7 common VPN security risks: the not-so-good, the bad, and the ugly

With proper security practices, VPNs continue to effectively fulfill an essential need reliably and securely connecting remote employees, branch offices, authorized partners and other systems. Yet VPN connection errors continue to inevitably arise.

VPN Troubleshooting Guide – How To Fix VPN Problems

Solve common VPN problems with ease by following our simple tips and easy steps for VPN troubleshooting.

Written by Jack Turner
Updated on July 18, 2023

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn More

When you have VPN issues, it can leave you without the comfort of online anonymity, and unable to access the sites and services you’d like to. The good news is that many VPN problems can be fixed in minutes, and you don’t need to be an IT expert to get back up and running.

Common VPN issues include your VPN not connecting, your IP address still being visible despite the VPN saying it’s connected, and your VPN continuously disconnecting. It’s usually possible to overcome these issues by resetting your internet, restarting your VPN software, or changing your VPN server/protocol.

VPN not working? Why not just try another one? Check out our VPN comparison table to see which VPNs we recommend most highly. If you’d like to stick with what you have, read. We’ve put together clear instructions detailing exactly what you should do in different situations:

In this article, we also provide a guide on how to carry out the different fixes we reference in the above sections, such as temporarily disabling your firewall and clearing your device of old VPN software.

Having trouble with your VPN?

Are you looking for a new, more reliable provider?

How to Fix Common VPN Problems

VPNs are a great way to protect your privacy and security online, but they can sometimes cause problems. Here are some of the most common VPN problems and how to fix them:

• VPN not connecting: If your VPN is not connecting, the first thing you should do is check your internet connection. Make sure that you are connected to the internet and that your VPN is turned on. You can also try restarting your device or your VPN software.
• IP address still being visible: If your IP address is still being visible even though your VPN is connected, you may need to check your VPN settings. Make sure that you are using a secure VPN protocol and that your ports are open. You can also try connecting to a different VPN server.
• VPN continuously disconnecting: If your VPN is continuously disconnecting, you may need to check your firewall settings. Make sure that your firewall is not blocking your VPN connection. You can also try disabling your firewall temporarily to see if that fixes the problem.

If your issue is still unresolved or not covered here, read on for more in-depth help.

My VPN Is too Slow

If your VPN is too slow, try connecting to a different server or a different protocol. Reducing the internet activity you’re routing through your VPN can also solve this issue. If the problem persists, the problem might not be your VPN – so test your internet speed to see if it’s actually your network connection.

• Connect to a different server
• Connect to a different protocol
• Reduce your internet activity
• Test your internet speed

Connect to a different server

If your VPN is slow, connecting to a different server can help. If you pick one that’s a bit closer to you geographically, then your data won’t have to travel as far – this often quickens things up significantly.

Connecting to a different server can also help -simply put, the server might be too congested to offer top speeds. The more people using a server, the slower it gets – and by chance, you might’ve just connected to a very popular server.

Connect to a different protocol

Different VPN protocols utilize different encryption methods, and this can sometimes affect the speed at which data is transferred. Providing best-in-class encryption can, unfortunately, sometimes mean decreased speeds.

WireGuard, offered by Surfshark and NordVPN and is generally considered a happy marriage of both, but it depends on what your personal priorities are. If you’re using OpenVPN, switching between TCP and UDP can have a positive impact on speed.

Reduce your activity

If you’re gaming, streaming, and messaging simultaneously through the same VPN connection, then it might simply be too much for your VPN to handle. Lots of data-intensive activity all at once can cause your VPN to slow down to a standstill, so reducing your activity can speed it up.

Some VPNs, such as Surfshark, offer “split-tunneling”, a feature that lets you funnel some data through a VPN, and some data through your normal connection avenue. If your VPN is very slow, and it offers split tunneling, you could route some of your activity through your regular connection to increase your VPN speed.

Test your internet speed

Remember, it’s not always the VPN that’s going to be a problem – your VPN might be slow due to a slow internet connection. You can easily test your internet speed with a free Google tool, that will appear in Search if you type in “test my internet speed”.

Remember, all VPNs will slow your connection down slightly – even providers like NordVPN, which topped our most recent speed tests. You’re always going to be sending your data on a longer journey (to a VPN server and out the other side) than it would go on if you weren’t using a VPN. That’s why the software works best when paired with a strong, reliable internet connection.

My VPN Is not Connecting

If your VPN won’t connect, make sure it’s not in fact your internet that’s the issue by testing your internet connection. Then, uninstall any other VPN packages on your computer, as they might be interfering with your connection. If that fails, reinstall your VPN software – and if your VPN still won’t connect, contact support.

• Test your internet connection
• Check for VPN Updates
• Uninstall other VPN packages
• Restart or reinstall your VPN software

Test your internet connection

Although your VPN is rerouting your internet connection through a private, encrypted server and masking your IP address in the process, it still requires your internet connection to be active for it to work. If your VPN won’t connect, it might simply be your internet interfering with it.

