[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More







A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Guys,

I am trying to configure a SonicWALL TZ400 site-to-site VPN.
We have a Sophos firewall router on the remote side.

The Dell SonicWALL replaces our previous Netgear Prosafe FVS336G router, which connects the site-to-site VPN successfully.

I confirmed the Dell SonicWALL VPN / IPsec settings again and again, but no connection unfortunately.

I used the SonicWALL quick VPN configuration.

I've noticed that the access rules for "VPN to LAN" have been auto-added, as well as "VPN to WAN"

Are there any changes that is needed to the access rules, or NAT rules for the site-to-site VPN to work?
Any recommendations are welcome ...
JavaScript Best Practices
LVL 12
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

Server 2012 Standard
Windows VPN
The VPN is set up and working. The issue is that I do not seem to be able to find where to get it to use a static local IP instead of a DHCP address.
Hence, every time the server reboots it grabs a different one.
I have a remote user overseas that maps a drive by IP.

Is someone would be kind enough to point me to the setting, I would be thankful.

I am trying to implement a VPN using my Netgear Nighthawk.  The client is OpenVPN and the configuration files are downloaded from the router, this includes the client certificate which seems to be the problem.  When I try to connect I get the following error in the log

Tue Nov 13 13:46:04 2018 Certificate does not have key usage extension
Tue Nov 13 13:46:04 2018 VERIFY KU ERROR
Tue Nov 13 13:46:04 2018 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Tue Nov 13 13:46:04 2018 TLS_ERROR: BIO read tls_read_plaintext error
Tue Nov 13 13:46:04 2018 TLS Error: TLS object -> incoming plaintext read error
Tue Nov 13 13:46:04 2018 TLS Error: TLS handshake failed

Looking around on the internet I don't find a clear explanation on how to correct the problem.

The client is loaded on Win 10 Pro, I don't know what else you might need to help me, let me know and I will try to get the info.
Trying to VPN out from a server (Windows 2012) but getting a 720 error - this used to work but not sure what changed.  

The VPN connection is one we setup using the built-in VPN connection under network and sharing center...We have a few users that remote into it and then VPN out to customer sites (they have MAC's and we use a piece of software called RADMIN to remotely connect to the customer PC's).  There isn't a RADMIN compatible client for a MAC.  So they Remote Desktop into the server and then VPN out / connect to remote PC using RADMIN.
I set a group policy to allow remote desktop only from inside the network.

I set up some users to establish a VPN connection to the server’s VPN, with windows VPN service.

Will they be able to remote into their computer with remote desktop, once they establish a VPN connection, will they be considered as part from the network so the group policy will allow them to remote to their computer?

Server 2012
I have a user that connects to the office network (2012 AD Domain) from a Surface Book running Windows 10 PRO (machine is a domain member) using SonicWall VPN client programs, I tired both GVC and SSL VPN to resolve this issue.

The issue is her mapped drive to the file server does not connect all the time.  If she waits long enough it eventually connects.  

Sometimes rebooting the Surface Book fixes it, sometimes not.  

Her other mapped drives work fine and connect without issue.  All sharing and security is the same for the network shares.

When the drive is mapped like this: \\server-name\share-name it does not connect or takes a while to connect.

When the drive is mapped like this \\server-ip-address\share-name  it connects without issue.

I'm ok with using the IP address in the mapping path, but was wondering what might be the cause since I have 10+ other users who do not have the issue, some of whom have identical Surface books.

Is this a NetBIOS issue?  Is it possible her home router is not resolving NetBIOS names to IP addresses?  It works fine when she is on the office Wi-Fi which  uses a different  IP scheme than the network LAN.

Any help is appreciated.

I have a Netgear X10 R9000 Nighthawk router on one end and a XyWall firewall device on the other end and I've been asked to set up a hardware VPN connection between the two.

Looking at the Nighthawk, it doesn't look doable as the Netgear device requires me to download a client to install on a device.  

I'd like to set up a router to router VPN so no client is needed and my thinking is I need like devices on each end.  I can buy another Xywall and replace the Nighthawk if need be.

Thoughts on this?  I'm not familiar with the Xywall but it's got a GUI and I work in SonicWall, Netgear, Cisco, etc devices all the time and do this, so I'm thinking I can figure out the Xywall.

Anyway, thoughts on making this happen?  Device to device VPN between the Netgear r9000 and the Xywall?



I want to use SSL certificate for VPN SSL or web management access, to my Fortigate 200D (version 5.6.3).
A SSL Domain certificate trusted bought to a CA, appears to been correctly uploaded in my Fortinet Firewall but is not shown in the menus such VPN/SSL-VPN Setting or in System/Settings/Administration Settings (Web UI). If I use the command line, that's the same problem. Certifcates are in the vpn list.
show vpn certificate local
get vpn certificate local details
But I can not select my domain certificate (by example, with "config vpn ssl settings" and "set servercert ....").

How did I proceed?
After generating and sending the CSR to the CA, I get instructions to create  two .csr files. I have uploaded the first (for the domain) as local certificate  (status was change from pending to OK), uploaded too the intermediate certificate of the CA. There are both in the certificate list. That looks fine, status is ok. But, there are not in the menus, when I want to select the domain certificate.
I've followed the official documentation
Other source
NB: sslsupportdesk is not my CA (Mine is a well known one).

