Troubleshooting a Wired or Off-Campus VPN Connection

This page discusses how to troubleshoot connection problems experienced by on- or off-campus wired network users and off-campus wireless network users who are connecting to the VPN (Virtual Private Network) system.

I have an active wired or off-campus network connection and VPN client. I've installed the VPN, but I can't connect to the campus VPN server. What do I do?

  1. Can you connect without the VPN to your usual Internet Service Provider?
    If you can't connect to your ISP at all, then the problem is related to the ISP rather than the VPN system specifically. Contact your ISP's technical support department for assistance.

    If you can connect without the VPN and can't connect with it, continue with the following troubleshooting steps.

  2. (Windows users:) Are you receiving any specific error messages from the CITES VPN software?

    If the CITES VPN software is returning error messages, see the Windows-specific errors section of the VPN FAQs for more information.

  3. DHCP lease times:
    If you can connect to the VPN, but then are disconnected after a certain amount of time, you may have a DHCP lease which is too short for the amount of time you need to connect. Wired network users (and wireless users connecting through a non-UIUCnet Wireless connection) may encounter a DHCP lease-renewal problem that UIUCnet Wireless users will not face. More details are given in the intermittent problems page.

  4. For cable modem and DSL users only:
    There are several factors that may affect users who connect via cable modem or DSL that dialup users may not experience.

One common device that many cable modem users have attached to their home network is a cable modem router. Most cable modem routers act as firewalls and Network Address Translation (NAT) devices. Both the firewall rules and the NAT may affect their ability to connect via VPN.

First, try plugging your computer straight into the cable modem or DSL device, rather than going through the router.

    • If you can connect to the VPN server when you're not going through the router, then you've confirmed that the problem is specifically in getting the VPN to talk through the router.

      If your router has a firewall, use your router's instructions to configure its firewall to permit VPN traffic. The computer names and ports needed for VPN traffic are described in the Firewall Ports Used for VPN Connections page.

    • If you cannot connect to the VPN server even when you're not going through the router, then this section of the FAQ will not address your problem and you will need to investigate other possible connection issues in other areas of the FAQ.

Advanced troubleshooting

  1. Once you've connected to your ISP, can you ping 128.174.1.99 or other campus machines?
    If you can ping campus IP addresses through your ISP connection, there is probably an installation or configuration problem with your VPN client software. For further assistance, contact the CITES Help Desk at consult@illinois.edu or 244-7000.

    If you cannot ping campus IP addresses through your ISP connection, there may be a network problem, or there may be a ping block on a location you're trying to access. To check whether the block is to the campus as a whole or restricted to the ping command in specific, try to load a couple of campus web pages in your browser, such as http://www.illinois.edu/ or http://www.cites.illinois.edu/. If those pages come up, click on a random link within the page to make sure you're getting fresh data rather than a cached image. If this link check succeeds, then you're back on your way; if not, continue to the next step.

    If you can neither ping campus IP addresses nor access any campus IP web pages, there is probably a network problem between your network connection and the VPN server. CITES recommends you try again after a while. If the problem remains, please report it to the CITES Help Desk at consult@illinois.edu, along with date, time, and details of your problem.

  2. Are you certain the VPN is distributing a different (UIUC-based) IP address for you?
    To test this, use the VPN software to connect to the VPN server, then open an SSH terminal window to a location where you have a Unix shell account.

    Once you have a shell prompt, type:
    who | grep yournetid

    (Replace "yournetid" with your own Network ID or the name you logged into the server with.)

    The response should resemble the following:
    yournetid pts/200 Oct 26 11:45 (xxxxxx.near.uiuc.edu)

    If the end of the line does not end with .near.uiuc.edu, you are not receiving a DHCP-assigned IP address from the VPN server. For further assistance, contact the CITES Help Desk at consult@illinois.edu or 244-7000.

  3. If none of the above steps have helped:
    For further assistance, contact the CITES Help Desk at consult@illinois.edu or 244-7000.