http://www.vpntracker.com/interop

For a general introduction to computer networking, VPNs and IPsec, there are several excellent introductions available online or as books, see for example here.

If you experience specific configuration problems, our technical engineers are happy to provide support for setting up VPN connections with VPN Tracker. In many cases, connection problems are related to misconfiguration of either VPN Tracker or the VPN gateway.

If you provide

• A problem description and information on what you've already tried
• A Technical Support Report from VPN Tracker ("Help" > "Generate Technical Support Report")
• Screenshots of the VPN gateway configuration
• A log from the VPN gateway

we can usually quickly spot the cause for a problem and provide advice on how to resolve it.

As there are several factors unrelated to VPN Tracker or the VPN gateway that can influence connectivity (e.g. firewalls/routers in between VPN Tracker and the VPN gateway), we cannot guarantee that a connection can be established under any circumstances.

While we try our best, our support options may be limited if

• you use a device which we did not test ourselves (most devices work just fine with VPN Tracker, though, and we're happy to take a look even at issues with untested VPN gateways)
• you do not provide the information we need in order to assist you (see above)
• your network administrator does not cooperate
• you change connection parameters while we're trying to debug the settings

By default, traffic to the remote network cannot be sent through the VPN tunnel if it is using the same network as the local network.

Resolving a Network Conflict using Traffic Control

You can use Traffic Control and VPN Tracker will send non-essential local network traffic over the VPN.

Activate Traffic Control:
> Go to Advanced > Traffic Control
> Check "Force traffic over the VPN if remote networks conflict with local networks"

Note that you will never be able to reach the following addresses over VPN: The IP address of your local router, your DHCP server, and your DNS server(s). If you need to reach those IPs over VPN, you will have to resolve the network conflict instead of using Traffic Control. The same applies for any IPs that you need to reach locally and over VPN.

Resolving a Network Conflict Manually

You have two basic options for resolving a conflict:

1. Change the local network to use a different network address. In most situations, this will entail changing the LAN settings on the local router (including DHCP settings if DHCP is used).
2. Change the remote network to use a different network address. With most setups, this entails changing the LAN on the VPN gateway (including DHCP settings if DHCP is used), and changing the IPs used by devices on the VPN gateway's LAN (or triggering a DHCP refresh, if DHCP is used). If the LAN is used in the VPN settings (such as for policies or firewall rules), these will need to be changed as well. Finally, change the remote network in VPN Tracker to match the new settings

If you decide to change the remote network, it makes sense to choose a private network that less commonly used. According to our informal statistics, conflicts are least likely using these networks:

• Subnets of 172.16.0.0/12
• Subnets of 192.168.0.0/16, excluding 192.168.0.0/24, 192.168.1.0/24 and 192.168.168.0/24

If these are not an option, use a subnet of 10.0.0.0/8, excluding 10.0.0.0/24, 10.0.1.0/24, 10.1.0.0/24, 10.1.1.0/24. However, since wireless network operators sometimes choose to use the entire 10.0.0.0/8 network, the first two options are preferred.

If you have a more sophisticated VPN gateway, in particular a SonicWALL, you may be able to set up an alternative remote network on the VPN gateway that is mapped 1:1 through Network Address Translation (NAT) onto the actual network. Users can then connect to this network instead if they have a conflict of networks. We have a guide available that describes this approach for SonicWALL devices.

If the conflict is caused by virtual network interfaces (e.g. Parallels, VMware), see here for more information.

VPN Tracker supports industry standard OpenVPN, IPsec (IKEv1 + IKEv2), L2TP, PPTP, SSL, SSTP, and WireGuard® protocols. This means that it will work with almost all devices supporting these types of VPN connections.

A list of tested devices is available on our website

What if my device is not on this list?

There are hundreds of VPN devices available on the market, and we'd love to offer device profiles for all of them. Unfortunately, it is impossible to test all devices. If your gateway is not in the list, it will probably still work with VPN Tracker.

Tip: Try out one of our custom protocol profiles to test your VPN connection free in VPN Tracker on Mac, iPhone or iPad.

To establish a VPN connection to a certain location (such as your office), you will need a VPN gateway at that location. This gateway could be a hardware VPN gateway device (see our compatibility page for compatible devices and setup guides).

The VPN gateway needs to be connected to the Internet (e.g. to a DSL modem or similar), preferably with a static IP address or it should be capable of using a service like DynDNS.org to map its dynamic IP to a hostname. Configuration is easiest if the VPN gateway is also the router (default gateway) of its network. If the VPN gateway is not the router of its network, a suitable routing setup may be necessary for traffic over the VPN to be routed correctly.

Configuration details can be found in the configuration guides for specific devices.

Symptom

As soon as you connect your VPN tunnel, Skype is not able to make calls any longer, however calls started prior to connecting the VPN continue to work.

Solution

Make sure the field Local Address is not empty. If it is, fill in a private IP address. A private IP address has the following form:

• 192.168.x.x
• 10.x.x.x
• 172.y.x.x

x: A number of the range 0 to 255.
y: A number of the range 16 to 31.

Only rule: It must not be an IP address from a remote network on the other side of the VPN tunnel (must not partially match an entry of the field "Remote Networks"), as choosing such an address will make the tunnel stop working (it will connect, but you cannot really reach anything over it).

Alternate Solutions

If the solution above does not fix your issues, make sure that

• DNS resolution still works once the VPN tunnel is up.
   
• Public Internet servers are still reachable once the VPN tunnel is up.
   
• In case of a Host to Everywhere connection, make sure the VPN gateway does not block any network traffic that is crucial for Skype to work.
   

Explanation

VPN Tracker creates a virtual tunnel interface for every VPN tunnel. Like any network interface, this virtual tunnel interface requires an IP address to be functional as an IP network interface. If your VPN gateway assigns you an IP address, the assigned address is applied to the tunnel interface. If not, the address you put into Local Address will be used. If you leave local address empty, the IP address of your primary network interface will be used.

In the last case, your system ends up with two interfaces with identical IP addresses. This is allowed and usually not a problem, unless a software does “stupid things”, like querying the network interface for a given IP address and then ignoring the order of precedence of the returned results.

Yes, NAT-Traversal is supported by VPN Tracker. VPN Tracker supports the current version of NAT-Traversal that uses UDP encapsulated packets on port 4500 (RFC 3947), as well as previous draft versions that send UDP encapsulated packets on port 500. In addition, Cisco's UDP encapsulation is also supported.

NAT-Traversal helps to establish VPNs from networks behind routers that perform Network Address Translation (NAT). Such routers can be found in many places: home DSL routers, wireless hotspots, Internet cafes, hotels, airports, etc. Many mobile ISPs (3G modems) also require NAT-Traversal to be used.

VPN Tracker automatically recognizes if NAT-Traversal is needed, and turns it on and off accordingly. It can even test your local router to see what NAT-Traversal method works best with it.

By itself, the IPsec protocol does not support usernames. If you were given a username from your network administrator for connecting to your corporate VPN solution, there are generally two possibilities:

• Your corporate VPN solution uses the term "username" for "identifiers". Please try to use your username as the "Local Identifier" in VPN Tracker.
• Your corporate VPN solution is using Extended Authentication (XAUTH). You can enable XAUTH in VPN Tracker. The software will then prompt for your username and password when the connection is being established.

