A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have 2 network policies set for our Radius clients;
1) Allow VPN connections (to VPN user group)
2) Grant priv 15 access to Cisco devices to admin group

Our issue is that if we have is that only the first policy is being processed - the VPN policy is first then we are unable to get to privileged mode on our Cisco devices, if Cisco is first then users cannot authenticate over VPN as this is being rejected by the Cisco rule.

I believe this was working in the past, so am unsure whether this is a configuration problem or the issue lies elsewhere. Nothing has changed that might explain this problem.

Thanks in advance.
I am using PFsense2.4.4 with 3CX 16 and Everything (inbound and outbound calls) are  working fine but I am not able to register the phones over the VPN ( other end firewall is fortigate) I have done everything as https://www.3cx.com/docs/fortigate-firewall-configuration/  . The interesting part is I am able to work with softphone but not with IP phones( tested with yealink,polycom).
Is it risky to use a 3rd-party VPN service such as NordVPN for a business?  The goal is to make it harder for attackers to break in to the office through the Internet.  The goal is not to allow people to connect to the office remotely.  The line of thought is that forcing all office Internet traffic through a VPN would make it harder for an attacker to target the office because the VPN would make the office Internet connection anonymous.

Would using a VPN in this way negate the protections provided by a NAT router?  What about if the router itself is configured to make the VPN connection for the whole office instead of having each individual client computer connect?  Which is the best way to do it?
I need to include in a batch script file command to unload from memory FortiClientVPN.  I don't want  to uninstall it, I want that when the computer start, it unload from memory.  I have found to use TaskKill:

taskkill /im FortiTray.exe /t /f
taskkill /im FortiSSLVPNdaemon.exe /t /f
taskkill /im FortiSettings.exe /t /f
taskkill /im scheduler.exe /t /f
taskkill /im FCDBLog.exe /t /f 

Open in new window

But when I look at the task manager, it still in memory.

I do get to unload it from memory by using "Shutdown FortiClient" from taskbar, but since I need to unload it from memory every time the computer start, I am looking for a command that does  similar as the "shutdown FortiClient" does.
hi both on same asa firewall - remote access vpn already in place

can i also add site to site  vpn? thanks
can you have a windows VPN on a server that allows an iPhone to connect to it, and also not require a username and password?
Hello All,

I have noticed that every machine that I have updated to build 1903 has stopped allowing VPN to work.  When connecting it just spins and spins and does nothing.  I have found online that this is an issue with 1903 and that the only way I found around it is to use the old rasphone.exe found in the Windows\System32 folder.  Has anyone else experienced this?  If so are there another work around besides reverting back to an earlier build.


got server 2016  std
got routing and remote access configured in it.
how do I find what type of vpn is configured in it ?? whether it is pptp or l2tp or sstp ?
anyway to find it ?
Good day,
We have a VM host that runs two server machines.  The first is the DC/FS and it works great.  The second machine is a terminal server.  It constantly is freezing on the users and it is getting frustrating.  Here is some info:

Host machine is running Server 2016 Standard.  Its specs are:

HPE Proliant DL380 G9
Xeon E5-2620 v3
RAID 10 for the virtual disks

Server is stable, no issues.

The host machine allocates a large portion of RAM to the DC and the TS.  The DC currently has 8GB and 8 virtual processors.  The TS has 10GB RAM, and also 8 virtual processors.  Originally I had the TS with less RAM and processors, but in trying to fix the freezing issue, I increased the resources.  I plan on bringing them back down.

The TS has only 3 users signing in.  They use the same domain account to log in to the server.  The TS is configured to allow the same user to log in multiple times.  It is light usage.  The TS exists to run only one program.  While using that program, the users may open Word or Adobe, but not much of anything else.  About 4 or 5 times a day, the server just stops responding to that user.  The other users logged in do not experience the same.  It will just spin and spin.  The remote connection never breaks.  Frustrated, they just click the x on the top blue ribbon, and re-log back in.  Then its totally normal until it freezes again.  

During the freeze, the internet is working normally, the others users aren't affected.  A VPN …
My goal: want to connect to my clients with a unique url for each client

 am wondering if I can set a virtual PC in the cloud and with a VPN add it to my clients local network and then have a link to connect to the vm.

not in a domain environment. and no server on premises
I have a huge number of messages in my VPN router LAN access from remote. And I do not know where are they coming from. No email server is setup, it does not seems to have any games on it. the only thin I have created a port for RDP  and forward that port so I can access the server from ouitside

Please advice
Having an issue with a meraki and an ASA site to site.  When i first built tunnel it showed up, both green on meraki and showing MM_active in the crypto sa on the ASA.  But Still can't talk to devices behind the asa.  And periodically when I check asa vpn status it shows red, but when i try to ping something behind the asa i get 100% loss but the tunnel will then show green.  Not sure if its an issue with meraki and using summarized subnets or something else.  Anyone have experience with this?Capture2.PNG

I have a Synology NAS and router which both support lots of Vpn solutions.

I have a pretty safe home network (Pihole, Proxy, intrusion detection etc) so I d like all my mobile device to use my hole network all the time.

Now what would be the best technology (Vpn) and how do I prevent battery draining (each connection attempt) but make sure all traffic goed via Vpn (iis, Android, w10)

Have a remote employee that VPN's to our server.  Their home IP address changed and now they cannot VPN.  We use whitelisting on our router, meaning no outside IP's get past the router unless the IP is listed.  I added the employee's new IP to the router, but they still can't VPN.

Here's the weird thing, though.  When he is trying to VPN, the router logs don't show he is even making it to the router.  If he does "Telnet", his IP shows up in the log on the router, but if he tries to VPN from the same machine, nothing in the log on the router.