The only thing, that's the documentation does not mention the password for the private key (certainly a bit too old). I have tried witch a 4096 bits …
Hi guys

We have an application on our work premises that people externally use VPN to access. The port has been set to 'ANY'. However, if I wanted to lock this port down, I have some issues as there is no documentation on what the ports are. When I look at the firewall logs, I can see that the source port always changes but the destination port stays the same. What does this mean if the source port changes but the destination port is the same? I assume the destination port is the port on the application on our side and therefore we can lock the VPN ports down to this destination port?

Thanks for helping

We have a user who is considering to purchasing Phantom VPN from AVIRA for accessing his shows when visiting other countries (which will not permit to access outside the US for example his 2 favorite Hulu and Netflex).  He also said that he wanted anonymity as to the site visiting so it won't know his real IP.

The above said even though there may be option not to show your real location using VPN, the info can be accessed or requested to the VPN provider, as in here Avira?

Appreciate you opinions on the subject,
C++ 11 Fundamentals
LVL 12
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.


I have two users set up in Actitive directory , user-a is in Group A and user-b is in group A and Group B

In the ASA LDAP mappings I have,

"User group A" mapped to "End user VPN profile" and "group B" mapped to "Admin user VPN profile".

However if either User A or B logs in they both get the end user profile. Is there any way to prioritise the profile assigment so that "user b " gets the admin profile and "User a" gets the end user one?

I feel like this should be possible or does each user need to be in a unique group? In the debug I can see the member of groups are being returned correctly, and I have copied and pasted from there to and the policy names to insure there are no miss types
I'm troubleshooting a VPN connection using checkpoint.  I keep getting dropped out from time to time.  Here are the logs from the checkpoint firewall
[28 Oct 7:13:54] IKE tunnel disconnected, error code=-1000. Reason: Site is not responding.
[28 Oct 7:13:54] Client state is connected
[28 Oct 7:13:54] Tunnel (2) disconnected. State is connected. Trying to reconnect.
[28 Oct 7:14:22] IKE connection failed, error code=-1000. Reason: Site is not responding.
[28 Oct 7:14:22] Client state is reconnecting
[28 Oct 7:14:22] Reconnect failed. trying again (2)
[28 Oct 7:15:20] IKE connection failed, error code=-1000. Reason: Site is not responding.
[28 Oct 7:15:20] Client state is reconnecting
[28 Oct 7:15:20] Reconnect failed. trying again (2)
[28 Oct 7:16:05] IKE connection failed, error code=-1000. Reason: Site is not responding.
[28 Oct 7:16:05] Client state is reconnecting
[28 Oct 7:16:05] Reconnect failed. trying again (2)
[28 Oct 7:16:23] IKE connection failed, error code=-1000. Reason: Site is not responding.
[28 Oct 7:16:23] Client state is reconnecting
[28 Oct 7:16:23] Reconnect failed. trying again (2)
[28 Oct 7:17:02] IKE connection failed, error code=-1000. Reason: Site is not responding.
[28 Oct 7:17:02] Client state is reconnecting
[28 Oct 7:17:02] Reconnect failed. trying again (2)

Open in new window

Can someone get me started on the troubleshooting?  What is happening and how can I fix?
I have one RV016 Cisco router.  I´m configuring VPN. I created the user and export the client certificate.
On my notebook I installed QuickVPN client and copy client certificade on his folder.
But i´m not conneting, I´ve got warning : Server´s certificate doesn´t exists on your computer..... Even if I continue I got another error : Connection failure.
What I´m doing wrong ?
We have a new 2nd building on property we own.  someone got verizon fios at the 2nd building (it was already in the 1st building).  They are about 1,200 feet apart with line of sight.

We need the 2nd building to be able to access the network in the first building (and minimize costs).   the 2nd building will have 1 -2  users and MAYBE some file transfers between the 2 buildings, but mostly email, web surfing

I'm trying to see the costs for connecting the 2nd building to our existing network / do we need fios at that 2nd building

Some options I thought of?

1) Setup a VPN - we have a watchguard at building 1 already and that has a VPN to another office in another state.  So add a Watchguard unit for $500? at building 2 and some config time / costs.  and still have the fios ongoing costs.  Anyone know the throughput of a vpn using Verizon fios at both ends?  it's lower than the speed you are paying for from verizon, right?

2) wireless? Maybe Unifi Nanobeam 5AC gen 2  


$113 each and we need 2 of them, plus time / moneh for hardware, mounting poles, etc. That  Would get 400Mbit which is fine (mostly email / web surfing etc at the far end).  But What if we want gigabit on wireless?  Is that doable at a reasonable cost? And can cancel the FIOS

3)  Fiber? I called Lanshack.com and they are saying the fiber cable would need to be outdoor rated (regardless of being …
I am traveling to China for a couple weeks and I would like to use a VPN to bypass the "Great Firewall of China". Is there a free VPN I could use while I am traveling around? Bandwidth is not a huge issue I mostly would like to check my gmail etc., I am using an iPhone SE.
I currently have a Fortinet firewall set up to site-to-site VPN to a remote site and it's working fine. I want to set up another site-to-site VPN tunnel with a new location. Am I ok copying the same security policy configuration settings from the existing tunnel for the new one, or will I need to make some changes to some settings (encryption/authentication/etc.) to prevent any potential issues between the two VPN tunnels connecting to the main office? Any other caveats I need to keep in mind when setting up a 2nd tunnel?