Unfortunately, we cannot guarantee this. Secure networking is a complex subject. VPN Tracker is extremely reliable and is used by customers around the world. But there are some rare scenarios in which VPN connections cannot be established (e.g. when a firewall is set up to actively block VPN connections).

We recommend using the free trial version to test VPN Tracker with your particular network and usage scenario.

If you require any assistance setting up your VPN connection with VPN Tracker, you can contact equinux support at any time.

VPN Tracker Pro is a great asset if you are a consultant, a system or network administrator, or are working with multiple VPN connections:

• Export VPN connections for yourself and other users.
• Scan the remote network for services or to assist users.
• Connect to multiple VPNs at the same time.
• Manage a large number of VPNs using search, a condensed layout, and connection groups.
• Configure your Mac as a router to provide the entire network with a VPN tunnel using Network to Network connections.

Yes, as long as your VPN gateway uses Extended Authentication (XAUTH) to request the passcode, you can use any third party token with VPN Tracker.

Yes, this is possible. If you set up shared networking for the guest operating system it shares the network connection of your Mac and you can access all network resources that are accessible from OS X.

Note that if you are using remote DNS for your VPN connection, you will need to manually enter the DNS server in your guest operating system in order for it to work – there is no way for VPN Tracker to “transmit” this setting to the guest operating system

For information on how to set up VPN Tracker with Parallels, check out our VPN Tracker with Parallels Configuration Guide.

This depends on your settings. The most common setup is “Host to Network“, in which case only traffic to the specified remote network(s) will go through the VPN tunnel.

With a “Host to Everywhere” setup, all traffic – except traffic to the local network(s) – goes through the VPN. A Host to Everywhere connection requires a suitable setup on the VPN gateway.

• macOS 15.0 Sequoia
• macOS 14.0 Sonoma
• macOS 13.0 Ventura
• macOS 12.0 Monterey
• macOS 11.0 Big Sur
• macOS 10.15 Catalina
• macOS 10.14 Mojave
• macOS 10.13 High Sierra

As VPN Tracker has low-level access to your system, it is digitally signed and checks that the app has not been altered in any way every time you launch it. If VPN Tracker it looks as though changes have been made to the VPN Tracker app, you'll see that message.

Unfortunately other applications (e.g. Uninstaller/Deinstaller, Clean-Up Tools, and so on), that can cause this problem.

Should you repeatedly run into that issue, please send us a copy of your VPN Tracker app. Locate VPN Tracker on your harddrive, copy it to your Desktop and create a zip file (CTRL-/right click VPN Tracker, then choose "Compress VPN Tracker"). By comparing the broken copy we can find out what has been changed and offer advice how to prevent it from happening again.

Some kinds of software may cause issues with VPN Tracker:

1. Personal Firewalls / Desktop Firewalls
2. Protection Software (e.g Virus Scanners, Malware Protection)
3. Other VPN Clients / VPN Software (for example NCP Client)

Personal Firewalls usually ask the user, if an app should be allowed to send network traffic. It’s important to grant VPN Tracker full network access. If you have already added rules for VPN Tracker, please whitelist VPN Tracker.

Protection Software often sees VPN traffic as a potential source of threat, as it isn’t able to analyze that traffic because of its very strong encryption. Please ensure VPN Tracker is ignored by any protection software running on your Mac and allow VPN traffic to pass through.

Other VPN clients should not be a problem, if they are designed to co-exist with othe VPN apps. Unfortunately, not all other clients are and some capture all VPN traffic as soon as they are installed, even if the app is not running.
In these situations, you may need to uninstall the VPN client - we also suggest asking the vendor to improve its “cooperation” with other VPN apps.

Here are some common examples of the types of apps mentioned above. If you are uncertain whether any of these applications may be installed on your system, try the following:

• Open the app “Terminal”
• Copy and paste the following command: kextstat | grep -v com.apple

You’ll get a list of all kernel extensions that are not from Apple. Just compare that list with the identifiers in parenthesis below:

• Little Snitch
  (at.obdev.nke.LittleSnitch)
   
• TripMode
  (ch.tripmode.TripModeNKE)
   
• Sophos Anti Virus
  (com.sophos.kext.oas, com.sophos.nke.swi)
   
• Symantec Endpoint Protection / Norton AntiVirus
  (com.symantec.kext.SymAPComm, com.symantec.kext.internetSecurity, com.symantec.kext.ips, com.symantec.kext.ndcengine, com.symantec.SymXIPS)
   
• Kaspersky Internet/Total Security
  (com.kaspersky.nke ,com.kaspersky.kext.kimul, com.kaspersky.kext.klif, com.kaspersky.kext.mark)
   
• Intego Mac Internet Security
  (com.intego.netbarrier.kext.network, com.intego.virusbarrier.kext.realtime, com.intego.netbarrier.kext.process, com.intego.netbarrier.kext.monitor)
   
• Fortinet FortiClient
  (com.fortinet.fct.kext.avkern2, com.fortinet.fct.kext.fctapnke)
   
• Cisco Advanced Malware Protection (AMP)
  (com.cisco.amp.nke, com.cisco.amp.fileop)
   
• TUN/TAP based VPN Clients
  (net.sf.tuntaposx.tap, net.sf.tuntaposx.tun)
   
• eset Security Products
  (com.eset.kext.esets-kac, com.eset.kext.esets-mac und com.eset.kext.esets-pfw)
   

Testing VPN throughput using a remote file share is usually not a good idea for two reasons:

The first reason is the file sharing protocol itself. File sharing protocols like SMB, AFP, or NFS have been designed for local networks that are fast, reliable, and have a very low latency. The Internet on the other hand is slow (at least the connection to it), unreliable and has a very high latency. For realistic results, you need to use a protocol that was optimized for such a situation, like HTTP or FTP.

The second reason is the implementation of the file sharing protocol. Today most file shares use SMB, the Windows file sharing protocol. Apple has its own implementation of that protocol but this implementation is anything but good. While the SMB 3.x implementation is already poor, the SMB 1.x/2.x implementation (compatibility mode) is horrible, and for several reasons macOS will often fall back into that compatibility mode. When testing with a local NAS file share, we got 28 MBps using SMB 3 and only 18 MBps using SMB 1, compared to 50 MBps using AFP.

If you have a Mac at the remote side, it’s pretty easy to setup a benchmark HTTP server. All you need is to open the standard application “Terminal” (use spotlight to find it) and then run the following set of commands (every command is confirmed by Return/Enter):

mkdir /tmp/www-bench
cd /tmp/www-bench
dd count=1048576 bs=1024 if=/dev/random of=1GiB.dat
php -S 0.0.0.0:8080

The First command creates a new directory, the second one enters that directory, the third one creates a 1 GiB data file filled with random data, the last one starts a primitive HTTP server that serves the content of the current directory at port 8080. Now your VPN users can just open this address in Safari (or any other browser):

http://a.b.c.d:8080/1GiB.dat

Where “a.b.c.d” is the IP address of the Mac where you just typed the commands above. By watching the transfer speed in browser, you get a good idea of how capable your VPN is. Of course, this is limited by many factors, like the speed of your local Internet connection, the speed of the remote Internet connection, and the CPU power of the VPN gateway (which is usually far less than the CPU power of a Mac).

