cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki VPN Client

SOLVED
Conversationalist

Meraki VPN Client

Hi,

 

We're planning to deploy a Meraki network in here and since I have some of those free pieces of hardware from Meraki, I decided to do some testing.

 

My first mission was to configure a VPN access on the security appliance and try to connect to that from many different clients (iphone, android, windows, and mac basically).

 

For that, I followed the instructions from here: https://documentation.meraki.com/MX-Z/Client_VPN/Client_VPN_OS_Configuration

 

Well, I'm not sure why, but on the iphone it did work easily, but on Windows 10 it simple doesn't work at all.

 

Both are connected to the same internet wireless connection, but when I connect with the Windows laptop it says that the server is not responding.

 

Has anyone had the same issues?

 

Thanks,

 

Carlos

1 ACCEPTED SOLUTION

Accepted Solutions
Getting noticed

Re: Meraki VPN Client

You are making progress. Check out this section: https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_789


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
32 REPLIES 32
Head in the Cloud

Re: Meraki VPN Client

Hello @CarlosCoque, What error message are you getting on your Windows 10 client? I assume it's giving you a Windows 809 error message? Refer to this article which explains how to fix, plus other fixes for other error codes.

 

https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Kind of a big deal

Re: Meraki VPN Client

Are you connecting from "outside" of the MX?  You can't VPN to it from behind it.

Conversationalist

Re: Meraki VPN Client

@CarlosCoque 

I am having the same frustrating issue. I've spent over 3 hours trying to fix this VPN issue on windows 10-1709. iPhone/ipad with ios11 connects to my MX64 L2TP VPN so easily. My windows computer is on the same network as the phone and returns error 809 all day long and will never connect. Following the setup instructions from Meraki will not work on Windows 10. My MX64 is not behind a NAT. It is connected to a modem in bridge mode so it pulls a public IP.  I also completed the registry edit microsoft recommends but it's not the problem.

Conversationalist

Re: Meraki VPN Client

Hi WANKiller,

 

I had to connect the MX-64 on a modem using NAT for testing purposes.

 

I was initially getting error 809, then I opened the ports suggested in the Meraki troubleshooting documentation and now I'm getting error 789.

Getting noticed

Re: Meraki VPN Client

You are making progress. Check out this section: https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_789


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
Just browsing

Re: Meraki VPN Client

Hi i am new on security appliences. I just bought mx 64 , but not license yet. I try to connect as client VPN with windows 10. But i can not. I try all possible solutions but i could not fix it.  I try port forward to UDP 500 and 4500 , i try DMZ  , i check IKE and AuthIP IPsec, i check  secret key. This is new claimed MX64, it says you can use device 30 days or something, but i dont have a license yet? is it a license problem?    

Kind of a big deal

Re: Meraki VPN Client

You need a licence to get Dashboard access to configure your MX64.  Without a licence you can't do anything.

Just browsing

Re: Meraki VPN Client

I can access my dashboard when u order new device they give 30 day to test i think. I can access i can setup but i cant connect as client vpn user with windows 10 , windows 7 or android i try all of them.

Kind of a big deal

Re: Meraki VPN Client

Well if you can get to the Dashboard you should be ok.

 

Have you definitely enable Client VPN support in the Dashboard?

Just browsing

Re: Meraki VPN Client

yes i have already enable client vpn on dash board. I get error 789. i follow troubleshooting on meraki page. but i could not connect. i try many platforms anroid, win7 , win10 . always i get same error 789.  I follow this instruction and many more, but nothing change. Please help. i am not proffesion on security appliences but i am a computer engineer. i try many thing. i guess i can not access my MX. I live in canada ,I try different modems homehub 3000 and homehub 1000 given from Bell service provider. In both i forward ports, i activate DMZ  nothing change.  how can i check my device is acccesable by internet? Thank you.

Kind of a big deal

Re: Meraki VPN Client

Are you connecting from the outside of the MX, rather than from the inside?  You can only bring up the VPN from the outside.