Another thing he tried was using his hotspot on his phone and when he tried to VPN his laptop using the phone's hotspot, that IP address for the phone hotspot showed up in the log on the router, but he wasn't able to VPN.

So, what do we need to check?
Hello Experts,

In my company, we are using a watchguard firewall for the VPN connectivity at the other branches. At the moment, VPN is working fine. Now, We have added backup internet line at HO and wanted to configure fail-over VPN in case primary internet break down.

HO - Watchguard T35  (2 Statick WAN IPs)
Branches - Billion 8920NZ VPN router. (1 Static WAN IP)

I have created VPN (BOVPN) on both end but it is not coming up after removing primary internet line during Test. At HO, Primary and backup internet lines working fine without issue but branches are not picking up backup line for VPN.

Please help me.

Thank you ALL.
I want to have the ability to connect safely to my network from home. Is there any freeware out there that allow me to do that? Do I have to open up any port on the wireless router?
One of our remote workers has been VPNing every day, but today their IP address changed and now they cannot VPN.  We use a Zyxell router and I have it set so that only IP addresses I list and approve are able to log in.  I added the employees new IP address, but they still can't VPN.  

What should I look at, either on their machine or on ours?
I need to setup a site-to-site VPN tunnel on my sonicwall.
My WAN interface has IP x.x.x.150
I have a range of 30 addresses I use for other NAtd objects (like email)

I want to use x.x.x.140 as the main IP address for this new VPN site-to-site tunnel.
So i want my peer to connect to this IP.

I need help. not sure how to make sonicwall do this. I thought maybe i needed to NAT inbound traffic to this external IP but wasnt sure where to translate it to.
Windows Server 2016, had VPN working with Routing and Remote Access but Installed a new SSL Certificate on the server and now when I start the Service I can't even ping the server .
Hi, did have this working for VPN access but stopped after Installing a new SSL on to the Server. Now when I start it I can't even ping the server on the LAN.
Sonicwall TZ600 constantly disconnects that worked fine until about 2 weeks ago.  I'v reached out to Sonicwall tech support, and they try the same connection using RDP and the latest GVC(which is what we are doing) and Sonicwall has no issues.  I've sent them the TZ600 vpn logs and the GVC client logs, but they have not resolved the problem for me.  

Here is a copy of the remote user's log:
2019/08/15 16:20:01:748	Information	x.x.x.x8	The SA lifetime for phase 1 is 28800 seconds.
2019/08/15 16:20:01:748	Information	x.x.x.x8	Phase 1 has completed.
2019/08/15 16:20:01:848	Information	x.x.x.x8	User authentication has succeeded.
2019/08/15 16:20:01:948	Information	x.x.x.x8	The configuration for the connection is up to date.
2019/08/15 16:20:02:028	Information	x.x.x.x8	Starting ISAKMP phase 2 negotiation with xxx.xxx.xxx.xx5/
2019/08/15 16:20:02:078	Information	x.x.x.x8	The SA lifetime for phase 2 is 28800 seconds.
2019/08/15 16:20:02:078	Information	x.x.x.x8	Phase 2 with xxx.xxx.xxx.xx5/ has completed.
2019/08/15 16:20:33:091	Error      	<local host>	Failed to send an outgoing ISAKMP packet. A socket operation was attempted to an unreachable host..
2019/08/15 16:20:34:411	Information	x.x.x.x8	Starting ISAKMP phase 1 negotiation.
2019/08/15 16:20:34:471	Information	x.x.x.x8	NAT Detected: Local host is behind a NAT device.
2019/08/15 16:20:34:471	Information	x.x.x.x8	The SA lifetime for phase 1 is 28800 

Open in new window

Intermittently our speeds drops significantly on our Comcast modem and I have isolated it to our Exchange server. Typically we have speeds of 125 Mbps for DS and 25 Mbps for US. Latency is usually around 15-20 ms. But then we will drop to 80 for DS and our US might drip below 1 Mbps with latency going up to 50-125 ms. If I disconnect the Exchange server from the network it goes right back to the typical speeds. I have our Exchange server connected to a switch for both the Static IP card and the internal network card. I have the modem plugged into the switch also. If I unplug the modem from the switch it will resume regular speeds but we don't have active sync working on our phones. We have about 40 users VPN in for mail and a legacy application that we use for property management. If I restart our Exchange server speeds tend to resume to normal levels.
Always On VPN is functional except on one user's machine so far.

The user's machine was added to the domain, they got a valid certificate for authentication to connect via the Cert. Auth.
We utilized the users network account, not local account
I added all the VPN items, in, like every other machine (and it works on every other one)

When I hit connect on that machine it starts to connect to the VPN, but then prompts for user/pass credentials. No other machine has prompted for these. I have tried the users local/network profiles
I have tried domain/local admin profiles
Nothing works at all

Every other machine can connect, 0 issues minus that one. They are all domain joined, domain accounts, same certificates.

Ideas before I throw it out a window?
Need help joining Azure AD device (Synology DiskStation) to Azure AD.  I found a post https://www.synology.com/en-us/knowledgebase/DSM/tutorial/Management/How_to_join_NAS_to_Azure_AD_Domain#t2 but it discusses a VPN connection.  I'm not sure if this applies to my situation.  How am I able to join workstations to Azure AD but joining a Synology requires a site to site VPN?
I have configured VPN and DDNS on my router so I can now connect my home router via my mobile.

My family would like to connect to my router even from oversea, how can I share this to them without disclosing my username and password to them?

I think the username and password are in the OVPN file when it generated by the router.






A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.