To clean up after the test, activate the terminal window again and hit CTRL+C to stop the HTTP server, and finally run the following two commands:

cd
rm -r /tmp/www-bench

VPN Tracker strictly follows Apple’s recommendation regarding where to place its files, so you will find VPN Tracker files only in standard system locations where they belong. Depending on the fact if these are system-wide or per-user files, they are either found in /Library (system-wide) or ~/Library (per-user), where ~ is a placeholder meaning "home of the current active user".

To access the system-wide library folder:

‣ In Finder Choose "Go" > "Go to Folder ..." 
‣ Enter /Library

To access the user library folder:

‣ In Finder Choose "Go" > "Go to Folder ..." 
‣ Enter ~/Library

Tip: Also remember to check your Keychain for VPN Tracker items (search for "VPN Tracker")

Note: Some of these files may be currently loaded by the system, and some may be cached. To make your system as clean as if VPN Tracker had never been installed on it, you will also need to uninstall the application itself and then reboot your system. After the reboot, the system will automatically remove any remaining VPN Tracker components not mentioned above, as those reference the application itself and will vanish as soon as the application is gone (some of those can otherwise not be deleted).

VPN Tracker Personal Safe is secure encrypted cloud storage for your personal VPN connections and shortcuts.

How to save a connection in Personal Safe

Not sure if your VPN connection is backed up? The safe icon in the connection list indicates whether a connection has been stored in your Personal Safe:

To add a connection to your Personal Safe, simply right click the connection and select 'Add to Personal Safe' for access across all your devices.

Why should I use Personal Safe?
VPN Tracker Personal Safe makes using VPN more reliable and secure:

Security
Personal Safe adds an additional level of security to your connections: all your connection details are encrypted using a highly-secure key (Argon3 + PKTNY) that only you can unlock.

Backup
Lost iPhone? Broken Mac? Personal Safe keeps your connections safe, so you can instantly get them on your replacement device. Sign in with your secure key and they are instantly downloaded and ready to go.

Use your connections on all your devices
iMac at home and iPad for the road? Your Personal Safe keeps your connections synced across all your devices – securely and effortlessly.

How are connections stored?
When you add a connection to your Personal Safe, it is encrypted using your personal encryption keys and then uploaded to a secure cloud storage location. It can only be accessed with your user credentials and encryption key.


Is Personal Safe secure?
Personal Safe has been designed from scratch for VPN connections. Unlike other storage systems that rely on passwords and leave files unencrypted, Personal Safe encrypts all your connections with keys that only you can use.

That means connections are

• Encrypted on your device and
• Stored on encrypted storage at my.vpntracker.com that only you can access

Even if someone could get access to your Personal Safe, the key-based security means they can't access the encrypted connection information without your password.

We've designed the system so no-one (including the VPN Tracker team) can access or unlock your connections.

SonicWalls distribute IP addresses using the DHCP protocol. Once the VPN tunnel itself has already been established, the VPN client must perform a DHCP exchange to obtain an IP address and use this IP address for all traffic sent over the VPN tunnel. There are two reasons why this can fail:

1. The SonicWall never received your DHCP request (DHCP-Discover). That would be the case if there is an issue with the VPN tunnel itself not working properly.
   
   Try these:
   • Re-run the VPN Tracker Connection Checker from the "Tools" menu. Then try connecting the VPN again. This will let VPN Tracker automatically detect the best settings for your internet connection.
      
   • Make sure that you have no software installed that blocks VPN traffic in general. Please see this FAQ entry for more details.
      
2. The SonicWall doesn’t want to reply to your DHCP request. The DHCP protocol is designed in such a way that there can be multiple DHCP servers per network and only those who think they can fulfill a request will also respond to it, all others will stay silent (there is no “negative” response for discover requests).
   
   Try these:
   • Try rebooting the SonicWall. SonicWalls are pretty stable but we’ve seen it a couple of times that the DHCP server is acting strange, as if all IP addresses are reserved, yet that’s not what you will see in the web interface. Rebooting will fix that behavior at once.
      
   • Make sure you have sufficient addresses left in the address pool. If the pool is too small and all addresses are in use or reserved, it is expected behavior that the SonicWall doesn’t respond.
      

If you are an existing VPN Tracker customer and want to upgrade to VPN Tracker 365, you can simply install VPN Tracker 365 and your connections will automatically be imported:

Download VPN Tracker 365

Once you have VPN Tracker 365, you can purchase a VPN Tracker 365 plan.

VPN Tracker is licensed per user. That means each person using VPN Tracker needs their own license.

If colleagues or other team-members also need to use VPN Tracker, you can upgrade your subscription with additional licenses and assign these using Team Management.

• {FAQ_1195}
• {FAQ_1196}
• {FAQ_1197}
• {FAQ_1198}
• {FAQ_1199}

We offer a free trial version of all available VPN Tracker plans so you can test your VPN connections with VPN Tracker before purchasing. VPN Tracker Mac Trial licenses are valid for 7 days and offer the exact feature set of the appropriate plan so you can fully test all features of the plan. You're able to test all connections and protocols to ensure your connections works before purchasing. If you are happy with VPN Tracker, you won't need to do anything to continue using it. All your created connections and settings will remain in the app and the trial license will convert to a paid license after the trial period. Otherwise you can cancel your trial license up to 24 hours before the end of the trial period.

Get the free VPN Tracker trial

Purchasing through our online store is perfectly safe. All transferred information is encrypted via HTTPS - so it is secured against any potential threats.

• Go to my.vpntracker.com and sign in with your equinux ID and password.
• Under "My Subscriptions" in the sidebar menu, you'll see a list of your current VPN Tracker 365 plans.
• Activate automatic renewals to ensure your license is renewed at your current rate.
• Alternatively, you can let your current license expire and then purchase a new plan at the new customers rate from our online store.

If you are an existing VPN Tracker customer and want to upgrade to VPN Tracker 365, you can simply install VPN Tracker 365 and your connections will automatically be imported:

Download VPN Tracker 365

Once you have VPN Tracker 365, you can purchase a VPN Tracker 365 plan.

What's the point of a VPN?

Secure data

How do you establish a VPN connection?

• VPN Tracker 365: Download here
• An internet connection
• A VPN Router/Gateway

Create a new connection

‣ Click on the plus symbol in the bottom left corner:

‣ Choose: "New Company Connection"

Choose your VPN Router

‣ In the list of VPN Gateway vendors, choose the manufacturer and model of your VPN router. In case your VPN router does not appear in the list, try the following:
‣ Choose "Use custom device profile." 
‣ Click on "Create" to add your VPN connection.

Your configuration guide

Configuration guides for configuring VPN Tracker with Cisco devices are available here.

Configuration guides for Cisco Small Business (Linksys) devices are available here.

Import of Cisco IPsec VPN Client Configuration Files (.pcf)

Cisco VPN Client configuration files that use group password authentication can be imported into VPN Tracker:

‣ "File" > "Import 3rd Party Configuration" > "Cisco .pcf"

If you need to transfer a license to another equinux ID, you can easily do this yourself at my equinux.

‣ First log in with your equinux ID and password: http://my.equinux.com
‣ Click the checkboxes for each product that you want to transfer
‣ Click the "Transfer" button below and enter the equinux ID or email address of the new license owner and click next.       
‣ Finally click "Confirm" to complete the transfer. The system will transfer the license, display a message and email both the old and new license owner that the license has been transferred.

With one of the more recent firmware updates Secure Computing changed their implementation of the VPN related standards. These changes break VPN Tracker's ability to successfully establish a phase 2.