Just browsing

Re: Meraki VPN Client

Ok. thank you for your advice. I search a lot and i found a solution. my MX is blocked by home hub 3000. Homehub 3000 is a fibe modem (Canada BELL Internet Service Provider gives)  which does not support pppoe. i connect a router WAN port to hh3000 LAN port. setup  router as PPPOE  with username and password to connect service (bell). And i forward ports 500 and 4500 to MX. After that i get a different error 809. i follow instructions on troubleshooting page  to ad a DWORD and it WORKS. Thank you.

Conversationalist

Re: Meraki VPN Client

Does this happen to be a Dell system using wireless?

Conversationalist

Re: Meraki VPN Client

Yes that was my problem.  I will see if it is the wireless drivers.

Conversationalist

Re: Meraki VPN Client

I created another thread on the issue i found with newer Dell laptops and the Meraki VPN.  

 

https://community.meraki.com/t5/Network-Wide/Dell-Laptops-and-VPN-access/m-p/12826#M321

 

Newer Dell laptops have a piece of software called "SmartByte" I found this piece of software was blocking our access to our VPN. Once I disabled this software I was able to successfully log in to the VPN. To fix the issue launch the "SmartByte" software from the Start menu. There is an on off toggle, turn off "SmartByte" and you are able to connect. You are able to uninstall the software and it does no harm to the system.

New here

Re: Meraki VPN Client

thank you so much for posting this!  I have been fighting 2 dell laptops for 2 days and SmartByte was on them both.  Turning it off fixed the L2TP vpn connection on both of them.  THANK YOU!

Getting noticed

Re: Meraki VPN Client

Hello All,

 

I had deployment of this feature and now I doing testing based in VPN Client and for me it's working looking at Android plataform, however maybe there is timeout of the VPN.

 

After specific time VPN closed and I need to execute again the connection. I tried to figure out something about timeout of session but didn't find anything.

 

Do you know there is something in this way?


Kind Regards,
Rodrigo
Twitter: @rar_21
If this was helpful Kudo me 🙂
New here

Re: Meraki VPN Client

On newer new Dell PC's (XPS 13 here) it seems SmartByte has been replaced with "Killer Control Center." I just spent over an hour troubleshooting and trying to connect. The second I flipped the "Advanced Stream Detect" switch under Settings tab in Killer Control Center I was able to connect. I hate Dell and the amount of bloat they've started adding back in to new PCs.

Getting noticed

Re: Meraki VPN Client

I know this is an older thread, but I am having the identical problem that Carlos had. Android devices VPN in just fine to my MX65, but Windows 10 will not. The Windows devices are getting error 809. Carlos said he fixed this error by opening the ports in the Meraki documentation, but does not link to that document.

 

Does anyone know where that document is, or how to fix the 809 error?

 

Thanks.

Getting noticed

Re: Meraki VPN Client

In the solution post, the link goes to the documentation that Carlos used.

 

For your specific error within that documentation, here you go: https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809

 

Hope this helps you.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
Getting noticed

Re: Meraki VPN Client

Thanks. That got me passed the 809 error. Then I got another error saying "The connection was terminated..."

 

I googled that and came up with this article that fixed the problem.

 

http://help.vanishedvpn.com/support/solutions/articles/17000062078-how-to-fix-the-connection-was-ter...

 

 

Getting noticed

Re: Meraki VPN Client

Sounds like you missed a step in the VPN configuration but I am glad you resolved it. In the allowed protocol, Unencrypted Password (PAP) is what is used and it appears you did not have that previously. So just a heads up for the next client, use that.

 

While the password is sent unencrypted, its going through an IPSec tunnel which is encrypted, so you should not be worried about exposing the password.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
New here

Re: Meraki VPN Client

I cannot believe we are still seeing these posts...why have Meraki not got with the times yet and actually created a VPN client? I want to be able to push split/full tunneling to Windows/Mac/IOS devices and with the current solution it would be a nightmare, so i'm sticking with Watchguard firewalls until Meraki get their act together.

 

I'm sure the problems mentioned in this post would be resolved much quicker/easier if there was a cisco VPN client with logging capability on it.

