Q: Installation was successful, but the VPN is not working.

A. There are several common errors:

• Check that the necessary ports are forwarded from the NATs to the VPN gateways.
• Check the VPN Topology window. This will tell you which VPN gateways have registered along with the VPN subnet and global IP address of each one. If a gateway has not registered, you will not be able to access its subnet.
• Check that the security policy is set to allow and secure communication between your subnets. Open the IP Security Policies window, select the appropriate source and destination subnets, and fix the security policy.
• If you are using a D-Link router, you must use explicit port forwarding from the router to the local OmniVPN gateway. There is a bug in the D-Link router that prevents OmniVPN from working when the OmniVPN gateway is in the DMZ of the router.

Q: I am not able to see shared network drives in the VPN through the network neighborhood.

A. There are two possible reasons:

• The security policy may not be set to allow name resolution between LANs in the VPN. In the IP Security Policies window, make sure that the "Allow name resolution between LANs" and "Allow network shares between LANs" options are turned on.
• There may be a workgroup or domain mismatch. You may be the member of one domain/workgroup and the site you are trying to reach may have a different domain/workgroup. Either connect to the master browser on the remote site (by typing "\\name-of-the-master-browser" in the "address" area of Windows Explorer) or change your domain/workgroup to match the remote domain/workgroup.

Q: A policy server or remote client cannot register with its policy server.

A. Some ISP's block the default OmniVPN ports. Try changing the policy distribution port. If registration succeeds, you should also change the other ports by clicking the "Ports used by OmniVPN" button in the Configuration window. If registration still does not succeed, check that the registration ports are forwarded correctly to the destination policy server.

Q: One of the VPN sites is not displayed in the VPN Topology window.

A. If the setting on the Gateway tab in the Configuration window uses a computer name rather than an IP address, then the problem is that the VPN gateway cannot resolve its own name. Check that the computer name that you entered is correct, re-start the OmniVPN service, and tell all remote clients to re-register once the VPN topology is correct.

Q: The VPN topology is correct, but I cannot transfer any data.

A. We have found that some NATs have bugs in their software. If you are using a D-Link or a NetGear NAT, then you must turn on the "Encapsulate all VPN traffic" option on the Network menu in the Configuration window.

Q: I have a machine that is proxied by the VPN gateway, but I am not able to use that machine to connect to machines at other sites.

A. Check that the default gateway specified in the TCP/IP properties window on that machine is set to be the VPN gateway. If this is set correctly, then try rebooting the machine to reset the routing table.

Q: I have a two-way satellite link for Internet connectivity, but my VPN is not working.

A. Turn on the "Encapsulate all network traffic" option on the Network menu in the Configuration window. Also, make sure that the computer is operating as a remote client.

Q: I have configured a VPN gateway and policy server that can register with the Top Policy Server but is unable to establish security associations (VPN tunnels) with other gateways.

A. Either the NAT configuration or the "Process as" IP address at the gateway is incorrect. Enable the NAT and select a local IP address as the "process as" IP address on the OmniVPN gateway.