings" in respect to the filtering computer? What is is blocking that the clients need?
Question by:tvacc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 77

Expert Comment

by:Rob Williams
ID: 24318420
I am not familiar with Untangle, but I assume it uses two network cards? If so are the 'in' and 'out' on the same subnet?

Can the remote client machines ping the SBS?
LVL 77

Expert Comment

by:Rob Williams
ID: 24318443
The Untangle computer needs to be configured in "transparent bridge mode". Is this the case?

Author Comment

ID: 24323299
Yes it is. Only the external address is statically configured in this mode. My clients are all set up as 192.168.4.X, 192.168.5.X, 192.168.6.X, etc The main office is set up as 192.168.3.X

I set the Untangle ip for the external interface to be Still nothing. Clients at branch offices can ping the SBS 2003 server by ip address, but not by hostname.
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

LVL 77

Expert Comment

by:Rob Williams
ID: 24324998
One issue: Every site must use a different subnet (network ID). With a subnet mask of /16 ( all sites are on the same subnet, it will not work. Try changing to /24 ( I appreciate this may not be an easy change, but it is a basic routing requirement.

Author Comment

ID: 24327415
Each site has their own subnet /24. Someone at Untangle suggested that I make the external interface of the Untangle be /16. That's the only IP that is /16.
LVL 77

Expert Comment

by:Rob Williams
ID: 24327770
You will need to change that one as well. All network segments between client and server must use a different network ID (Subnet) or routing cannot take place.

However, is routing the main issue? Can users ping all resources? It is very possible they will not be able to resolve names without some tweaks. See my Blog regarding VPN client name resolution:

Accepted Solution

tvacc earned 0 total points
ID: 24670428
I am resolving this with the Untangle people. This can be closed.

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question