Head in the Cloud

Re: Meraki VPN Client

Windows 10 is a problem that can be dealt with. I've got some PowerShell scripts that create a split tunnel by default, so long as you feed them the appropriate subnets.

Conversationalist

Re: Meraki VPN Client

You can also create your own Meraki VPN :"agent" installer with Split Tunnels defined in them with Windows Server Connection Manager Administration Kit

Here to help

Re: Meraki VPN Client


@Chris_M wrote:

You are making progress. Check out this section: https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_789


Any ideas when using Windows 10 with Meraki and AD Authentication but no error message is ever received? The VPN state just continues to hang on "Connecting" status like below:

MerakiVPN.JPG

We've tried connecting via settings>>VPN and also using the shortcut from the network icon in the bottom right and same results occur...?

Followed all options from the below as well:

https://community.meraki.com/t5/Security-SD-WAN/Client-VPN-Issue/td-p/37181

https://www.geekshangout.com/vpn-connection-hangs-in-connecting/#comment-32375%C2%A0

 

Any assistance would be greatly appreciated! 

Still no dedicated client VPN Meraki? AnyConnect implementation to avoid these Windows bugs??

 

Head in the Cloud

Re: Meraki VPN Client

So you don't find any error codes in Event Viewer. It just dies off?

 

The "overlay" between the standard Windows 10 method (click on network connector by clock, click VPN, login) is pretty wonky and will not always pass correctly to rasphone. Rasphone's what's doing the dialing at the end of the day.

 

Suggestions:

 

Windows-R, run rasphone.exe. Find your saved VPN there. Try to connect with rasphone and see if it goes through.

 

If it does, you can make a rasphone.exe shortcut. Create a shortcut on your desktop, and set the target to: C:\WINDOWS\system32\rasphone.exe -d "VPN NAME"

 

If it doesn't connect, delete and re-create the VPN connection. I like the scripts I put above, especially if you want a split tunnel connection. Read the script comments before you run - it does more than create a saved VPN connection. By default, it'll make a rasphone shortcut on the desktop.

Here to help

Re: Meraki VPN Client

@Nash  I appreciate the response and steps to try out. I gave it a go and the thing still just continues to stay stuck at "connecting" even with the rasphone method mentioned (Looked very promising btw). I blew all VPN adapters away and recreated via powershell and issue still persists. Not sure what else to try besides a case with Microsoft as I'm sure Meraki will send me their way since all other users are working just fine. Definitely open to any further suggestions at this point.

 

Thanks again!

Head in the Cloud

Re: Meraki VPN Client

Two last things, @cwal21

 

Have you run the Network Reset utility in Win10? If you have and it's still broken...

 

Have you uninstalled and reinstalled the WAN miniadapters? Usually, it's sufficient to only do the L2TP one.

 

Here's the instructions I gave my help desk:

 
    1. As administrator, open Device Manager.
 
    2. Under View, select Show Hidden Devices:
 
    3. Under Network Adapters, find WAN Miniport (L2TP)
 
    4. Right click and select Uninstall Device. If it asks to uninstall the DRIVERS, click no.
 
 
    5. Reboot the computer. Windows should automatically reinstall the device.
 
    6. Test the VPN again.
Here to help

Re: Meraki VPN Client

Welp, the good news is the VPN started magically working again which i believe was after a pending Windows Update finally going through and installed. Bad news, i'm not sure what exactly solved the issue besides that update (You know good ol' Microsoft).

 

I did not try running the Network Reset utility in Win10, I wish I had to see if that may have resolved it, but was afraid to touch deep network settings as I was working remotely with the client a few states away and would have had trouble walking them through getting back online if the solution failed or didn't bring the system back online after the reset.

 

I did give the uninstall-reinstall WAN Mini adapters option a try and it did not work.

 

Thanks again for all of the assistance @Nash. Hopefully Meraki will eventually come out with a dedicated client similar to AnyConnect to help alleviate these Microsoft provided headaches!

New here

Re: Meraki VPN Client

I second this.  I feel like going to Meraki was great, but the client VPN is so 2008.

Here to help

Re: Meraki VPN Client

Exactly! - Pretty much my one solid complaint with the MX line.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.