The problem has been resolved by Secure Computing in firmware 7.0.0.07. (epatch 7.0.0.06.E35)

SonicWALL Simple Client Provisioning requires VPN Tracker to send an initial data packet to the VPN gateway that is so large that it may be split ("fragmented") into two IP packets. Some routers are known to not let these packets pass.

If a router between VPN Tracker and the SonicWALL is affected by this problem, you (or your SonicWALL's admin) will notice no connection attempt arriving at the SonicWALL when Simple Client Provisioning is turned on (i.e. there will be nothing in the SonicWALL's log, and a packet trace will show no packets from VPN Tracker), but everything will work fine with DHCP over IPsec.

Routers known to have these problems:

• AirPort Extreme with firmware versions prior to 7.3.1, works when upgraded to 7.3.1

With VPN Tracker 365 you can create a team under https://my.vpntracker.com and assign each team member a VPN Tracker 365 Plan.
This will not give each team member access to your equinux ID. The team members will only see their assigned plan in their own equinux ID after logging in to https://my.vpntracker.com. You will stay the only admin of your equinux ID.

For a certificate to be available in the "Local Certificate" list, it must be present in the Mac OS X Keychain with its corresponding private key.

You can easily check this in the Keychain Access application: If a certificate is listed under "My Certificates" (and not just "Certificates"), its private key is available and you will be able to select it in VPN Tracker as the "Local Certificate".

Important note for CheckPoint VPN users:

The Mac OS X Keychain Access application currently does not understand how to read private keys from some CheckPoint generated certificates.

To properly import the certificate into the Mac OS X Keychain, first convert it using the openssl command line tool:

1. Open a Terminal ("Applications" > "Utilities" > "Terminal")
   
   
2. Convert the certificate to PEM format:

     openssl pkcs12 -in /Users/joe/Desktop/MyCheckPointCert.p12 -out /tmp/out.pem
   

   Replace /Users/joe/Desktop/MyCheckPointCert.p12 with the path to the actual certificate that you want to convert.

   You will first be asked for the password that the certificate is encrypted with. If you do not know it, please ask the administrator who has created your certificate for you. You will then be asked twice for the password that will be used to protect the exported PEM file. You can use the same password that the original certificte was encrypted with. Note that no characters will appear on screen while you type in your passwords. Simply type the password and press the return key.

3. Convert the PEM file back to PKCS#12 (.p12) format:

     openssl pkcs12 -in /tmp/out.pem -export -out ~/Desktop/MyFixedCheckPointCert.p12
   

   Replace /Users/joe/Desktop/MyFixedCheckPointCert.p12 with the path where you want the fixed certificate to be stored.

   You will first be asked for the password that you have just used for exporting to the PEM file, and then for a password to protect the fixed .p12 file with. You can again use the same password for everything.

Now double-click your fixed certificate file to import it into the Mac OS X keychain.

Your equinux ID is your personal account at equinux. You can use it to purchase and activate products & licenses.

The first time you shop in our online store, you'll be asked to create an equinux ID. After your purchase, software licenses are automatically linked to your equinux ID and can be activated by simply entering the same equinux ID and password you used during purchase.

Retail boxes and certain products may still require an Activation Code. Once entered, the product will be linked to your equinux ID.

If you have forgotten your equinux ID and/or password, use our login & password retrieval form.

Our activation process requires that your Mac accepts cookies.

‣ To check this, please open up Safari. 
‣ Click on "Safari" in the main menu at the very top of the screen.
‣ Choose "Preferences." 
‣ Select the "Privacy" tab and verify that cookies are always accepted. 
‣ Make sure JavaScript at "Security" is also activated. 
‣ Please close Safari.
‣ Restart the application and retry the activation.

Don't worry – it happens to all of us!

Just head on over to our login retrieval page, enter your equinux ID or email address and we'll send you your details.

Recently changed your e-mail address? Send us a message!

The following article describes where VPN Tracker stores its data in case you need to make manual backups instead of using Time Machine.

VPN Tracker stores all its data files in the standard system locations as recommended by Apple. Depending on the fact if these are system-wide or per-user files, they are either found in /Library (system-wide) or ~/Library (per-user), where ~ is a placeholder meaning "home of the current active user".

To access the system-wide library folder:

• In Finder Choose "Go" > "Go to Folder ..."
• Enter /Library

To access the user library folder:

• In Finder Choose "Go" > "Go to Folder ..."
• Enter ~/Library

VPN shortcuts, all information related to your equinux ID, accounting data, scanner results, and window positions are per-user settings.

For a full backup of all your settings, you need to backup the following files and folders:

• /Library/Application Support/VPN Tracker 365
• /Library/Preferences/com.vpntracker.365mac.plist
• ~/Library/Application Support/VPN Tracker 365
• ~/Library/Preferences/com.vpntracker.365mac.plist

Backup your keychain
Please note that passwords in VPN Tracker are usually not stored in any of the locations named above but in your keychain. If you have no external backup of all your passwords, be sure to also backup your keychains which can be found in ~/Library/Keychains

Please go to"Configure" > "Advanced" > "Additional Settings"

• Always prompt for XAUTH credentials is not checked.
  If this option is checked, VPN Tracker will in fact always prompt you, whether it finds credentials in your keychain or not.
   
• Use stored XAUTH password as passcode is not checked.
  If this option is checked, VPN Tracker assumes that the password stored in keychain is in fact a passcode and it will only hand it out to the gateway if the gateway asks for a passcode. If it asks for a password instead, VPN Tracker doesn’t have any such info and thus asks you to please provide one.

Current Firmware (Fireware XTM)

WatchGuard Firebox X Edge e-Series devices with Fireware XTM (Fireware 11) are fully supported in current versions of VPN Tracker. For details please see our configuration guide.

Older Firmware

Devices running an older firmware may often work using the following setup. Please note however that we can't guarantee that this setup will work in all cases.

Start by creating a new user on the Firebox Edge and then configure MUVPN support for this user.

In VPN Tracker, use a "Custom Connection" device profile as the basis for your new connection.

Map the WatchGuard settings to your VPN Tracker configuration as shown in the table below:

The following settings are independent of your specific MUVPN configuration:

• Local Identifier Type: Email (even if it is a name and not an email address)
• Exchange Mode: Aggressive
• Phase 1 Diffie-Hellman Group: Group 2 (1024 bit)
• Perfect Forward Secrecy (PFS): off

Finally make sure the that VPN Tracker's "Network" setting is set to "Host to Network", and the correct Remote Network (i.e. the network that you want connect to through the VPN) is used (e.g. 192.168.1.0/255.255.255.0).

With both SMB (Windows File Sharing) and AFP (Apple File Sharing), low latency connections are key to achieving good performance. This is of course assuming that you already have a connection with reasonable bandwidth in between the two VPN endpoints (this can be easily verified by transferring a larger file through HTTP or FTP).

Using SSL VPN? Switch to IPSec

In comparison to SSL VPN, IPSec is able to offer much faster connection speeds as it runs on the network layer – level 3 of the OSI – meaning it’s much closer to the physical hardware. This will give you a faster VPN performance.

Learn more in this blog post.

Finder Settings

If you are using the Finder and the issue is mostly with listing folders (but not so much when actually copying files), try turning off icons/icon previews in the Finder's View Options (Cmd-J).