Your internet and VPN may actually be both working, but sometimes, switching between cellular data and a wifi connection can mean your VPN will struggle to forge a connection to one of its servers.

Check for VPN updates

If your VPN is not connecting, it might be because you’re using an outdated version of your provider’s software. VPN updates should be clearly signposted within your app like ExpressVPN’s is (pictured below). but you can also check the provider’s site to make sure you’re running the most recent version of their software.

Uninstall other VPN applications

We know how it is – you wanted to make sure you have picked the right VPN software, so you may have downloaded several packages to try out, they may well be stopping your newly chosen software from working correctly.

Try disabling, or even better, uninstalling any previous VPN software packages that you might have used, and see if this resolves your issue.

Restart or reinstall your VPN software

A quick fix might just be restarting your VPN software – but if this doesn’t help your VPN to connect, try reinstalling the VPN as an additional measure. This has been known to help if a VPN is slow to connect, if it crashes frequently, or if the VPN connects to the client network but does not allow the user to perform actions like opening links.

My VPN Keeps Disconnecting

If your VPN keeps disconnecting, log out of your VPN on other devices, as you may have reached your provider’s connection limit. We’d also recommend uninstalling any other VPN apps which could be impacting the VPN you’re using, and checking to see if your firewall is interfering with the connection.

• Log out of your VPN on another device
• Uninstall other VPN apps
• Temporarily disable your computer’s firewall
• Ensure you have a stable internet connection

Log out of your VPN on another device

If your VPN keeps disconnecting, it might be because you’ve reached the device limit allowed by your VPN provider. Some VPN providers, like ExpressVPN and NordVPN, only allow users to use the same account across five and six devices respectively – so if you’re using a provider that enforces a limit like this, this could be the cause of this problem.

if this is frustrating, we’d recommend switching to a VPN provider like Surfshark, which allows an unlimited number of simultaneous connections via the same VPN account – which means you can share it with as many members of your family and friendship groups as you like.

Uninstall other VPN apps

Along with not letting your VPN connect at all, competing VPN packages that have been installed on your device might be affecting your VPN.

This can be a particular issue if you’ve activated a kill switch included in any of these VPN packages. Kill switches drop your internet connection whenever your VPN connection drops so you never spend any time online without protection. Having multiple software programs installed on your device that all have permission to control your internet connection can lead to chaos.

Temporarily disable your firewall (and “allow” your VPN)

Firewalls check the data that comes in out of your connection, and they can be very protective of what traffic makes it to your computer (and rightly so – it’s their job, after all).

Some firewalls create VPN issues, so as an experiment, try temporarily disabling your firewall to see if this has a positive effect on your VPN connection – don’t forget to turn it back on when you’re finished checking though, and add your VPN to the list of allowed applications!

Ensure you have a stable internet connection

If you have an unstable internet connection, then your VPN connection is going to be affected. VPNs require an internet connection to work but ideally need a stable connection to work well. If your internet connection is fleeting, then the VPN connection will also cut in and out.

On top of this, if your connection is unstable and flicking between, say, cellular data and a wifi connection – then this can cause your VPN to keep disconnecting.

My VPN is not Hiding My IP Address

If your VPN is not hiding your IP address, check if the problem persists while you’re using a different protocol or a different server. If it’s happening consistently, however, it might be time to look for another, more secure VPN provider.

• Connect to a different server
• Use a different protocol
• Sign up for a Better VPN provider

Connect to a different server

If your VPN isn’t hiding your IP address, there may be something wrong with the specific server you’re connecting to – in this case, it’ll be a network-level technical issue that’s out of your control. Try connecting to a different server to see if this fixes the problem.

Use a different VPN protocol

If you’re connected to your VPN but your IP address is still visible, the VPN problem could be its protocol. In computing, a protocol is essentially a set of rules and procedures that is used to facilitate the exchange of data – the most common example of this is HTTP.

Some VPN protocols are old and considered unreliable (PTPP), while others have been recently developed and have a significantly lower chance of leaking IP addresses (IKEv2, WireGuard), so are used by the most secure VPNs. Experiment with changing the protocol in the settings to see if this resolves your issue.

Sign up for a better VPN provider

It might sound blunt, but if your VPN simply isn’t hiding your IP address, it might be time to get a better VPN. The whole point of a VPN is to do this and in turn, enhance your digital privacy. If it’s not doing that, what’s the point in paying for it?

If you’re using a free VPN, on the other hand, and this is happening consistently, we’d advise you to stop using the service immediately. Why? Well, it’s unlikely to get any better – and, if it’s anything like Hola VPN, it could even put your privacy in jeopardy.

A lot of (but not all) free VPNs care about new sign-ups rather than keeping existing users safe and don’t invest much in their security architecture or server infrastructure. Some will even monitor your activity. We’d recommend a secure, reputable – but cheap – VPN provider.

