IPsec VPN uses a different protocol (ESP) for the actual data transfer than for establishing the connection (IKE). Since the ESP protocol does not use network ports, NAT (Network Address Translation) routers may have difficulties handling it correctly. Only NAT routers that support "IPSec Passthrough" (sometimes also named "VPN Passthrough" or "ESP Passtrhough") and where this option is also enabled, can handle ESP data packets.
To work around this problem, two alternative tunneling methods exist:
Which of these methods will work with your connection depends on two properties:
To test for the first property, VPN Tracker will automatically establish three VPN test connections to a VPN gateway hosted by us whenever it detects a new router that has not been tested before. One connection uses plain ESP, the other two either NAT-T method mentioned above. It will remember the test results for this router and take them into account whenever you start a connection from the network location. The reason we are testing with our own gateway is simply that the test requires a gateway supporting all three methods, with a known configuration and a simply way to verify if traffic did arrive at that gateway.
The second property is not tested in advance, VPN Tracker will become aware of that information when it actually tries to connect to your VPN gateway. VPN Tracker will compare the methods your gateway supports with the stored test results. If there is a match, a method that your gateway supports and that was also working during the test, this method will be used. If there is no match, VPN Tracker will immediately stop and show an appropriate error in the log, explaining the situation.
If you suspect a NAT-Traversal issue or you think the previous test results may be wrong or outdated, simply re-run the test:
‣ Make sure NAT-Traversal (Advanced tab) is set to Automatic ‣ Go to "Tools" > "Test VPN Availability" ‣ Click "Test Again" ‣ Wait until the test has completed, then connect to your VPN
The test dialog also allows you to tell VPN Tracker to not test the current location and forget any previously created test results. This is rarely needed and also not recommended but there might be situation where the test results are wrong because access to our VPN gateway is not possible (e.g. it is blocked) and thus the test result are just bogus and say nothing about the true capabilities of your VPN gateway.
Your direct line to the equinux TARMAC team
Our TARMAC team is ready and waiting: tarmac@equinux.com or by Telephone +49 (0)89 / 520 465-222
You're interested in equinux products and have additional questions regarding your purchase or product activation? The equinux Sales Team is here to help: Call or chat with us,
Amaranten
Amazon AWS
Asante
Astaro
AVM
Check Point
Cisco
Cisco Meraki
Cisco Small Busi ...
Clavister
Collax
Cyberguard
D-Link
DELL SonicWALL
DrayTek
Eicon
F-Secure
Fortinet
Funkwerk
Ingate
Juniper Networks
Kame (Free BSD, ...
LANCOM
Linksys (Belkin)
Linksys (Cisco)
Linux
Lucent
Mako Networks
Meraki
Microsoft
NETASQ
NETGEAR
Netopia
Nokia
Nortel
Novell
OpenBSD
Palo Alto Networ ...
PGP
Pyramid
Secure Computing
sipgate
SnapGear
SonicWALL
Sophos
Stonesoft
Symantec
Telekom
TP-Link
Ubiquiti
WatchGuard
ZyXEL
macOS 10.14 BetamacOS 10.13 High SierramacOS 10.12 SierraOS X 10.11 El CapitanOS X 10.10.5 YosemiteOS X 10.9.5 Mavericks
Included:
Free Trial
macOS 10.13 High SierramacOS 10.12 SierraOS X 10.11 El CapitanOS X 10.10.5 YosemiteOS X 10.9.5 Mavericks
macOS 10.13 High SierramacOS 10.12 Sierra
macOS 10.12 Sierra OS X 10.11 El Capitan OS X 10.10.5 Yosemite OS X 10.9.5 Mavericks
