Overview

While connecting to the Kerio Control network using Kerio VPN client, the connection is not established with the "UDP traffic is probably blocked" error message.

The problem appears only on certain networks, for example, the Office network can connect, but the Home - cannot. Debug logs with Kerio VPN options display the following output:

  {vpnclient} Client[Client_PC_IP_address:54383](8681): UDP CONNECT not received - timeout

  {vpnclient} Client[Client_PC_IP_address:54383](8681): Control_IP_address:4090 <--- VPN_client_assigned_IP_address ---> Client_PC_IP_address:54383tcp/0udp - DEREGISTER

  {vpnclient} Client[Client_PC_IP_address:54383](8681): client deregistered

  {vpncore} UdpSocket: socket 0x65 closed

This article provides on how to resolve such VPN connectivity issues.

Solution

UDP traffic is usually blocked by either Internet Service Provider (ISP) or strict Traffic rules policy.

Important: please contact your ISP to clarify their policies regarding UDP traffic.

Make sure the default VPN services, Internet access (NAT), and Local Traffic rules are in place and custom traffic rules are NOT interfering with them.

Depending on your setup, verify the VPN server configuration - VPN clients access the Internet through the VPN. For more information, please refer to Configuring VPN Server.

As a side issue, Debug logs may show the following VPN tunnel error:

  {vpntunnel} Unable to register connection thread - tunnel with fingerprint 02:8d:38:e7:c2:2c:43:bb:vv:ww:cc:aa:bb:zz:yy:xx does not exist

In such cases, verify the fingerprints on the client (persistent.cfg file) and server-side are matching.

Default VPN client installation folders:

• Windows: C:\Program Files (x86)\Kerio\VPN Client
• Mac: /Users/<your_user>/.kerio/vpnclient/user.cfg
• Linux: /etc/kerio-kvc.conf

Testing

Try to establish a VPN connection. The status should be displayed as "Connected to <IP_address_or_FQDN>".