My VPN Is Down/Not Responding

If your VPN isn’t responding, check reports of outages to ensure it isn’t a network-wide problem. Then, temporarily disable your firewall to see if that’s simply blocking the VPN connection, and if all else fails, attempt a device reboot.

• Check reports of outages
• Check for Updates
• Temporarily disable your firewall
• Sign out and restart your device

Check reports of outages

If you’re struggling to get your VPN up and running, yet your internet connection is working and you have no other VPN software installed on your device, then it’s worth checking to see if your VPN provider is experiencing technical difficulties or an outage.

This is pretty rare, and finding out won’t help you to get your VPN up and running again, but at least you know if it’s a VPN problem that requires further action from your side of the table or not.

Check for updates

While you’re checking for reports of outages, it’d be a good idea to quickly check for any application updates you may have missed, even if there’s no notification in your VPN app.

Temporarily disable your firewall (and “allow” your VPN)

Along with causing your VPN to disconnect, your firewall might be the reason your VPN is not responding.

As we’ve said, disabling it could help you identify the issue, but you’ve got to make sure you turn it back on again afterward and add your VPN app to the list of applications you don’t want it to interfere with.

Sign out and restart your device

Turning it off and on again is the oldest trick in the book for a reason – sometimes, it just works. It might just be that your system or your VPN client didn’t boot up properly – signing out and starting again could solve this problem.

My VPN App Won’t Open

If your VPN application simply won’t open, all you can really do is attempt to reinstall it and then contact your provider’s customer support team for more information.

• Reinstall the VPN application
• Contact your VPN’s customer support team

Reinstall the VPN application

If your VPN application simply won’t load, there’s little you can do, aside from deleting and reinstalling the app.

Contact your VPN’s customer support team

Of course, you can also contact your provider’s customer support team and report your VPN issue at any time. But if the app won’t open at all, your other options are restricted.

It’s unlikely to be an issue with your network connection, as you don’t actually need a connection to open VPN apps – and if you’ve already tried deleting and reinstalling the app, this should be your next port of call.

My VPN Is Blocked or Banned

If you’re finding that the service you’re trying to access has blocked or banned your VPN, then you should first try a different server, and then switch over to a protocol or server that obfuscates traffic.

Try a different server

Sometimes, services like Netflix ban VPN IP addresses – but they can’t always ban every single IP address that a VPN provider owns – and besides, new ones are often added.

If you connect to a different server, you’ll be provided with a different IP address – so it might not be blocked by the service you’re trying to access. If you’re struggling on all fronts, and it’s a service you really want to access, it might be time to look for another VPN.

Use an obfuscated protocol/server

Obfuscated servers – sometimes referred to as “stealth” servers – are VPN servers that purposefully scramble user packet data and make it look like normal, non-VPN traffic. Switching to an obfuscated server or an obfuscated protocol can help with the task of bypassing blocks and bans.

Some VPNs will have dedicated servers with obfuscation technology, while others provide specific protocols for obfuscation. Some other VPNs don’t provide this at all, but providers like ExpressVPN simply obfuscate all of their traffic – meaning they’re much, much less likely to get blocked by a service than other providers.

VPN Not Working on iPhone

If your VPN for your iPhone isn’t working, there are various fixes you can try to get it back up and running. Some examples include:

• Force restarting your iPhone
• Re-downloading your VPN app
• Logging in on another device (for account issues)
• Resetting your VPN password on another device
• Resetting your network settings
• Resetting your Device level IP address

VPN Not Working on Android

If you’re using an Android phone and your VPN isn’t working, you can also try force restarting your device, redownloading your VPN app, or logging in on another device to see if it’s a problem with your account credentials/phone sign-in. However, you may also want to try:

• Reviewing your Android app permissions
• Reset the cache and data from the VPN app
• Resetting your network settings

VPN Troubleshooting: 10 Steps To Resolve Issues

We’ve covered what to do to fix specific VPN problems, here’s a closer look at all the different troubleshooting methods that tend to work if your VPN is too slow:

• How to Test Your Internet Connection
• Restarting Your VPN Software
• How to Clear Your Device of Old VPN Software
• Making Use of the VPN’s Help & Support
• How to Check if Your VPN is Up To Date
• Changing Your VPN Server
• How to Connect to a Different VPN Protocol
• How to Check Your Firewall
• Making Sure Your VPN is Compatible with the Site or Service
• How to Flush Your DNS Cache (Computer Only)

1. How to test your internet connection

As we’ve covered, it’s possible that the problem you’re experiencing may not be a VPN issue at all – it might actually be your internet connection that’s the thing stopping your VPN from connecting. However, testing to see if it’s truly your internet connection that’s the problem is very simple.

1. Disconnect your VPN.
2. Shut down your VPN app (open the Task Manager panel and force close it if necessary).
3. Search for something on Google.
4. If web pages won’t load, your internet is not working.

