I have just recently set up an MX84 device to use Client VPN for 50 users. I can't seem to get two of my users to connect. I was wondering if anyone had any similar issues and if they were able to resolve. We use RADIUS authentication.
I gave them all a PowerShell script that auto configured the VPN according to the Client VPN OS Configuration. So everyone has the same setup.
I also followed every step in Troubleshooting Client VPN - still no luck. Disabled IPV6 on all tunnel interfaces as well. Set the VPN to a private network and even put users into a DMZ on their firewalls to allow all traffic.
Hardware: ARRIS NVG589
"The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
L2TP Traffic never makes it to the MX device, but the user can ping the MX outside IP.
ISP: Charter communications
Hardware: TP-Link Archer
"A connection to the remote computer could not be established. You might need to change the network settings for this connection"
L2TP Traffic makes it to the MX device but doesn't seem to return to the client
Any ideas on how to further troubleshoot or resolve?
Looking at your description I would check both of the users firewalls outgoing firewall rules. They both look like consumer grade routers so it might be worth checking if they have a VPN passthru option on them.
Have you had them power cycle their modems/routers? Might sound crazy, but I've seen it a handful of times where the traffic wasn't passing through their edge devices correctly until a reboot.
Thanks for the replies, unfortunately, I still can't get user 2 working
Fixed by reinstalling MIMO drivers
Still having issues, windows error 809. I checked the outgoing firewall rules, and even creating a rule allowing all traffic to my IP address. Also forwarded UDP ports 50, 500, 4500, and 1701 to the computer in the NAT table. Packet captured and found no dropped traffic. I am having them replace their firewall to see if that helps. I think there's something funny going on with the NAT traversal.
@Monkey I have seen issues with cheap routers using NAT. Has the IP range the rotuer is using been changed from the factory default?