Unable to set up VPN connection

Getting started

Be sure to have a look at our getting started guides if you haven’t yet.

This article lists the most common causes and solutions for when you have trouble connecting to your x500 IoT gateway, PLC, HMI, or other hardware.

You’ll first have to determine where the problem lies, explained in easy steps.

If you already know where the problem lies, simply scroll down to one of the options below.

Additionally, we sometimes need the log files from your VPN Client to help us support you.

Determine the problem

Ping utility

The ping utility will be used throughout this guide to test if you can reach a device. You can use Command Prompt (Windows) or Terminal (Mac, Linux) to execute a ping command.

Test 1 – the connection to the x500 IoT gateway

You will need an active VPN connection to reach your devices. View our getting started guides for more information. You can verify your VPN connection by pinging the x500 IoT gateway’s VPN address, which can be found in the concerning x500 IoT gateway’s [Info] tab.

  • Open Command Prompt (Windows) or Terminal (Mac, Linux).

Command prompt

Simultaneously press the Windows key and R to open the Run window. Enter “cmd” to open command prompt.

  • Execute the following command where you replace <vpn address> with your x500 IoT gateway’s VPN address

ping <vpn address>

You can receive one of 2 responses. If you get the expected response below:

Reply from <vpn address>

… then you have an active VPN connection and you can continue to test #2 to test the connection to your device(s)

However, if you get a timeout response like the one below:

Request timed out

… then you do not have an active VPN connection. Go to “Unable to connect to your x500 IoT gateway” for help.

Test 2 – the connection to the device(s)

If you have active VPN connection you should normally be able to reach your devices (PLC, HMI, or other hardware). We’ll test this by pinging the device(s) IP address(es).

Unique IP address

Note that every device needs to have a unique IP address and that this address cannot be the same as the x500 IoT gateway’s LAN IP address, which can be found in the concerning x500 IoT gateway’s [Config] tab.

  • Open Command Prompt (Windows) or Terminal (Mac, Linux).

Command prompt

Simultaneously press the windows key and R to open the Run window. Enter “cmd” to open command prompt.

Execute the following command where you replace <ip address> with your device’s IP address.

ping <ip address>

You can receive one of 2 responses. If you get the expected response below:

Reply from <vpn address>

… then you can reach your device and should be able to connect to it. If this is not the case, the issue resides in the (development) software that you are using to connect. Consult our connection guides or contact the manufacturer.

However, if you get a timeout response like the one below:

Request timed out

… then you have an active VPN connection, but are unable to reach the device(s). Go to “Unable to connect to your device(s)” for help.

Trying to reach a computer

A PC may have firewall rules that block your inbound ping request. If possible, enable the following inbound firewall rules on the PC and try the ping test again.

* All ICMP V4
* File and Printer Sharing (Echo Request – ICMPv4-In)

Unable to connect to the x500 IoT gateway

You tried to ping the x500 IoT gateway’s VPN address, but didn’t get a reply, or you’re simply unable to set up a VPN connection. The most common causes are:

If you get a specific error message, look here:

The VPN Client is not yet installed

Our VPN client is a lightweight application, running in the background on your computer as a service or daemon, that enables you to make a secure VPN connection to your devices from within your web browser.

The TAP-adapter is outdated, disabled, or already in use

The TAP-adapter is a virtual adapter that’s used to set up your VPN connection. Make sure that it isn’t already in use, disabled, or that an older version (< version 9) has been installed after you installed the VPN Client.

  • Open your network connections and look for a network adapter with “TAP-adapter” in its name or description.

Windows

Simultaneously press the windows key and R to open the Run window. Enter “ncpa.cpl” to open your network connections.

The VPN Client installs and uses version 9 of the virtual TAP-adapter to set up a secure VPN connection. Other software may have overwritten this by installing an older version.

  • Check the version of your TAP-adapter by viewing its description. If it says something along the lines of “TAP-adapter V9“, then the version is correct. If not, please reinstall the VPN Client.

The TAP-adapter needs to be enabled for the VPN Client to set up a VPN connection.

  • Check the status of your TAP-adapter. If it shows “Disabled”, right-click it and select “Enable“.

Your computer only allows you to have one active VPN connection at a time.

  • Check the status of your TAP-adapter. If it shows that it’s connected, then you already have a VPN connection active. Close your VPN connections and try to connect again. If necessary, go to test #1 again.

The connection is blocked by a firewall

If the above is all correct, then it’s possible that something is being blocked by a firewall. This may be the computer’s, company’s or even country’s firewall.

