Meraki Client VPN Issue

gavins1040
Conversationalist

Meraki Client VPN Issue

Hi, 

 

We currently have a number of user using the built in Windows 10 VPN and are having a number of issue with it. 

 

Currently we dont have a Radius server set up.

 

Issue we are having is the VPN works sometimes and not others, it works sometimes after a user reboots or after we reset there password on the portal. 

 

Has anyone has similar issue and is there any fix for this?

 

Regards

Gavin 

8 REPLIES 8
PhilipDAth
Kind of a big deal
Kind of a big deal

Check out this trouble shooting guide:

https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN

 

One problem I have had recently in Windows 10 is the VPN getting stuck "connecting" when you connect using the sstem tray in the bottom right hand corner.

If I instead connect using:

Start/Settings/Network and Internet/VPN

Click you VPN connection and then "Connect" it works.

 

Must be a Windows 10 bug.

BrandonS
Kind of a big deal

This is pretty well known, unfortunately.  Windows 10 updates will sometime 'break' the client VPN settings.  That part Meraki and rightfully can blame on Microsoft.  Meraki does not use current, modern client VPN settings though so to that point they could improve.

 

If you search a bit deeper here or Google, etc. you will find various stories and workarounds about client VPN with W10.  I am just glad I don't Windows desktop support ;). Good luck.

- Ex community all-star (⌐⊙_⊙)
SoCalRacer
Kind of a big deal

Script the VPN profile creation. It isn't worth your time going through all the troubleshooting to find out that some OS change or update caused the issue. Our first step on the desktop if the client VPN isn't working is to run the script and delete the old profile and create a new one with the right settings.

 

If you read the most recent member spotlight with @Nash she provided a link to GitHub and her script, which would be a good place to start

 

Learn more about your community peers in our Member Spotlight! 

 

https://github.com/gammacapricorni/happy-meraki-client-vpn

 

Cmiller
Building a reputation

This is my collection of Meraki VPN support ideas. We refer to the on the regular

http://www.ifm.net.nz/cookbooks/meraki-client-vpn.html
https://tipst3r.wordpress.com/tag/troubleshooting-meraki-client-vpn/

RADIUS Authentication for Client VPN
https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN

Powwershell setup command:
Add-VpnConnection -AllUserConnection -Name "[insert VPN name]" -ServerAddress [insert IP/hostname for VPN] -TunnelType L2tp -DNSSuffix "[insert domain name]" -EncryptionLevel Optional -AuthenticationMethod PAP -L2tpPsk "[insert VPN password]" -Force -PassThru

PS scrips for troubleshooting: https://github.com/gammacapricorni/happy-meraki-client-vpn#happy-meraki-client-vpn
tmate
Conversationalist

Just throwing in my two cents here. I've also seen this behaviour and it indeed seems like a windows bug.

 

When the connection failed I used to reset the TCP/IP stack and it seems like it made it work (type "netsh int ip reset"). Also make sure that in the "Adapter settings"  (via Control panel > Network connections) when you right click on the connection > Properties, under the "Security" tab only PAP should be enabled - otherwise (for me at least) it also fails.

Nash
Kind of a big deal

If you're using Windows 10, there's also a "Network Reset" function that condenses a number of NIC, TCP/IP and Winsock functions into a single utility. It will reset your NIC(s) to DHCP, so do be warned if you're using a static for some reason.

SoCalRacer
Kind of a big deal

I believe the Windows commands for that are below, which usually the machine will need a reboot after they are run.

 

netsh int ip reset

netsh winsock reset

Nash
Kind of a big deal

For Windows 7, yes.

 

For Windows 10, the Network Reset function will also reinstall your network drivers, above and beyond resetting tcp/ip and winsock. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels