PCSC
Boston University
 

Troubleshooting your VPN Connection

If you have installed and configured the VPN software as described in our VPN instructions but can't get it working (or have related questions) please review these troubleshooting tips.

Are you in a BU residence hall connected via Ethernet?

VPN access is blocked from wired BU residence connections. You shouldn't need it to access BU resources when you are directly connected.

Make sure you are using only the BU username

Make sure you are using only the BU username and not your full e-mail address.

Check your account status with IT

In order to use the VPN, you will need to have proper account privileges. You can check your status with the IT Front Office at 617-353-2780.

Are you absolutely sure you have configured things correctly?

Make sure you have followed all of our instructions correctly. Any typo or similar error would be problematic, as would use of an incorrect username or password. Please also note the placement of the hyphens in the VPN server names on the configuration pages.

See if it helps to uninstall and reinstall

If you've had the VPN installed for a while and it just suddenly stopped working, it might help to simply uninstall it, download a fresh copy, and install it again.

Are you sure you have an Internet connection?

This is easy to test -- just open a Web browser and choose Reload/Refresh. If you aren't able to access any Web sites, then the problem is with your connection and not with the VPN. In the case of wireless users on the BU network, you should (only be able to) see a page that tells you how to use wireless. If you don't see that page, you may not actually have wireless access from where you are and should review our wireless instructions. (The error message you might see will say "the remote peer is no longer responding.")

Are you sure that you do actually have the VPN software installed?

Downloading and unzipping is only half the job -- you also have to install the software. If you are using the Windows client, the installer downloads to your C: drive. Go to My Computer, double-click on the C: drive, open the folder BU_VPN_Installer, and double-click the Setup program to complete the installation. When you are done and you successfully connect to the VPN, you can safely delete the folder "BU_VPN_Installer" as that is no longer needed.

Could VPN connections be blocked from your network?

Some companies won't let people connect to an outside VPN. If this could apply to you, you should talk to your employer's network administrator. He/she or you can contact the IT Help Center for more details on which ports the VPN needs open. For example, this could be the explanation if you are able to use the VPN when you are connected to a different Internet Service Provider (such as from home) with the same computer.

Getting an error 1722 or 442 (trouble installing or enabling virtual network adapter)?

If you get a virtual network adapter error when you try to connect, first try a custom Windows Update to update your .NET software. To do that in XP, launch Internet Explorer, go to Windows Update, and click on Custom. Expand the Software, Optional choice by clicking on it, and under Optional, choose all .NET options. Then click on review install updates. Then click on Install Updates. Once the install is done, reboot and try the VPN again.

Still getting a 442 error...?
If the solution above does not work and you continue to get a 442 error, try doing a netsh reset. To do this:

  • Click on your Start menu and type cmd and press Enter.
  • Type netsh int ip reset resetlog.txt and press Enter.
  • Restart your computer.
  • Try the VPN again.

One more 442 solution

Symptom:
Receiving the following error "Reason 442: failed to enable virtual adapter" appears after Vista reports a duplicate IP address detected. Subsequent connection fail with same message but Vista doesn't report a duplicate IP address detected.

Workaround:
Open "Network and Sharing Center", then select "Manage Network Connections", Enable the Virtual Adapter "VA", then right click on the VA and select "diagnose" from the context menu and after that select, "Reset the network adapter "Local Area Connection X"

This resolves the issue until Vista reports a duplicate IP address again. Follow above step to resolve it again.

Could outbound VPN connections be blocked from the BU network?

Boston University does restrict access to outbound VPN traffic for security purposes. In rare instances, an exception will be made to allow for such access. If you are interested in this, you must complete an Outbound VPN Request form.

Note that you must have a valid BU login name, Kerberos password, and e-mail address in order to access this form. All correspondence regarding these requests will only be sent to active BU e-mail addresses.

Are you connecting to the correct VPN server?

There are two VPN servers at Boston University. One is for on-campus connections (vpn-oncampus.bu.edu) such as the wireless network, and the other is for off-campus connections (vpn-offcampus.bu.edu) such as those from another ISP. You need to make sure you are connecting to the appropriate server for the connection to succeed. (The error message you might see will say "the remote peer is no longer responding.") If this could be your situation, you may want to review our configuration instructions again to see how to add additional location profiles.

Do you have your browser configured with a proxy?

Sometimes access to Web-based resources via VPN will be disrupted if you also have your browser configured to use the BU proxy servers.