If you still can’t connect to the internet, then it’s your network connection that’s the problem, rather than the VPN client.

2. Restarting your VPN software

Yes, it’s a cliche, but closing down your software can get things running smoothly again, and will fix a surprising number of VPN issues. If your VPN is a desktop software program…

1. Press the “X” in the corner of your VPN software to close it.
2. Check your Task Manager panel to ensure the app is not running in the background.
3. If you can see the application is still running, force close it.
4. Restart the software.

If the VPN is a browser plug-in, on the other hand, simply close your browser down and reopen it.

3. How to clear your device of old VPN software

If you’re struggling to connect – or even open – your VPN, you might want to clear your device of old VPN software, just to be sure it’s not that that’s causing your VPN issues. This is pretty easy to do on a Windows device:

1. Type in “Apps” to the search bar at the bottom of your screen.
2. Click on “Apps & Features”.
3. Scroll through your apps until you find old/unused VPN software.
4. Click “Uninstall”.

If you’re using a VPN on your phone, go to your app list in your settings and delete any unused VPN apps. If you’re struggling to find the apps and features area with the Windows search bar, you can also get there by going through the system settings.

4. Making use of the VPN’s help function

VPN software providers know that at some point or other, you might get stuck. That’s why they try and ensure that there’s a built-in help function. Make sure you use it! Most are user-friendly and don’t assume you have an expert level of knowledge. The usual options included by almost all VPNs are:

• Email: your VPN provider’s customer support email address will be listed on their website. Your app may also have a built-in contact function.
• Knowledge base: Most VPNs provide information on how to troubleshoot problems on their websites (FAQs, guides, etc.)

However, some VPNs provide phone support, while others have a live chat function, which can address a myriad of problems VPN users commonly face. All customer support options are typically listed on a provider’s website and are easy to find with a simple Google search.

5. How to check if your VPN is up to date

VPN software is regularly updated. Some of these take the form of quality-of-life tweaks to make the program easier to use, but others will be essential for the day-to-day functionality of the VPN, so it’s important to make sure that you don’t ignore update requests.

As we previously mentioned, the easiest way to find out if your software is up to date is by checking the version you’re running against the version number on the provider’s site. Notifications are usually sent to users when there’s a software update available, so keeping a close eye on this is also advised.

6. Changing your VPN server

As we covered earlier, servers are regularly overloaded with traffic, temporarily down, and may even be blacklisted by the service you’re trying to use.

Luckily VPN troubleshooting is made easy by the fact that almost all VPN providers will let you choose to connect to different servers, so give another one a go.

1. Log into your VPN app.
2. Navigate to the “server”/”locations” area.
3. Select the server/location you’d like.
4. Click on it to connect.

All top VPN apps have a “server” area of their applications where you can select the server location you’d like to connect to. This should be clearly signposted within your app interface.

7. How to connect Using a Different VPN Protocol

Much like VPN servers, most contemporary VPNs have a clearly-signposted section of their user interface where you can switch between protocols such as IKEv2, WireGuard, and OpenVPN UDP.

1. Log into your VPN app.
2. Navigate to the “Protocols” area.
3. Select the protocol you’d like.
4. Click on it to re-establish your connection.

8. How to temporarily disable your firewall and add a VPN app

You can temporarily disable your firewall on Windows PCs by following these steps:

1. Click on the Windows search bar.
2. Search for the “Control Panel”.
3. In Control Panel, Select “System and Security”.
4. Select “Windows Defender Firewall”
5. “Click “Turn Windows Defender Firewall on or off”.

You can then add a VPN to the list of allowed apps by heading over to the same System and Security area of the control panel and clicking “allow an app through Windows firewall”.

9. Making sure your VPN is compatible with the site or service

Ensuring your VPN is able to access the service you’re trying to use before you purchase a subscription is one way to avoid blocking or banning issues further down the line. Although VPNs are incredibly sophisticated at circumventing geographically blocked sites, the sites themselves can be just as clever – so it’s important to do your research before you part ways with any cash.

One of the hardest to crack is Netflix, which is ironic, as it’s also one of the main reasons people install a VPN. Why? Well, using a VPN, you can, in theory, access Netflix content from each corner of the globe, meaning movies, documentaries, and TV shows before they’re available in your country.

Not all VPNs play nice with Netflix, so it’s worth checking the provider’s website first. If it’s not compatible, there is no fix – you’ll just have to pick the best VPN for Netflix instead.

10. How to flush your DNS cache (computer-only fix)

If nothing has worked yet on your quest to solve your VPN issues, you may want to try flushing your DNS cache. Why might you need to flush your DNS cache? Well, VPNs allow you to bypass your ISP’s DNS, but your operating system may inadvertently be using cached DNS settings from when you weren’t using your VPN, which can cause a VPN problem.