National firewall

If you are located in a country that restricts VPN usage on a national scale (i.e. China), have a look at our “VPN Client stealth mode“-article.

Computer/company firewall

Below is an overview of the outgoing port and protocols that the VPN Client utilizes, which can be blocked by the computer’s firewall or the company’s firewall.

PortTransportApplication
443TCPHTTPS, OpenVPN

The VPN Client also utilizes the following local port and protocols, which can be blocked by the computer’s firewall.

PortTransportApplication
9250, 9255(1)TCPHTTPS, WebSocket

1. Port 9255 is only used when VPN Client stealth mode is activated for connectivity via a censored internet connection (i.e. when located in China).

Error 741

If you get the following error at the bottom of your screen:

OpenVPN: initialization completed with errors. (741)

Then please follow these next steps to resolve the issue.

  1. Open up your windows start menu (windows 7) or search bar (windows 8 and up) and type “cmd” in your search field.
  2. Right click on command prompt and select “run as administrator”

Windows 10

In Windows 10 it is possible to press the windows key + R and enter “cmd” in the field. Press Ctrl + Shift + Enter to run it in administrator mode.

  1. Click yes or allow
  2. Enter the following commands into command prompt while pressing enter after each one
netsh winsock reset
netsh int ipv4 reset
netsh int ipv6 reset

If the above steps did not help, then an anti-virus software may be unnecessarily blocking your communication.

  1. Try to set up a VPN connection without having your anti-virus software active, or contact your IT administrator for help.

Problem solved?

The above steps should’ve helped you resolve your problem. If so, good! If not, please contact us and send us the log files of your VPN Client

Error 743 / 744

If you get any of the following errors at the bottom of your screen:

OpenVPN: no TUN/TAP adapter available. (743)
OpenVPN: exiting due to fatal error. (744)

Then it likely means that there is no TAP-adapter available on your computer. This is the virtual network adapter that is used to set up a VPN connection.

  1. Do you perhaps already have a VPN connection active on your computer? If so, please close down that connection first and try again.
  2. Is the TAP-adapter disabled? For details, look here: The TAP-adapter is outdated, disabled, or already in use.

If the problem persists, please follow the steps below.

  1. Uninstall the VPN Client
  2. Uninstall the TAP-Windows 9.xx.x program
  3. Install the VPN Client

Problem solved?

The above steps should’ve helped you resolve your problem. If so, good! If not, please contact us and send us the log files of your VPN Client

Unable to connect to the device(s)

You tried to ping your device’s IP address, but didn’t get a reply, or you’re simply unable to connect to your devices (PLC, HMI, or other hardware). The most common causes are:

The IP address is not set properly

The checks below ensure that you have set your device’s network settings properly.

  • The subnet mask needs to be the same as the x500 IoT gateway, which is usually 255.255.255.0.
  • The subnet also needs to be the same as the x500 IoT gateway’s LAN subnet. If the x500 IoT gateway’s LAN IP address is 192.168.140.1 and its subnet mask 255.255.255.0 then it’s subnet is the “192.168.140”-part.
  • The IP address needs to be different from the x500 IoT gateway’s LAN IP address to avoid an IP conflict.

The default gateway is not configured

The device’s network settings also include a default gateway, which may be named simply “gateway” or “use router”. We recommend to always properly configure the default gateway on your device if you want to access it remotely.

  • Set the default gateway to the x500 IoT gateway’s LAN IP address.

Unsure where to configure the default gateway?

If you’re unsure where you can find your device’s default gateway, please have a look at our connection guides or contact the manufacturer.

If you are unable to configure this setting on your device, you can use our source NAT feature to access your devices regardless.

  • Go to [Devices] in the main menu, select the concerning x500 IoT gateway, open its [Config] tab, and edit  the LAN settings.
  • Press [Show more], toggle [Enable source NAT], and press [Confirm].

Temporary disconnect

After this next step, the config push, the device will temporarily disconnect to reconfigure its settings and will automatically reconnect. This may take a minute.

  • Finally, press [Push changes] in the config tab to complete the setup.

Problem solved?

The above steps should’ve helped you resolve your problem. If so, good! If not, please contact us.

VPN Client log file locations

To help us support you, we sometimes need the log files from your VPN Client. On Windows and macOS simply copy and paste the following locations in your file browser.

Windows%ProgramData%\Lenze\VPN Client\Logs
macOS/Library/Logs/Lenze/ VPN Client

On Linux the log files can be accessed using journalctl, for example:

journalctl -u VPN client