Reducing Latency

If you experience performance issues both when listing folders and when transferring files, your aim should be to reduce latency. Some ways to reduce latency include:

• Avoid high-latency Internet uplinks (e.g. satellite, some types of wireless providers, line aggregation, ...).
• When using a DSL line, see with your ISP if you can get "fast path" enabled (= interleaving turned off). ISPs sometimes market this as an option for online gaming, but it's also very helpful for AFP/SMB or connecting to some types of database backends.
• Make sure VPN traffic is appropriately prioritized in order not to be slowed down by someone else using the same Internet connection.

To measure latency between the two endpoints of the VPN, use ping to a host on the other end of the connection (or, when pinging from the client end, ping the VPN gateway). For your convenience, VPN Tracker has a ping utility built right in, it can be found in the Tools menu.

To measure latency of each endpoint's individual uplink, it's often helpful to do a ping the local router (to make sure there are no unnecessary latencies introduced in the local network) and the ISP's first router (to get an idea if enabling fast path or switching ISPs may be a suitable measure to decrease latency).

If you cannot reduce latency any further:

If you are in a situation where you cannot reduce latency any further (or where the base latency from the distance between the two endpoints itself is so large local measures won't make much difference), consider switching to a file transfer protocol that is less vulnerable to latency, e.g. WebDAV or FTP, or use measures such as reducing the number of files and folders in a hierarchy to increase performance.

If you're running FortiOS 3, please make sure you are running at least MR6 patch 2. Previous firmware releases have an issue that will cause the device to respond incorrectly to VPN Tracker's attempts to use XAUTH in combination with an Aggressive Mode based connection.

SonicWALL Simple Client Provisioning with VPN Tracker is available with all SonicWALLs running SonicOS 4.0 or newer and all editions of VPN Tracker.

If you are still using VPN Tracker 6 or earlier, Professional or Player Edition is required.

SonicWALL Simple Client Provisioning enables VPN Tracker to automatically retrieve the settings for the VPN connection from supported SonicWALL VPN gateways. For most users, it is only necessary to configure the SonicWALL's WAN IP address in VPN Tracker – everything else happens automatically.

For a list of supported SonicWALL devices, please refer to this FAQ.

For a list of compatible devices, please refer to this page.

If you router is not in the list please refer to this FAQ and the VPN Tracker manual for help determining compatibility.

Please note that the local router (i.e. the router at the location where your Mac with VPN Tracker is) in most cases does not have to be specifically compatible with VPN or VPN Tracker. Almost all routers work fine with VPN Tracker.

One of our customers has kindly provided instructions on how to integrate Cisco EasyVPN and VPN Tracker with a DMVPN setup:

EasyVPN Server and DMVPN Hub on 1 Cisco router tutorial

Using VPN Tracker 5 with a Cisco Easy VPN Server

When connecting via SonicWall SCP or SonicWall IKEv1 with DHCP, VPN Tracker 365 for Mac requests an IP address from the SonicWall gateway using the DHCP protocol. For this request, VPN Tracker 365 modifies the MAC address slightly, making it different from the actual MAC address of your device. This allows administrators to assign a fixed IP address when your Mac is connected via LAN or WiFi and a different IP when it’s connected through VPN.

This modification sets a specific bit in the MAC address, marking it as a self-assigned address rather than a factory-assigned one.

Example:
Original MAC address: 00:1B:63:B7:42:23
VPN Tracker MAC address: 02:1B:63:B7:42:23

Starting with macOS 15 Sequoia, Apple defaults to using a rotating MAC address for WiFi connections, labeled as a “Private Wi-Fi Address” in System Settings. To prevent connectivity issues related to this feature, VPN Tracker 365 reports the actual hardware address (with the minor modification described above) instead of the one used in “Rotating” or “Fixed” modes.

On iOS, VPN Tracker cannot retrieve a MAC address directly. Instead, it generates a random value once and stores it for future use. VPN Tracker for iOS then uses this stored value as the MAC address.

Parallels

Go to "Preferences" > "Network" in Parallels and change the DHCP ranges for Shared and/or Host-Only Networking so they no longer conflict with your VPN's remote network.

VMware Fusion

A PDF with instructions can be downloaded from the VMware community forums:

• VMware Fusion 3.x
• VMware Fusion 1.x/2.x

IPsec VPN uses a different protocol (ESP) for the actual data transfer than for establishing the connection (IKE). Since the ESP protocol does not use network ports, NAT (Network Address Translation) routers may have difficulties handling it correctly. Only NAT routers that support "IPSec Passthrough" (sometimes also named "VPN Passthrough" or "ESP Passtrhough") and where this option is also enabled, can handle ESP data packets.

To work around this problem, two alternative tunneling methods exist:

• NAT-Traversal (old, RFC draft version)
• NAT-Traversal (new, RFC standard version)

Which of these methods will work with your connection depends on two properties:

1. Which of these methods allows traffic to pass through your local Internet router.
2. Which of these methods are supported by your VPN remote gateway.

To test for the first property, VPN Tracker will automatically establish three VPN test connections to a VPN gateway hosted by us whenever it detects a new router that has not been tested before. One connection uses plain ESP, the other two either NAT-T method mentioned above. It will remember the test results for this router and take them into account whenever you start a connection from the network location. The reason we are testing with our own gateway is simply that the test requires a gateway supporting all three methods, with a known configuration and a simply way to verify if traffic did arrive at that gateway.

The second property is not tested in advance, VPN Tracker will become aware of that information when it actually tries to connect to your VPN gateway. VPN Tracker will compare the methods your gateway supports with the stored test results. If there is a match, a method that your gateway supports and that was also working during the test, this method will be used. If there is no match, VPN Tracker will immediately stop and show an appropriate error in the log, explaining the situation.

If you suspect a NAT-Traversal issue or you think the previous test results may be wrong or outdated, simply re-run the test:

‣ Make sure NAT-Traversal (Advanced tab) is set to Automatic
‣ Go to "Tools" > "Test VPN Availability"
‣ Click "Test Again"
‣ Wait until the test has completed, then connect to your VPN

The test dialog also allows you to tell VPN Tracker to not test the current location and forget any previously created test results. This is rarely needed and also not recommended but there might be situation where the test results are wrong because access to our VPN gateway is not possible (e.g. it is blocked) and thus the test result are just bogus and say nothing about the true capabilities of your VPN gateway.

Once you have decided which product to purchase, the next step is to proceed to our Online Store and place your order. We accept all major credit cards, PayPal and bank transfers or checks, depending on your country.

After your order has been processed you will receive a confirmation for your purchase. This will confirm the items purchased, and additional payment instructions if you're paying via bank transfer or check (in those cases you will also receive an additonal email confirming your payment when it has been processed.)

In the purchase confirmation email you will also receive additional information like the download links for your purchased apps.

If your credit card is being refused, please check the following information, for possible mistakes or mismatches :

• Please check the credit card number you have entered carefully for possible typos
• Make sure the expiration date entered is correct
• Check whether the security code you entered matches the code on your card: American Express cardholders can find the 4-digit code on the front of their card, other cardholders can usually find a 3-digit code on the back.
• Try another credit card, if you have access to one
• If you are certain your information is correct and your card is still not being accepted, it might be due to a technical issue with our credit card gateway. Please try again later.

As a reseller you can purchase VPN Tracker 365 plans and resell them to your customers.