To flush your cache on a Windows computer…

1. type “cmd” into the system search box in the bottom left-hand corner of your screen.
2. Right-click on “command prompt” and select “Run as Administrator”.
3. After a new window opens, enter “ipconfig/flushdns” (without quotation marks)
4. Press “Enter” on your keyboard.

For devices running macOS…

1. Click the Spotlight search button and type in “Terminal”.
2. When the Terminal application appears, double-click it.
3. When the terminal is open, enter this command “sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder” (without quotation marks).
4. Enter your Mac’s password when prompted, which will clear the DNS.

As you can probably tell, this is a relatively advanced VPN troubleshooting tactic compared to the others, so we’d recommend trying our previous suggestions first.

VPN Troubleshooting: Why is my Netflix VPN not Working?

One of the most common VPN use cases is unblocking Netflix content only available in certain countries. Netflix geo-restricts a lot of its movies and films for a variety of reasons. Certain releases may be banned in some countries, or Nextlif simply might not have the rights to show a given film in a specific territory yet.

If your Netflix VPN is not working, then we’d recommend attempting all of the VPN troubleshooting techniques listed in this article to see if your software or your internet connection is the problem. If you’ve eliminated those possibilities, unfortunately, the reason your Nextlix VPN is not working is probably that Netflix has banned the VPN IP address you’re using to attempt to connect to the site.

Don’t worry, that’s pretty normal; Netflix is in the business of tracking down IP addresses it can tell belong to VPNs and banning them. If you think this might be the reason behind your Netflix VPN not working, then follow these steps:

1. Connect to a different VPN server based in the same region/country.
2. If that fails, Connect to a VPN server based in another region where the movie/film you’d like to watch is available.
3. If that fails, you will need to look into switching to a streaming-optimized VPN.

VPN Troubleshooting: Do VPNs Work on iPhones?

Although many VPNs have clients you can download and use on your iPhone, recently a vulnerability that leaks VPN traffics on iPhones was found to still be present in iOS 16 in 2022, meaning it’s likely a VPN problem for all iPhones.

Apple has been aware of this VPN issue for several years. Proton VPN notified the company that unencrypted traffic was leaking out of users’ VPN tunnels, two years ago. This issue was brought to the attention of Apple by Mullvad VPN again in 2020, while in 2022, security researcher Michael Horowitz found the vulnerability alive and well in iOS version 15.6.1.

Now, some researchers claim the vulnerability still exists in iOS 16, the latest iteration of iOS. Researchers at Mysk, for instance, have shown that “iOS 16 does communicate with Apple services outside of the VPN tunnel.”

All in all, the jury is still out. Although millions of people are still using VPNs on their phones despite this news, if you can use it on a different device, in light of this news, we’d recommend doing so.

Next Steps for VPNs

Now that you’ve sorted out your VPN connection problems, it’s worth considering that maybe you don’t have the right VPN for your particular needs. With a wide range of options on the market, taking a look at your alternatives could save you a lot of time in the troubleshooting department down the line.

Tech.co has done extensive research on the best cheap VPNs on the market, so you can get an honest look at some of the features, pros, and cons of each. Then you can decide whether or not your current VPN is getting the job done.

7 common VPN security risks: the not-so-good, the bad, and the ugly

A Virtual Private Network (VPN) is perfect for internal employees who need to access the server (or section of the server) from anywhere besides the office. In fact, at SecureLink we use VPN client software on our laptops to do just that; if you need to work remotely and need to update something that’s on the server, just use your VPN and you can easily get it done. Generally, this type of network offers high-speed connections that help companies operate efficiently. In addition to allowing employees to work from home or on the road, VPN connections can also give vendors access to internal resources they need in order to support company operations.

However, there are a number of problems, concerns, and vulnerabilities when it comes to deploying VPN services. Understanding these common VPN issues is crucial in protecting your company’s network security. That’s why we’ve categorized these common issues as the not-so-good, the bad, and the ugly to help you make an informed decision on whether your organization should implement a VPN.

Why VPN is Not Secure

VPNs are insecure because they expose entire networks to threats like malware, DDoS attacks, and spoofing attacks. Once an attacker has breached the network through a compromised device, the entire network can be brought down.

The not-so-good VPN security risks

Third-party VPNs can’t create or enforce policies that protect credentials

Third-party vendors may sometimes follow a number of VPN practices that are not optimal, yet are beyond your control – practices that create opportunities for hackers to enter your network.

Example: Sharing credentials with co-workers, or reusing weak passwords from personal accounts that are easily exploited. According to a Verizon report, 76% of network intrusions involved compromised user credentials.

More secure VPN = Less productive workforce

While using VPN software increases security over an unencrypted connection, connection speeds and application performance can decrease due to several factors – such as the time needed to provision and test the VPN, which usually involves other departments such as IT support.

And this must happen before any application or server access can be tested. This two-step process slows things down and often involves personnel who aren’t familiar with the application or the vendors’ use case for getting access in the first place.

