cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Are you still having VPN issues?

Highlighted
Meraki Employee

Are you still having VPN issues?

Hello Merakians, 

I have seen a lot of VPN posts lately and I would like to share with you a set of videos I made regarding VPN configuration and troubleshooting. These videos go from the configuration of any VPN to the troubleshooting for any case. 

 

All the scenarios I covered can help you to solve 99% percent of all the cases you might have regarding VPN with Meraki Support. It shows how to use the tools and the pcaps in order to understand where the problem is coming from. 

 

I strongly recommend the one regarding AutoVPN. Since Meraki uses a proprietary configuration to create the AutoVPN tunnel, sometimes we just drop the towel and reach out to Support if the tunnel is not up. I covered how to identify every aspect of the AutoVPN traffic flow, differentiate the different problems, and how to fix it. 

I hope these videos can help you to troubleshoot your VPN scenarios before raising a case. 

Configuration: 

ClientVPN - https://youtu.be/tGP_OLRgOck

Non-Meraki VPN - https://youtu.be/BwCtY3rln4c

 

Troubleshooting:

 

ClientVPN - https://youtu.be/quAQslnQo9Q

Non-Meraki VPN - https://youtu.be/WJNUImcWfWg

AutoVPN - https://youtu.be/cE3HtcvxlqM

 

 

 

17 REPLIES 17
Highlighted
Meraki Employee
Meraki Employee

Re: Are you still having VPN issues?

Great videos! Very well done. I would highly encourage people to check out the other videos on this channel, @Joan_P has some really great content. 

Highlighted
Kind of a big deal

Re: Are you still having VPN issues?

Wow, good effort!

 

I'm also going to give one of my tools a plug - the most advanced tool for building scripts to setup client VPN connections for Windows 10.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

It can do complex things like split VPN, VPN exclusions, split DNS, and knows how to generate exclusions for full tunnel configs for common things like Cisco WebEx and Office 365.

Highlighted
Building a reputation

Re: Are you still having VPN issues?

@Joan_P  I like the videos...really well done!

Would have helped me about 4 month ago, when I had problems with Client VPN.

Thanks for the great videos

Highlighted
Conversationalist

Re: Are you still having VPN issues?

Thanks for you videos @Joan_P I have an issue that I hope you can help me.

I've got a MX64 with 2 ISP. On WAN1 I have a static IP and on WAN2 I have another ISP wit dynamic IP.

The client VPN are setup with the DynDNS and there is no problem to connect EXCEPT when WAN 1 fails.

The clientes inside the MX have no problems to navigate, but all VPN clientes can't establish the tunnel, May you sugggest something to look at?

Regards

Highlighted
Getting noticed

Re: Are you still having VPN issues?

Hi CSegovia,

I assume you are using WAN1 as primary?
Are you using the inbuild DyDNS from the dashboard?
Check when WAN1 fails if the DNS is resolve to the WAN2 ip address first.
Highlighted
Conversationalist

Re: Are you still having VPN issues?

Hi Richard

Thanks for you post,

 

Fortunately, there has not been more fails with my ISP 1, but the answer to your questions is Yes for all.

This is a very strange behaviour

Highlighted
Building a reputation

Re: Are you still having VPN issues?

If you're on windows you can make a powershell script for your clients to just click and add the VPN to their machine.

 

 

Highlighted
New here

Re: Are you still having VPN issues?

Hey Trunolimit,

 

Would you mind on sharing on how to created "a powershell script for your clients to just click and add the VPN to their machine".  I have over 200+ users and this would make my job a lot simpler. 

 

 

Highlighted
Kind of a big deal

Re: Are you still having VPN issues?

@dougProCast  check out my post.

https://community.meraki.com/t5/Security-SD-WAN/Are-you-still-having-VPN-issues/m-p/85469/highlight/... 

 

If you use Active Directory, then run the script via group policy instead.

 

Highlighted
New here

Re: Are you still having VPN issues?

thank you

Highlighted
Comes here often

Re: Are you still having VPN issues?

@PhilipDAth Getting following error while running the power shell script:

 

Unable to create XYZ profile: A general error occurred that is not covered by a more specific error code

Highlighted
Building a reputation

Re: Are you still having VPN issues?

Whoa that's amazing. I was going to make a video showing people how to use powershell but this website is way better.

 

quick question. we are having issues with being able to assign permissions via active directory once a client has connected to the VPN. we are getting complaints that people are unable to access folders they should have access to once on the VPN.

 

any idea what's up.

Highlighted
Kind of a big deal

Re: Are you still having VPN issues?

@FakrulAlamDA it sounds like something is wrong with that windows 10 machine.  Perhaps try checking that all the Windows feature updates are installed. 

Highlighted
Kind of a big deal

Re: Are you still having VPN issues?

>we are getting complaints that people are unable to access folders they should have access to once on the VPN.

 

Are you by chance using different credentials for the client VPN than are used to access the Windows Resources?

 

If so you need to edit raspphone.pbk and set "UseRasCredentials" to 0.  Otherwise what happens is the VPN credentials are used to access Windows resources, rather than the Windows credentials.

@Nash has a great script that does this automatically.

https://github.com/gammacapricorni/happy-meraki-client-vpn/blob/master/AddMerakiVPN.ps1 

 

 

You shouldn't get that problem if you use my client VPN generator because it uses the newer system.  So you could also just change over ...

 

Highlighted
Building a reputation

Re: Are you still having VPN issues?

Our VPN authenticates using AD so I don't think a difference in credentials is what's the problem.

Highlighted
Kind of a big deal

Re: Are you still having VPN issues?

For client VPN - are you definitely giving out only your AD controllers for the DNS servers?

 

Does it make any difference whether you just host the hostname or the FQDN name (which could hint at the connect DNS suffix being wrong)?

Building a reputation

Re: Are you still having VPN issues?

Yeah we are handing out only the AD server as the DNS. 

I’m looking to grab some logs from the AD server via our sysdamin but I fear I wouldn’t know what to look for. I’m assuming there’s an error log when someone tries to access a resource they don’t have access to.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.