There are three possible causes for this:

1. equinux is constantly improving VPN Tracker 365 and as a result VPN Tracker has a high update frequency. Especially if you don’t use VPN Tracker on a daily basis, it’s not unlikely that we already released an update since the last time you were using VPN Tracker. Sometimes there are less than 24 hours between updates, especially with security fixes where it's critical they are released as soon as possible.
    
2. If you were using an older VPN Tracker version, it may be required to install an intermediate update first before you are be able to install the most up-to-date version. In that case you may install an update and directly on next launch VPN Tracker may offer another update.
    
3. You might have multiple copies of VPN Tracker installed on your system. For technical reasons updates to VPN Tracker 36517.0.6 and below have to be installed using the system installer and if multiple copies of VPN Tracker exist on your system, the installer may choose to update the wrong copy. To solve that problem:
    

   ‣ Place a copy of VPN Tracker into a dedicated folder (we recommend the Applications folder).
    
   ‣ Use Spotlight to find copies in other folders.
   (Hold down the CMD key in Spotlight to quickly see the location of a hit)
    
   ‣ Delete all copies that are not in the dedicated folder.
    
   ‣ Finally start VPN Tracker from the dedicated folder and re-apply the update.
    

   
    

You can manage all of your VPN Tracker plans after logging in to our website https://my.vpntracker.com using your existing equinux ID and password.

Here you will find all information about your subscriptions and payments and can manage your colleagues' VPN Tracker plans.

• IPsec
• IKEv2 (Beta)
• L2TP (only macOS)
• PPTP (only macOS)
• OpenVPN
• SSTP VPN
• Cisco AnyConnect SSL VPN
• SonicWall SSL VPN
• Fortinet SSL VPN
• WireGuard® VPN

We ask for your email address in order to track the flow of our downloads and, if selected, send you news and updates about the product you've downloaded.

All information collected by equinux is used internally and will never be shared with any third parties without your permission. For more information about equinux's stance on privacy and security, please refer to the equinux Privacy Policy.

If you do not want to receive our newsletter, just unsubscribe using the link at the bottom of every newsletter you receive.

VPN Tracker supports X.509 certificates (RSA Signatures) and smart cards using X.509 certificates (PKI tokens) for authentication.

For more information, see the VPN Tracker manual.

Are you seeing a 'Server certificate' error message whilst activating your equinux software?

One likely cause is your system's date & time: Make sure your system clock is set correctly by checking 'Set date & time automatically' under System Preferences > Date & Time.

We also use a fairly new security certificate to protect your data. However, older versions of OS X might not immediately recognize the certificate.

To make sure OS X will recognize the certificate, you could try one of the following two fixes:

Run Software Update

‣ Go to the System Preferences and select "Software Update"
‣ Install any available system updates 
‣ Afterwards, restart and try activating again

Disable your firewall

Please make sure you are not running any firewalls which may block access to our activations server. Applications you may wish to disable temporarily include:

• Mac OS X Firewall
• LittleSnitch (Litte Snitch Configuration - Preferences … - General - Stop)
• Intego NetBarrier

Disable your proxy

In some cases the use of proxies may interfere with certain certificates stored in your Keychain.

‣ Open System Preferences
‣ Go to the "Network" section
‣ Choose your network connection and click "Advanced…"
‣ Uncheck any proxies you may have configured and click "Ok"

Check your Keychain

‣ Open: "Application" > "Utilities" > "Keychain Access" 
‣ Select "Keychain Access" > "Keychain First Aid"
‣ Enter your OS X account password, select Repair on the right and hit Start

Install the root certificate manually

• Download the latest Let's Encrypt root certificates
• Double-click to add the certificate to your Mac's keychain
  Tip: If you have multiple users on the Mac, add it to the 'System' keychain to fix this problem for all users
• Double-click the new entry "ISRG Root X1" to open the trust settings
  
  
  
  
• Under "Trust", choose "Always trust"
  
  
  
  
• Close the window and confirm with your Mac user password

You should now be able to activate your software using your equinux ID and password.

VPN Tracker 9 & VPN Tracker 10

VPN Tracker is a 100% 64 bit application and runs great on 64 bit systems.

VPN Tracker has three settings that can speed up connecting to Cisco devices and improve compatibility.

• Establish a shared tunnel to 0.0.0.0/0 for split-tunneling
• Send Cisco firewall attribute
• Use ... as the application version during Mode Config

Note: All settings described on this page require VPN Tracker 6.2 or newer.
 

Establish a shared tunnel to 0.0.0.0/0 for split-tunneling

What does this setting do?
In a split-tunneling setup using EasyVPN, VPN Tracker will no longer establish an IPsec Security Association (SA) to each remote network, but establish a single SA to 0.0.0.0/0. Split-tunneling is achieved only through an appropriate routing setup. This can speed up the connection processes significantly for connections with multiple remote networks.

When should I use this setting?
The setting works with most Cisco devices that use EasyVPN and a split-tunneling setup.

How can I try it?

On the Advanced tab, uncheck the box “Establish a separate tunnel for each remote network” (see screenshot)
Make sure the box “Establish a shared tunnel to 0.0.0.0/0 for split tunneling” is checked (see screenshot)

If your connection does not work with this new setting, simply revert back to your previous setup by checking the box “Establish a separate tunnel for each remote network”.

Send Cisco firewall attribute

What does this setting do?
This setting causes VPN Tracker to send a special attribute during EasyVPN indicating the presence of a firewall.

When should I use this setting?
You can try enabling this setting if your current EasyVPN-based connection to a Cisco device gets dropped at phase 2 (“The VPN gateway asked VPN Tracker to disconnect...” error).

Use ... as the application version during Mode Config

What does this setting do?
This setting causes VPN Tracker to send a different application version than the default “VPN Tracker 6” during EasyVPN and Mode Config.

When should I use this setting?
You can try setting a different application version, e.g. “Cisco Systems VPN Client 4.8.0:Linux” if your current EasyVPN-based connection to a Cisco device gets dropped at phase 2 (“The VPN gateway asked VPN Tracker to disconnect...” error).

Yes, VPN Tracker supports IPsec (IKEv1 + IKEv2), L2TP (Mac only), PPTP (Mac only), OpenVPN, SonicWALL SSL VPN, Cisco AnyConnect SSL VPN, Fortinet SSL VPN, SSTP VPN, and WireGuard® VPN (Beta - learn more). Additional protocols are on our roadmap.

WireGuard is a registered trademark of Jason A. Donenfeld.

If you have entered information or have started to apply settings in your application demo, those changes will remain unchanged - even after activating the software.

A Technical Support Report contains your VPN Tracker settings and relevant network and system settings that our technical support team needs to be able to assist you quickly. Confidential data (e.g passwords, pre-shared keys, private keys) are not included in a Technical Support Report (TSR).

How to create a Technical Support Report on a Mac:

‣ Click on your VPN connection in VPN Tracker 365.
‣ In the bottom right corner under the "Status" tab, you will see the TSR button.
‣ Click the button to generate the report and follow the instructions to send to our support team.

‣ Tap on the connection. The connection card appears.
‣ Tap on “Feedback”
‣ Provide a short description of the connection problem
‣ Tap on Send

If you have an issue connecting to the VPN in the first place, please make a connection attempt right before creating the Technical Support Report, then create the Technical Support Report as soon as the connection attempt has failed.

