|
Q: I get error 1607 when I try to install Katana / OmniVPN.
A. This is an InstallShield error. Please check the InstallShield web site for more details. The relevant InstallShield documents are ID Q107070 and ID Q107094.
Q: During the installation, I need to choose between "Quick mode" and "Expert mode." Which one should I choose?
A. Choose "Quick" mode when installing a client and "Expert mode" when installing a server. With "Quick" mode, you get fewer configuration options during installation, but you can configure everything after installation in the Configuration window.
Q: In what order should I install OmniVPN on my clients, servers, and gateways?
A. You can install OmniVPN on your computers in any order you wish. After you have installed the software, you can always change the role and configuration of any machine. We recommend that you first install the Top Policy Servers, then the policy servers and gateways, and finally the clients, because this simplifies the issuing of certificates.
Q: I have a large number of clients. What is the best approach for installing OmniVPN on all of them?
A. Before you start installing OmniVPN on the clients, you must allow them to obtain certificates and assign each one to a group. From the policy server you can generate configuration files (with our without certificates) or complete installers and install software on each machine individually.
A second option is to use the remote installation tool "RInstall." Using this tool, you can remotely install OmniVPN/Katana software on a machine.
Q: I successfully installed Katana / OmniVPN. Now I see an error message saying "Unable to connect to the driver."
A. OmniVPN did not install correctly. Go to C:\Program Files\Trlokom\Enterprise\Driver and run the program uninstall_ngisec.bat. Then reboot your computer and run install_ngisec.bat from the same directory.
If you still get the same message, you probably have another program that is conflicting with the OmniVPN/Katana driver. Some VPN clients and personal firewalls, e.g., Norton, Sygate, and Zone Alarm, are known to cause this problem. Uninstall them and try again.
Q: I am unable to put my OmniVPN policy server / gateway in the DMZ of my NAT.
A. You have two options. The first is to use a machine with two NICs, install OmniVPN in "policy server / gateway" mode, and use it as your gateway instead of your NAT. If you are using an OmniVPN policy server / gateway behind a NAT, then forward the policy distribution port (6688), the CA port (6690), the encapsulation port (6689), and all application ports that you need in your VPN to the OmniVPN gateway. If you do not wish to forward your VPN ports, you can turn on the "Encapsulate all network traffic" option on each computer. This is available on the Network menu in the Configuration window.
Q: Auto-detection of the certificate authority is not working.
A. Auto-detection only works if the client and CA are on the same subnet.
Q: A client is unable to obtain a certificate.
A. Before you attempt to obtain a certificate, you must configure the Certificate Authority (CA) to allow the computer on which you are installing OmniVPN to connect to the CA:
- On the Policy Server tab in the Configuration window, make sure that the "Accept requests for certificates" option is checked.
- Click the "Certificates" button in the Configuration window. Click the "Add" button to the left of the "Pre-authorized list" and enter the requested information. It is safer to use a pre-shared text key than a one-time certificate. The identity and pre-shared text key must be entered on the client, too.
Once the CA is configured, you must enter the correct information at the client:
- If you are trying to detect the local CA, check that the policy server port is correct. Otherwise, check that the VPN ID, address, and port of the CA that you have to chosen to use are correct.
- Check that your network is working correctly, i.e., that you can ping the CA when encryption is not required between the CA and the client on which you are installing OmniVPN. If you can ping but are unable to connect, then try changing the CA port. Some ISP's block the default OmniVPN ports!
- Enter the same identity and pre-shared text key that you entered on the CA.
Q: How do I remove OmniVPN from my computer?
A. Start --> All Programs --> Trlokom OmniVPN --> Uninstall --> Uninstall OmniVPN.
Q: I tried to uninstall OmniVPN, but the process failed. How do I remove OmniVPN from my computer?
A. Perform the following steps:
- Run Recover.exe. It is also available in the Application directory of the installation CD.
- You will be given an option to delete registry entries related to OmniVPN and Katana. Delete, if any, the ones that say NGIsec/TRLPMON/OmniVPN/Katana.
- Restart your computer and delete the Trlokom folder in C:\Program Files\ (or where ever you chose to install the software).
Q: The Exchange server is taking very long (20min) to reboot after I upgraded or uninstalled OmniVPN. What can I do about this?
A. This is expected because of the way the Exchange service behaves after a network driver is removed. If you wait 5 minutes between upgrading/uninstalling OmniVPN and rebooting the Exchange server, it will reboot much faster.
Q: I changed my network interface card (NIC) or added a new NIC, but OmniVPN/Katana is not functioning as expected on that interface.
A. This can happen if you are using a version of OmniVPN/Katana that has an unsigned network driver. From the network properties for the new interface, uncheck the Trlokom Network driver, click "OK" to close the window, re-open the window, check the Trlokom network driver, and click "OK" to close the window. If this does not work, reduce the MTU for your new NIC by 250.
Q: I added a new dial-up adapter (using PPP, PPPoE, or L2TP) and now my VPN has stopped working.
A. Refer to the documentation for your dial-up adapter software to find out how to change its MTU setting. Reduce the value by 250. You might also find the following link helpful:
http://support.microsoft.com/default.aspx?scid=KB;en-us;q283165
| 