Remote users not getting notified when their network password needs changing

We have a Microsoft network using a Cisco VPN and have remote users

The problem is  the remote users never gets notified that they need to change their password
The password is not changed and the remote user gets locked out- since they were never notified

I was told there is no fix

Anyone have a solution?

I am being dinged by auditors since I have to have the remote users Network passwords set in Active Directory that they cannot be changed
We have had same ip address on two of our locations. There have been 1:1 NAT between sites and we have been able to use network resources with this. However with new software that needs SQL Database access to 1433 port. This doesn't work now with NAT between sites. Any ideas how to get this work? Does SQL or SQL Client need some other settings?
Networks on both site are and NAT is
We are using the Sonicwall Global Client VPN and then MS Remote Desktop to access a office PC.
The problem is the printer redirects are not there?  We want to be able to print from the Office PC back to our Home PC connected printer.

Office PC is Windows 7 Pro (this is in a AD Domain)
Home PC is Windows 10 Pro

Any ideas why the printer redirects are not showing up on the office PC?

Learn Ruby Fundamentals
LVL 12
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

IS it possible to change the subnet pool assignment for CISCO ASA anyconnect VPN client based on user group.

At the moment ~we have standard user and multiple admin user profiles. and we use dynamic access policies to control who can access what based on AD groups.

But is it possible to define what Address pool a client used based on the AD group the user is in? or do you still need separate VPN profiles for this?

I have users connecting utilizing CiscoAnyconnect through our Cisco ASA 5515, this is the setup;

User initiates a connection with CiscoAnyconnect
The ASA asks the user for active directory credentials and is then authenticated through our FSMO PDC
The ASA assigns the remote PC an ip address from the pool we have set on the ASA
The user then is logged in and can access our network as if they were in the building on the LAN
All of which functions fine.

My problem is, since I upgraded our domain servers to 2012r2 everyone with a login on our network can connect. Ticking off “access denied” on the dial in tab of an active directory account doesn’t stop a user from being able to log in. This used to function.

I didn’t originally set this up and I have been unable find how to restrict this,  and after spending 2 hours with a Microsoft support tech yesterday he clearly has no idea either.

I suspect that my DC thinks that this outside subnet is just another WAN on our network so it just lets anybody that has an AD account to connect. How do I make my DC understand that this is an outside subnet so the “access denied” on the “dial in” tab of the active directory account works again and actually restricts user from connecting via our VPN tunnel?

Thanks for any help
I have a T70 device I'd like connect up via BOVPN with a XTM2 device (with wireless) at a home office location.  In front of the XTM2 I will have an AT&T uverse router in bridged mode.

I'd like all of the data from one port on the xtm2 to go back and forth over the BOVPN.  I'd like all of the wireless traffic to travel out to the internet.  

Can someone please tell me if this is possible and point me in the right direction for accomplishing this?   I've setup BOVPN's between two devices before but it was moving all traffic between both devices and I need to keep the wireless (home users) traffic off the VPN.
Hi All,

We currently have an issue with a new build at a remote site.

The overall voice network is fully working at other locations, however the new site is having issues with inbound calls from the PSTN. The phones at both ends (internal and external) will ring, however no audio is passed. The call remains open, but silent.

Calls work outbound from the site successfully. The CUCM/Cube are on the main site, where calls work fine. The remote site is connected to the main network over a site to site VPN.

The only difference between this and other sites is the allocated IP range. The Cisco phones on the remote site are all using public IP addresses, where the main network and other remote sites are utilising private address space.

Any thoughts or suggestions would be greatly recieved.

Many Thanks,

I have a customer that's running a server with Server 2016 Essentials on it that we setup about a year ago. The SSL cert expired a few weeks ago and we renewed the SSL cert through GoDaddy, generated a new CSR, re-keyed, downloaded and installed the updated cert. All standard stuff we do all the time.

Anywho... Anywhere Access works as expected without error but VPN is no longer working as it used to or how our other Server 2016 and 2012 R2 Essentials boxes work. We ran the repair wizard and restarted services, the server, etc. No change.

VPN client connects, but we can't access the remote server shares offsite via UNC ....\\FQDN  or via \\IP ...unless we manually enter the Essentials server's IP in the VPN adapter options - "Use the following DNS Server".

So, what I'm failing to understand is why the remote server's DNS isn't automatically traversing over VPN. It's not a big deal... it's working. I just don't understand why I now have to do this extra step that I never had to do before. I've setup dozens of 2012 R1 and R2 Essentials servers, and probably 4 or 5 of 2016 Essentials... and this is the first one that we've had to add the DNS server to the adapter's config.
where I can locat the OpenVPN access server configuration file ?






A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.