If you can connect to the VPN, but something is not working right after the connection has been established, please establish the VPN connection, then create the Technical Support Report while the VPN is connected.

You can either email the report directly to our support team from VPN Tracker 365, or save it to email later or from a different computer, or to upload it using the contact form on our website:

Whenever possible, also include screenshots of the VPN setup on your VPN gateway.

Are you using virtualization software, such as VMware, Parallels or VirtualBox? These software products create network interfaces for their internal networking needs, and sometimes the network addresses they choose happen to conflict with the remote network of a VPN connection. Even if you are not currently using this software (but have it installed or not completely uninstalled) their network interfaces exist and can cause conflicts.

To find out which network interface is causing the conflict:

1. Attempt to connect to your VPN (so the error message appears in the VPN Tracker log)
2. Set the log level in VPN Tracker to “verbose”
3. Look for a line that says
   Remote network ... conflicts with local network ... of interface ...

This is the network interface that is causing the problem. On most Macs, “en0” will correspond to the Ethernet interface and “en1” to the AirPort interface. Any other enX interfaces are either from virtualization software, or from additional network hardware (e.g. USB network adapters/modems). Network interfaces whose names start with “vboxnet” generally belong to VirtualBox and network interfaces starting with “vmnet” to VMware.

• If the network interface is a "real" interface, see this FAQ for more information.
• If the interface is virtual, change the network address(es) used by the virtualization software. More information can be found in this FAQ.

Such a setup is called “Host to Everywhere” in VPN Tracker. All non-local traffic will be sent through the VPN. For this setup to work, it must be properly configured in VPN Tracker and on the VPN gateway:

1. The Network Topology must be set to “Host to Everywhere” in VPN Tracker
2. The VPN gateway must accept an incoming VPN connection with a 0.0.0.0/0 (= everywhere) endpoint

Once these are configured, it should already be possible to establish the VPN connection. However, it is very likely that Internet access will not yet work. For Internet access to work, several more things need to be configured on the VPN gateway:

1. The VPN gateway must route VPN traffic not destined for its local networks out on the Internet
2. This traffic must be subject to Network Address Translation (NAT) in order for replies to reach the VPN gateway
3. In many cases, a suitable remote DNS setup is necessary for DNS resolution to continue to work

Note that not alll VPN gateways can be configured for Host to Everywhere connections. Most devices designed for small office or home networks (e.g. devices by NETGEAR or Linksys) are not capable of dealing with Host to Everywhere connections.

There are multiple passwords that VPN Tracker may require: Your admin password for installation, passwords needed for connecting to your VPN or accessing your Keychain, etc.

This guide shows all password prompts you may encounter in VPN Tracker, explains why they are needed and lets you know which password should be entered.

Administrator password prompts

VPN Tracker will occasionally require you to enter an administrator password - for example during the macOS installation process in order to approve the System Extension needed to allow VPN Tracker to work effectively.

Account + licensing

To log in to VPN Tracker on Mac or iOS, or to log in to your account on my.vpntracker.com, you will need to enter your equinux ID and password. This password gives you access to your VPN Tracker account where your plan, team data, connections and device information is stored.

Pre-Shared Key

Many VPN connections are secured using a Pre-Shared Key (PSK) or Shared Secret which is set on the VPN gateway during the configuration process. You need to enter the PSK in VPN Tracker in order to connect to your VPN.

If you are not the administrator of your VPN gateway, contact the admin for assistance. Tip: Admins can share pre-configured VPN connections using TeamCloud to avoid PSK confusion at enduser level.

Extended Authentication (XAUTH)

Most VPNs have a list of permitted VPN users - e.g. members of staff. Each VPN user has their own unique username and password which they need to enter in order to connect to the VPN. These are often the same credentials you use to sign in at the office. If you're not sure, get in touch with your admin who can advise you further.

You need to enter your equinux ID and password to activate most equinux applications. However sometimes applications will also require you to enter your Mac OS X user password in order to access certain required system components.

So if you see a window like the one below, you'll need to enter the username and password of an Administrator account on your Mac to proceed, not your equinux ID and password.

1. Go to my.vpntracker.com and log in with your reseller ID
2. Navigate to the Reseller section in the left hand menu, here you will see all of your orders and the plans you purchased with each order.
   
3. Next to the license(s) you want to Transfer to a customer select "Transfer all..."
   Please note, this button will only appear if the license is available for transfer.
   
4. Enter the email address of the customer you are transferring the licenses to and press "Transfer".
   

• If you haven't already, you can download VPN Tracker using this link.
• After the download has completed, launch the app and click the "Login" button in the top left-hand corner of the app home page.
• Enter your equinux ID and password in the space provided. Hint: This is the login you first created when purchasing VPN Tracker in our online store.

Are you a World Connect User?

You will need to download VPN tracker World Connect. You can do so using this link. VPN Tracker World Connect must be installed using the App Store. Once you've installed the app on your device, sign in with your equinux ID and password.

You can retrieve your equinux ID or password using this form.

If you don’t receive the email* containing your information, please note that the email may have mistakenly been marked as spam or junk mail, so be sure to check your email filters.

If you are unable to retrieve your username and password using the retrieval form, please contact the support team for assistance. When contacting us, please provide your old and new email adresses.

* Please note that the email will be sent to the address active on account. If your email address has since changed and you no longer have access to the previous account, you will need to contact the support team for assistance.

The Blowfish and CAST-128 encryption algorithms have been removed in OS X 10.8 Mountain Lion. They continue to be available when VPN Tracker is running on OS X 10.7 Lion and earlier.

If you're having trouble resizing the VPN Tracker window—especially if it seems to “bounce back” when you try to make it smaller—this is likely due to macOS’s built-in window management features.

Here’s what you can do:

1. Disable macOS window tiling:
   macOS Sequoia includes automatic window tiling, which can cause a bounce-back effect when resizing, making windows jump back after adjusting their size. This can interfere with custom window resizing. To turn off automatic window tiling:
   • Go to System Settings > Desktop & Dock > Windows
   • Disable the following options:
     • “Drag windows to screen edges to tile”
     • “Drag windows to menu bar to fill screen”
     • “Hold ⌥ key while dragging windows to tile”
     • “Tiled windows have margins”

   After turning off these settings, you should be able to resize the VPN Tracker window more freely.

   
2. Alternatively, you can minimize the VPN Tracker window to show only the left sidebar:
   To do this, click the small button at the bottom-right of the window (see screenshot below). This will shrink the window down to just the sidebar.

We use analytics to help us improve the app and your overall VPN experience. All measurements are completely anonymous and we never evaluate any personal information or any data going through your connection.

What is measured

• Generic connection settings (e.g. what type of connection it is, which options are being used etc.)
• Which features are used (e.g. is auto-connect enabled, are any actions configured etc.)
• How many connections you have

Your data, your privacy

• Your specific network settings or credentials are never read, captured or transmitted
• Your VPN traffic is never analyzed, captured or accessible

You’re in control

If you’d prefer not to share any anonymous usage information with equinux, you can deactivate this option at any time in VPN Tracker’s preferences by unchecking 'Share diagnostics data'.

There is a known bug in the Watchguard firmware that is causing a lot of trouble. Currently, we still do not know why VPN Tracker is triggering this bug, as the Windows client seems to not trigger it. We talked with Watchguard, but even they could not tell us what we are doing wrong. Basically the tunnel dies internally in the Watchguard (it's still shown as open and established, but traffic arriving over this tunnel is rejected as if the tunnel was closed).