Are you using a current version of the VPN client?:

If it's been a while since you downloaded the Cisco client software, you may want to update at www.bu.edu/pcsc/vpn/. The newest versions allow for installation of multiple VPN programs, something that was previously an issue that could interfere with the client's functionality. Upgrading is easy and a great first step. The VPN software will detect the earlier version and use the existing configuration settings.

Are you using a firewall or something similar that could be blocking the VPN?

If so, explore the settings in this product to see if you can "allow" the VPN software. We've known this to be an issue for people running all sorts of things including Norton Internet Security, PC-Cillin and McAfee's Personal Security Center. Even the Windows firewall can disrupt idle VPN sessions and might need to have the Cisco VPN software allowed as an exception.

If allowing the program doesn't help, try disabling the firewall and rebooting (before running the VPN) to determine if that resolves the problem. If you are running one of these products but disabling doesn't seem to help, it may be necessary to experiment a bit. For example, after the disable/reboot, try uninstalling and then reinstalling the VPN software to see if that helps. If it does, you might then be able to set the firewall again and have the VPN work with it. If you decide to uninstall your security software entirely, it should be sufficient to use the firewall that comes with your operating system, as described at www.bu.edu/pcsc/desktop/windows/firewall/ as long as you are also computing safely as desribed at www.bu.edu/pcsc/virus.

Have you checked your computer for spyware?

Spyware can cause all sorts of problems so, in all situations, we recommend that you clean and protect as described on our related page at www.bu.edu/pcsc/virus/spyware/.

Have you been VPN disabled by IT?

If you have been notified by the Office of Information Technology that you have a virus and will be network disabled, this could explain VPN access that has stopped working (i.e. it once worked and now doesn't). If you have been PPP/VPN disabled, you probably already know it, and are hopefully taking the recommended steps toward fixing the problem.

Wireless? Try lowering your MTU setting.

We occasionally hear from wireless users that they can't connect to the VPN, or that the connection seems unstable. For all of them, lowering the MTU setting in increments of 100 seems to help, and this is supported by the Cisco documentation we link to at www.bu.edu/pcsc/vpn/detail.html. You access the MTU setting by going to Start->All Programs->Cicso Systems VPN Client->Set MTU.

Wireless users should also keep in mind that 802.1x technology is also available and recommended over the VPN for securing wireless.

Do you want your VPN to tunnel only BU traffic?

By default, all network traffic goes through the BU VPN when you are connected to it from off campus. If you are working wirelessly, one nice side-effect of the tunnel is that you do get an extra level of security. However, if you decide that you really do only want traffic destined for BU to go through the BU VPN, follow these directions:

   * Before you start the VPN, open it
   * Click "Modify"
   * Click "Authentication"

     Put BostonUonly as the Name and Password, and Confirm Password.

Are you having trouble accessing local resources such as printers?

If you find yourself unable to use local resources such as network printers while connected to the VPN, you need to turn on "Allow Local LAN access" in your connection settings.

  1. Open the VPN program (do not connect yet) and right-click on the Connection Entry you use -- for example, "BU OffCampus".
  2. Choose "Modify" from the pop-up menu. Click on the "Transport" tab. Make sure "Enable Transparent Tunneling" is turned on and then put a checkmark next to "Allow Local LAN Access."
  3. Click Save. Now you can go ahead and connect as usual. This change will be saved in your connection settings from now on.

Do you have a validated BU login name and Kerberos password?

VPN is only available to students, faculty, and staff who have shown their Boston University ID cards, in person, at 111 Cummington Street or the Medical Campus Library (for example, to get an ACS/e-mail account). Most distance-learning students have not been to campus to show their BU IDs, so instead must use the proxy service described in the next section.

Off campus and want to run two simultaneous VPN connections?


1. Launch the VPN client and click on the BU off-campus connection. Then click the Modify button.

2. Select the Transport tab. (You should see a checkmark next to the 'Enable Transparent
Tunneling' option.)

3. Click on the empty radio button next to IPSec over TCP. [The TCP Port should fill automatically but, if not, then enter 10000 in that box.]

4. Click Save.

Note:

-You will need to do this on all machines that you would like to connect to the VPN on.

-If it doesn't work, make sure that tcp port 10000 is allowed through your router (follow the manufacturer's instructions to configure this on the "port forwarding" section). Also make sure that "VPN pass-through" is selected (if your router provides this feature).