Phone Lines icon GFI Support Home

Articles in this section

See more

Troubleshooting VPN client disconnection

Author: Vladyslav Velychko Updated

Overview

While facing frequent VPN disconnection, either the Kerio Control server or VPN client-side might experience intermittent issues. If the problem is server-wide, all the users, from different OSes including Windows, Mac, mobile devices, will report dropped connections. Dial logs may show the following output:

  Kerio VPN client 'username' disconnected from 10.10.20.13, connection time 00:00:08

dial_logs.png

This article helps to identify and troubleshoot issues on the VPN client side.

Information

As a successful VPN client connection involves different areas of Kerio Control, the troubleshooting can be performed in various ways. Common best-practices techniques:

  1. Rule out Internet Service Provider (ISP) or network connection line problems:
    1. Switching PC connection to mobile hotspot or backup Internet line and then connecting VPN.
    2. Renewing DHCP lease on PC.
    3. Verifying in-between router settings (if you have Kerio Control connected to the 3rd-party router/modem first, NOT directly to the ISP line).
  2. Ping Kerio Control VPN server from VPN client and vice-versa. Use CLI (command prompt) on the client-side and IP tools in the Kerio Control server side.
    ping_vpn_server.png
  3. Force disconnect the client from the Status -> VPN clients screen and re-try the connection again. For more information, please refer to Monitoring VPN Clients.
    vpn_client_disconnect.png
  4. Try to establish a VPN connection using alternative solutions:
    1. Native Windows IPsec VPN
    2. macOS IPsec VPN
  5. If Debug logs with "Packets dropped for some reason" enabled are reporting misdirected packets:
    1. Consider disabling 3-way handshake
    2. Disable Anti-spoofing and resolve possible routing table problem
  6. If the SSL certificate was changed recently, re-establish the connection and verify the fingerprints
    1. during initial connection or
    2. through persistent.cfg, located in the installation folder. Defaults are:
      Windows: C:\Program Files (x86)\Kerio\VPN Client or C:\Program Files\Kerio\VPN Client
      persistent_cfg_fingerprint.png
      Mac: /usr/local/kerio/vpnclient
  7. If you're using older VPN clients, please bear in mind VPN cipher changes in Kerio Control 9.2.8 and above.

If the VPN connection is still unstable, please gather all required logs before contacting Kerio Control Support:

  1. Debug Log Files for Kerio VPN Client
  2. Depending on the connection type, enable IPsec or Kerio VPN options in Debug Logs on the server-side and reproduce the issue. For more information, please refer to Extracting Kerio Control Debug Logs.

 

Related articles