General Personal Firewall Software
In our testing, we have found that most consumer firewall software, if properly updated, will allow the VPN to connect without issue or provide feedback to the user that it must be allowed.
Nevertheless, they can still cause issues and block the VPN from connecting at all, or cause performance issues.
The changes that the personal firewalls make in the IP stack in Windows appear to sometimes cause problems even when the firewall is disabled. Even software from the big name vendors (Norton, McAfee, etc.) is notorious for interfering with VPN services. In most cases the firewall software can be configured to work with the VPN by adding an exception or rule change.
If no setting can be found to adjust for your individual firewall, such as changing security from “high” to “medium”, opening port UDP 1194 for SSL VPN or TCP 1723 & IP 47 (GRE) for PPTP VPN, or for “trusting” openVPN, then the solution that will most often work for personalVPN-SSL (OpenVPN based VPN) is to uninstall the firewall, re-install personalVPN-SSL, then CONNECT the VPN so it is ON, and re-install the firewall. This appears to allow the firewall to accept the VPN as already being there.
We also suggest getting in touch with your firewall developer support team and asking them how to allow the VPN through. As mentioned above, you need to allow UDP port 1194 through the firewall.
We have captured feedback from customers over the years below and will continue to update. Still, the best resource will often be the manufacturer of your firewall software.
We have confirmed reports from a number of clients that the vpn refuses to connect when Avira AV is up and running. Disabling or uninstall the software allows the VPN to connect like normal.
We still receive occasional customer comments that Comodo is problematic for personalVPN-SSL (OpenVPN). Try uninstalling Comodo, re-installing personalVPN-SSL, then re-installing Comodo.
Here is a customer-provided solution for using Comodo with the PPTP VPN:
Open Comodo->Firewall->Advanced->Network security policy->Add…->Select->Running processess…->System Idle Process (or System if you don’t see System Idle Process) Now, you should be back to Application Network Access Control window. Select Add… Action: Allow Protocol: IP Direction: Out Description: GRE Out Allowed Check, if you want, “Log as a firewall event if this rule is fired” Source Address: Any (or select what you think is better) Destination Address: Any (or select what you think is better) IP Details: Ip Protocolo: GRE
Kerio Personal Firewall
To make this work, the best solution we have so far is to uninstall Kerio, re-install personalVPN-SSL, and re-install Kerio.
UPDATE: We had a customer write in with a link to the Sunbelt Software support forums with a fix. Here is the link. It does seem to interchange Cisco with OpenVPN but apparently works.
Little Snitch (Macintosh)
You may need to add a rule to allow UDP 1194 to vpn.witopia.net for personalVPN-SSL
McAfee Privacy Service
From a customer running McAfee Privacy Service. The solution: Remove McAfee Privacy Service program and restart computer, VPN worked straightaway. The rest of McAfee does not seem to affect the VPN.
Norton Personal Firewall
Norton can BLOCK the install of the vpn software. If you are running Norton (any version), and having installation issues, please disable the real time protection, and the anti-virus portions of the software BEFORE you install or it will result in a failed install
In addition to general VPN failure issues with Norton 2007, we’ve seen an error that looks like this:
“RESOLVE: Cannot resolve host address: vpn.witopia.net: [NO_DATA] The requested name is valid but does not have an IP address.”
“write UDPv4: The requested address is not valid in its context.(code=10049)”
Norton 2007 has also been shown to allow personalVPN-SSL to connect, but can SEVERELY slow the connection.
You may try to SELECT the Configure option under Personal Firewall, then go to Advanced Settings, then UNCHECK the Stealthy Ports option. This may allow you to connect via VPN.
You can also try to uninstall firewall, have VPN connect, and then reinstall Norton. This will hopefully trigger the firewall to recognize the VPN.
“So, if someone else has a similar problem in the future, be aware that PeerGuardian’s default IP address lists will block your network. Once I set PG to allow access to the addresses being shown in OpenVPN GUI’s log, everything cleared up and now the service is working just fine.”
Here is the solution provided by Webroot:
Try disabling the System Services shield in Spy Sweeper. This shield can be disabled by pressing “shields” on the left of Spy Sweeper and then the Windows System tab at the top. Then De-select systems services and try VPN again.
Microsoft has issued a notice that their customers may experience connection problems on a Windows XP SP2-based computer or a Windows Server 2003 SP1-based computer that has more than one network adapter. personalVPN does install its own network adapter so, although this seems to be rare, please check this link
Windows Live OneCare
Windows Live OneCare is a comprehensive PC care service that helps protect and maintain your computer with antivirus, firewall, antispyware, anti-phishing, PC performance tune-ups, and file backup and restore functionality. While most ports are enabled by default, certain ones may not be. To use with either the PPTP or SSL VPN, you may need to create an exception.
Renames attachments so our personalVPN-SSL attachments don’t match the text in the email.
- Step 1: Open the Trend Micro control panel. You can do this by directly accessing the Trend Micro program from the Start menu or by double-clicking on the Trend Micro icon in your system tray.
- Step 2: Click the “Personal Firewall Controls” button on the primary menu. In the “Personal Firewall” pane, select the “More Settings” option to view the firewall options.
- Step 3: Click the “Advanced Settings” option. In the “Advanced Settings” window, click the “Program Controls” tab. Click the “Add” button; you will see the “Add Firewall Program Rule” screen.
- Step 4: Type “personalVPN” in the “Description” box. Click the “Browse” button and locate the vpn, then select it. Under settings choose “Simple”.
- Step 5: Choose “Allow” to be the “Firewall Response”. Click the OK button and close the console. You have now allowed the vpn with Trend Micro.
NetNanny, CyberCop, Safe Eyes, Content Filtering Software
In general these type of internet filtering programs that do a live check on each page load by checking in with a server online do NOT work with a VPN period. Please check with your provider for specific details on how to resolve this issue.