The result: Long lag times in getting vendor support technicians on the job, which also impacts your workforce’s productivity and customer service quality.

High VPN support costs = Higher cost of doing business

With VPNs, there’s no centralized remote management. Without the ability to deploy, monitor, and manage all of your connections from a single place, your support personnel must spend a great deal of time supporting the VPN client and the connected applications.

Plus, third-party vendors may not have in-house technical support to help with initial setup, troubleshooting VPN connection problems as well as solving everyday issues, and you may require more resources at your helpdesks to assist users, thus increasing your costs of doing business.

The bad VPN security risks

All or nothing = VPNs create security risks

When a business uses VPNs to provide third-party vendors access to their network, those vendors either have full access to your network (for example, at the start of a job) or they don’t (when you revoke access after the job ends) – unless companies implement strict network segmentation with firewalls and switches, which adds additional complexity.

There are no shades of gray, no ability to give partial access only to required resources. The more servers, applications, and network equipment your vendors can access, the more you have at risk.

VPN servers and client software grant a vendor access to everything in your network unless least privileged access is implemented. Even if you segment your networks with VLANs (Virtual Local Area Networks), access can still be too broad, or even too narrow, which requires additional VPN troubleshooting and technician time.

Lack of accountability creates third-party VPN risks

VPNs typically provide little or no granular audit records, so you can’t monitor and record the actions of every third-party vendor using the VPN. Usually, all that is logged in connection times and even then that data is in yet another log to monitor and watch.

Without easy, centralized access to all the historical information on a connection (user, applications accessed, the reason for access, etc.), it is impossible to prove who or what created an issue, should a breach or mistake occur due to a third-party vendor.

The ugly VPN security risks

VPN provides a false sense of security

If your third-party vendors and VPN users have access to your network, you may believe that your company data and network are safe; after all, the “P” in VPN does stand for “private”.

However, history has proven otherwise. The reality is that malicious hackers have exploited weak VPN protocols and non-secure internet connections to cause data breaches at major companies such as Home Depot and Target.

A VPN doesn’t protect you from hackers

Hackers often use VPNs to gain access to networks. If your business has many third-party vendors, and each vendor has full access to your network, a hacker now has multiple potential routes to break into and exploit your network using VPN traffic.

Let’s face the facts: One of the easiest ways a hacker enters a network is through a third-party connection. Using a checklist to assess third-party VPN risks and the vulnerability of your third parties’ remote access points can help reduce the probability of an attack.

The upside: use a third-party management system

Given all the above, do you really want to expose your company to these kinds of risks and common problems? Not just risks to your data, but to your company’s reputation, too, should a data breach occur? The answer is clearly no – especially since a better, smarter enterprise VPN alternative exists: SecureLink.

With SecureLink, third-party remote access is given not to your entire network, but only specific areas, based on the (much safer) principle of least privilege: vendors can access only the resources they require to get their job done.

Thanks to SecureLink’s third-party remote access management solution, you get the advantages of VPNs (allowing third-party access to your network) with none of the negatives. And that’s a very good thing.

How to fix the four biggest problems with failed VPN connections

Is your VPN connected but not working? Learn four of the biggest trouble areas with VPN connections and how you can fix them today.

We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. This may influence how and where their products appear on our site, but vendors cannot pay to influence the content of our reviews. For more info, visit our Terms of Use page.

Virtual private networks have risen from obscurity to become the frequently preferred method of linking private networks. Although VPNs became popular because they enabled using the Internet to secure network connections, thereby eliminating the need for expensive dedicated circuits, VPN adoption skyrocketed because the technology also proved relatively simple, reliable and secure.

Considering VPNs foolproof, however, leads to a false sense of security. Following state-sponsored attacks that used compromised VPNs to enable exploitative attacks, organizations received a wakeup call that VPN accounts require close monitoring and safeguarding too.

With proper security practices, VPNs continue to effectively fulfill an essential need reliably and securely connecting remote employees, branch offices, authorized partners and other systems. Yet VPN connection errors continue to inevitably arise.

Often, Windows server-powered VPN connection issues that arise often fall into one of four categories:

• The VPN connection is rejected.
• An unauthorized connection is accepted.
• Locations beyond the VPN server prove unreachable.
• A tunnel cannot be established.

Here’s how to resolve these common Windows Server-powered VPN connection errors.

Working with the Windows Server Routing and Remote Access console

Once a VPN is set up using a Windows Server, connection issues occasionally occur, even when a connection previously worked properly. Troubleshooting often involves working with Windows servers’ Routing and Remote Access console snap-in tool, which is where Microsoft concentrates many VPN configuration settings.

The Routing and Remote Access snap-in lives within the Microsoft Management Console, known as the MMC. There are multiple ways to access the MMC. You can select the console from the Start menu’s Programs options, within the Administrative Tools folder within Windows server’s Control Panel or by typing mmc at a command prompt. You can also reach the MMC by pressing the Windows key and the letter R simultaneously and entering mmc and pressing the Enter key.

