While attempting to connect to the IU VPN server, why do I get a message that the server is not responding or is unable to complete a connection?
Note: To access the wireless network at Indiana University Bloomington or IUPUI, if you are a student, faculty member, or staff member, you must register your computer. See At IUB and IUPUI, how do I register my computer? (If you are visiting IU and using a Network Access account, instead see At IUB and IUPUI, what is a Network Access account, and how do I get one?) For information about accessing the IU Secure wireless network, see What is IU Secure? If the IU Secure network is not available in the area where you are connecting, use a VPN connection for added security and full access to IU resources.
Provided you have already completed the instructions for your operating system, your VPN connection problems are probably caused by a local firewall or the use of private addressing through a router or Internet-connection-sharing software.
Firewalls
If you are running a firewall, try disabling it temporarily. In
Windows, most of these software packages will add an icon to your
system tray on the bottom-right corner of your screen, next
to the clock. Usually you can use this icon to enable or disable the
firewall. If disabling the firewall allows use of the VPN, you should
be able to add the name of the VPN server (IUB:
ipsec.indiana.edu; IUPUI: ipsec.iupui.edu)
to your firewall's allowed hosts list, re-enable the firewall, and
successfully connect to IU VPN.
Note: Norton Internet Security and Norton Personal Firewall frequently cause problems for Windows computers trying to connect to IU VPN. UITS recommends using Symantec AntiVirus instead.
Private addressing
Private IP addresses (or reserved IP addresses) are most frequently used within a local, private network. Computers with private IP addresses that need to access the Internet first go through the process of Network Address Translation (NAT). In many broadband situations, NAT is performed by a DSL router, cable router, proxy server, or Internet-connection-sharing software.
Such solutions allow multiple computers to access the Internet using only one public IP address. Attempting to connect to the VPN from behind a NAT will sometimes fail. Most of the time, the NAT can be configured to pass the proper ports and protocols (the IPsec ports are UDP 500 and 1701; the PPTP port is TCP 1723; the GRE protocol is IP 47; the ESP and AH ports are IP 50 and 51 respectively), but not always.
If your computer's IP address falls into one of the following
ranges (where x is any number from 0-255),
either talk to your ISP about changing to a public IP
address, or contact the manufacturer of your router, proxy server, or
NAT device about how to configure it to pass VPN connections
through:
For instructions on how to view your current IP address, see How do I determine my computer's IP address?
Note: The following information may also be helpful when establishing a VPN connection:
- Make sure you are connecting to the correct server. See the link for your operating system in The basics of VPN at IU.
- Clear your DNS cache. For help, see In Windows, how do I clear my DNS cache?
- Release and renew your IP number. For help, see In Windows, how do I release and renew my IP address?
Also see:
- How do I determine my computer's IP address?
- What are private IP addresses, and what are the reserved ranges?
- The basics of VPN at IU
- In Windows XP, how do I make a VPN connection to the IU network?
- In Windows XP, how do I enable or disable the firewall?
Last modified on August 25, 2008.