While the actual user interface and menu options occasionally change subtly between specific server versions, administrators should be able to navigate the various consoles — whether working with an older version or the current Windows Server 2022 iteration — using the same approach.

How to fix the four biggest problems with failed VPN connections

1: The VPN connection is rejected.

Having a VPN client’s connection rejected is perhaps the most common VPN problem. Part of the reason this problem is so common is that many issues can cause a connection to be rejected.

If the Windows server-powered VPN is rejecting client connections, the first thing you need to do is confirm the Routing and Remote Access Service is actually running on the Windows server. You can check by opening the Windows server’s Services console, which you can access by clicking Start | Control Panel | Administrative Tools | Services. With the Services console open, navigate within the list of services to the Routing and Remote Access entry ensure its service is running.

As TechRepublic’s Brandon Vigliarolo demonstrates within his video at the start of this article, the Services console displays the status of the Routing and Remote Access entry. From within the Services console and with the Routing and Remote Access entry highlighted, you can click Start the Service or right-click the entry and select Restart. If the RRAS service was set to Manual or Disabled, you can open the entry, change the Startup Type to Automatic and then click Start and OK.

Networking: Must-read coverage

• Gartner releases 4 trends that will impact cloud, data centers and infrastructure in 2023
• Support for these Microsoft enterprise products ends in 2023
• Dell Technologies World 2023: Q&A on how Dell sees security at the edge
• Best VPNs for small business in 2023

After confirming the RRAS service is running, and as Vigliarolo also reviews, it’s a good idea to test the connection by pinging the VPN server first by IP address, then by its fully qualified domain name. If you encounter errors, it’s likely a DNS problem is occurring and you can turn your attention to resolving that issue.

If the VPN server pings work, though, and you’re still having connection issues, turn your attention to addressing a potential authentication mismatch. Sometimes the VPN client and VPN server are set to using different authentication methods.

Confirm whether an authentication error is the problem by opening the server console. Yet another method of accessing the MMC is to type Control+R to open a command prompt in which you can type mmc and hit Enter or click OK.

With the console open, navigate to the Routing and Remote Access entry. If the entry isn’t present, click File, select Add/Remove Snap-in, choose the Routing and Remote Access option from the choices and click Add, then OK.

With the Routing and Remote Access snap-in added, right-click on the VPN server and click Properties. Then, review the Security tab to confirm the authentication method. Windows Authentication is the most common, although a different option such as RADIUS may be in place. Ensure the VPN client is set to the authentication method specified within the Security tab.

More things to check

Typically the items just reviewed are responsible for most VPN connection refusal errors. But other fundamentals must be correct, too.

For example, if the Windows Server hosting the VPN hasn’t joined the Windows domain, the server will be unable to authenticate logins. You’ll first have to connect the server to the domain.

IP addresses are another fundamental element for which administration must be properly set. Each Web-based VPN connection usually uses two different IP addresses for the VPN client computer. The first IP address is the one that was assigned by the client’s ISP. This is the IP address that’s used to establish the initial TCP/IP connection to the VPN server over the Internet. However, once the client attaches to the VPN server, the VPN server assigns the client a secondary IP address. This IP address typically possesses the same subnet as the local network and thus allows the client to communicate with the local network.

When you set up the VPN server, you must configure a DHCP server to assign addresses to clients, or you can create a bank of IP addresses to assign to clients directly from the VPN server. In either case, if the server runs out of valid IP addresses, it will be unable to assign an address to the client and the connection will be refused.

For DHCP server environments, a common setup error is specifying an incorrect NIC. If you right-click on the VPN server within the Routing and Remote Access snap-in and select the Properties command from the resulting shortcut menu, you should see the server’s properties. The corresponding IP tab contains settings that permit specifying the DHCP source. Ensure that if the DHCP server option is enabled, the appropriate network adapter is selected. You must select a network adapter that has a TCP/IP path to the DHCP server.

2: An unauthorized connection is accepted.

Next, let’s review the opposite problem, in which unauthorized connections are accepted. This problem is much less common than not connecting, but the problem is much more serious because of the potential security issues and resultant unauthorized traffic.

If you look at a user’s properties sheet in the Active Directory Users and Computers console, the Dial In tab usually contains an option to control access through the remote access policy. If this option is selected and the effective remote access policy is set to allow remote access, the user will be able to attach to the VPN.

Although I have been unable to re-create the situation personally, I have heard rumors that a bug exists in older Windows servers that can cause the connection to be accepted even if the effective remote access policy is set to deny a user’s connection. Therefore, and especially on older server platforms, it’s best to allow or deny connections directly through the Active Directory Users and Computers console.

A host of other security fundamentals should be in place, too, to help prevent unauthorized VPN access. Unnecessary VPN accounts should always be disabled and even deleted, when possible. Users should be required to change their corresponding passwords frequently, and those passwords should need to meet complexity requirements.

Multi-factor authentication should be required for all VPN connections, and network firewalls and security services should continually monitor for unauthorized or suspicious connections to generate high-priority alerts whenever possible issues surface. Implementing those steps will help reduce the likelihood an unauthorized connection is accepted.

3: Locations beyond the VPN server prove unreachable.

Another common VPN problem is that a connection is successfully established but the remote user is unable to access the network beyond the VPN server. By far, the most common cause of this problem is that permission hasn’t been granted for the user to access the entire network.

To allow a user to access the entire network, go to the Routing and Remote Access console and right-click on the VPN server that’s having the problem. Select the Properties command from the resulting shortcut menu to display the server’s properties sheet, then select the properties sheet’s IP tab. At the top of the IP tab is an Enable IP Routing check box. If this check box is enabled, VPN users will be able to access the rest of the network, assuming network firewalls and security-as-a-service settings permit. If the checkbox is not selected, these users will be able to access only the VPN server, but nothing beyond.

The problem could also be related to other routing issues. For example, if a user is dialing directly into the VPN server, it’s usually best to configure a static route between the client and the server.

You can configure a static route by going to the Dial In tab of the user’s properties sheet in Active Directory Users and Computers and selecting the Apply A Static Route check box. This will cause Windows to display the Static Routes dialog box. Click the Add Route button and then enter the destination IP address and network mask in the space provided. The metric should be left at 1.

If you’re using a DHCP server to assign IP addresses to clients, there are a couple of other problems that could cause users not to be able to go beyond the VPN server. One such problem is that of duplicate IP addresses. If the DHCP server assigns the user an IP address that is already in use elsewhere on the network, Windows will detect the conflict and prevent the user from accessing the rest of the network.

Another common problem is the user not receiving an address at all. Most of the time, if the DHCP server can’t assign the user an IP address, the connection won’t make it this far. However, there are situations in which an address assignment fails, so Windows automatically assigns the user an address from the 169.254.x.x range. If the client is assigned an address in a range that’s not present within the system’s routing tables, the user will be unable to navigate the network beyond the VPN server.

Other issues can contribute to this problem, too. Ensure the resources the user is attempting to access are actually on the network to which the user is connecting.

With the growing number of servers, cloud platforms and application as a service options, it’s possible the user is seeking a resource on the wrong network or on a subnet to which the network the user connected can’t reach. A VPN connection to the other subnet might, in fact, be required. A firewall or security as a service solution could also be to blame, so don’t forget to review those solutions’ settings, if such components are present between the VPN server and the resources the user seeks to reach.

4: A tunnel cannot be established.

If everything seems to be working well, but you can’t seem to establish a tunnel between the client and the server, there are two main possibilities of what could be causing the problem.

The first possibility is that one or more of the routers involved is performing IP packet filtering. IP packet filtering could prevent IP tunnel traffic. I recommend checking the client, the server and any machines in between for IP packet filters. You can do this by clicking the Advanced button on each machine’s TCP/IP Properties sheet, selecting the Options tab from the Advanced TCP/IP Settings Properties sheet, selecting TCP/IP Filtering and clicking the Properties button.

The other possibility is that a proxy server is standing between the client and the VPN server. A proxy server performs NAT translation on all traffic flowing between the client and the Internet. This means that packets appear to be coming from the proxy server rather than from the client itself. In some cases, this interaction could prevent a tunnel from being established, especially if the VPN server is expecting the client to have a specific IP address.

You must also keep in mind that older or low-end proxy servers (or NAT firewalls) don’t support the L2TP, IPSec or PPTP protocols that are often used for VPN connections.

In other cases, firewall security services or security as a service solutions might be blocking the formation of a VPN tunnel. Review the settings within those various devices or services to ensure the Windows server-powered VPN traffic is properly supported.

Other VPN problems

Windows server-powered VPNs remain an important solution for securely connecting remote users and systems. While actual menus and specific server properties change over time, the fundamentals reviewed above are often responsible for the most common issues. As new server versions, updates and service packs are released, different VPN connection and remote access problems and solutions will arise. Fortunately, Microsoft regularly posts VPN connection troubleshooting updates and guidance, which you can monitor and view on its website here.

Subscribe to the Daily Tech Insider Newsletter

Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.

Published: June 17, 2022, 8:22 AM PDT Modified: October 31, 2022, 10:35 AM PDT See more Networking articles

Also See

• How to select an enterprise VPN that protects data but doesn’t drive users crazy (TechRepublic)
• Best network monitoring software and tools 2022 (TechRepublic)
• Don’t browse on public Wi-Fi without a VPN (TechRepublic Academy)
• Hiring Kit: Network Engineer (TechRepublic Premium)
• Data centers-related news and tips (TechRepublic on Flipboard)