If you are using a Branch Office VPN at the moment, try switching to a MUVPN if possible. MUVPN works with VPN Tracker as well and usually yields for better results.

Please refer to the following description.

We use analytics in VPN Tracker 365 to help us improve the app and your overall VPN experience. All measurements are completely anonymous and we never evaluate any personal information or any data going through your connection.

What is measured

• Generic connection settings (e.g. what type of connection it is, which options are being used etc.)
• Which features are used (e.g. is auto-connect enabled, are any actions configured etc.)
• How many connections you have

Your data, your privacy

• Your authentication details and credentials are never read, captured or transmitted
• Your VPN traffic is never analyzed, captured or accessible

You’re in control

If you’d prefer not to share any anonymous usage information with equinux, you can deactivate this option at any time in VPN Tracker’s preferences by unchecking 'Share diagnostics data'.

The Remote Connection Wipe functionality is available for all VPN Tracker 365 plans.
Please note that you will need a VPN Tracker 365 Pro plan to export a VPN connection.

In our white paper you will find all information to set up Remote Connection Wipe:

http://equinux.com/goto/vpnt365/whitepaper

No, you currently cannot undo remote connection wipe. However, you can reinstate a team member. Remember, you will need to redistribute your team’s VPN connections to the new user before they will be able to connect.

Remote Connection Wipe offers additional security by removing information about your VPN infrastructure. You may also want to use Remote Connection Wipe for compliance purposes or when working with external contractors.

Remote Connection Wipe also has the added benefit of working with any VPN connection, even those that don’t offer user authentication. This lets you to block VPN access for an individual user without having to distribute a new connection to your entire team.

The majority of VPN users use their Mac out and about on the go. If a MacBook ever gets lost or stolen, there’s a risk that remote access to your network could fall into the wrong hands. With VPN Tracker, you can prevent unauthorized VPN access by remotely revoking access to the connection.

To safeguard your accounting data against accidental deletion, VPN Tracker keeps rolling backups.

You can find them under:

Macintosh HD/Users/YourUser/Library/Application Support/VPN Tracker/Accounting/

(Note that the Library folder may be hidden: Choose "Finder" > "Go" from the menu bar and hold down the option key to open the Library folder).

Your current Account files are stored in “Accounting.sqlite”. You'll also see all your Accounting backups in the same folder. They will be have a date in the file name.

To revert to an earlier backup:

‣ Rename the “Accounting.sqlite” file to “Accounting-backup.sqlite”
‣ Delete the Accounting.sqlite-wal and Accounting.sqlite-shm files 
‣ Rename the backup you want to restore to “Accounting.sqlite”

VPN Tracker automatically stores a backup of all your VPN connections on your Mac. If you have inadvertently deleted a connection, or wish to revert to an earlier copy of a connection, you can manually restore the backup copy.

1. Turn off Personal Safe syncing

You need to deactivate Personal Safe for the connections you're trying to restore from your backup, to prevent unwanted changes being synced:

• Open VPN Tracker 365
• From the menu bar, choose: VPN Tracker 365 > Preferences > Personal Safe
• Uncheck the connections you want to restore from your backup
• Quit VPN Tracker 365

2. Restore from your Backup

• Open Finder and choose "Go" > "Go to Folder…" from the menu bar
• Enter this path and press Return:
  /Library/Application Support/VPN Tracker 365
• Rename your "etc" folder to "etc-backup" – for safekeeping
• Go into the "backup" folder

Here you'll see a number of backup folders, all organized and named by date.

• Move the "etc-date" folder you want to restore up one level into the main "VPN Tracker 365" folder
• Rename the folder your just moved to just "etc" (deleting the date)
• Open VPN Tracker 365

All of your connections will now be restored to their backed-up state.

3. Re-activate Personal Safe

• Choose: VPN Tracker 365 > Preferences > Personal Safe from the menu bar
• Check your connections, to add them to Personal Safe

Download VPN Tracker free

Visit my.vpntracker.com, log in to your account, and go to "Subscriptions" to update your payment method.

Go to your current subscription and click on "Edit" to change the payment method. Click "Choose another way to pay" to add a new credit card or alternatively, add a PayPal account. This will be used as your new default payment method for your plan.

What's the point of a VPN?

Secure data

How do you establish a VPN connection?

1. In the VPN Tracker for Mac App

‣ Go to "VPN Tracker" > "Preferences"

‣ Select "Personal Safe"

‣ Uncheck the connections and/or shortcuts you would like to delete from the list

‣ Press update

‣ This will delete all connection info from our servers. 

2. In a browser at my.vpntracker.com

‣ Open my.vpntracker.com  and log in with your equinux ID and password

‣ Select "Personal Safe" in the sidebar

‣ Here you will see all connections and Shortcuts which are saved in your Personal Safe.

‣ When you press the delete button next to any connection, this will instantly be deleted from your Personal Safe

• Personal Safe White Paper
• VPN Tracker Personal Safe features

• A demo license is only valid for 30 days.
• A demo license allows you to use all the Pro Edition features except the export feature.
• A demo license restricts tunnel traffic up to 500 kb in either direction.
• Once the 500 kb limit has been reached, a demo license allows you to stay connected for another 3 minutes.

Symptom

Solution

1. Do nothing; the conflict will persist until resolved.
2. The safe is right; the version from the safe is downloaded.
3. VPN Tracker is right; the version of VPN Tracker is written to the safe.

Reasoning

‣ Go to "VPN Tracker" > "Refresh My Account"

• Multiprotocol VPN support
• High speed connections
• Zero-config VPN - thanks to TeamCloud & Personal Safe technology

1. Germany
2. Austria
3. United States
4. Australia
5. Brazil
6. Canada
7. France
8. Japan
9. Luxembourg
10. Netherlands
11. New Zealand
12. Singapore
13. Spain
14. Sweden
15. Switzerland
16. United Kingdom

‣ Choose "File" > "New" > "World Connect Destination"



‣ Then, choose "World Connect" and "Countries"



‣ Check your country of choice:

‣ Open "System Preferences."

‣ Click "Language & Region."



‣ Change to your preferred language by dragging your selected language to the top of the list.



‣ Close your software. For example, with VPN Tracker, you can do so by choosing "VPN Tracker" > "Quit VPN Tracker."



‣ Reopen the software.

• {FQ317}

• VPN Tracker 365: Download here
• An internet connection
• A VPN Router/Gateway

Create a new connection

‣ Click on the plus symbol in the bottom left corner:



‣ Choose: "New Company Connection"

Choose your VPN Router

‣ In the list of VPN Gateway vendors, choose the manufacturer and model of your VPN router. In case your VPN router does not appear in the list, try the following:

‣ Choose "Use custom device profile." 

‣ Click on "Create" to add your VPN connection.

Your configuration guide

Option 1: Manual Access:

Open Finder.
Open the "Go" menu.
Choose "Connect to Server..."
Enter the IP address (e.g."192.168...")
Click "Connect".

That's it! Now you have access to your files in Finder for this session. Please note, you will have to carry out these steps each time you need to connect.

Option 2: Creating a Shortcut:
You can also create a shortcut to your server within the VPN Tracker app, meaning it will be saved for whenever you need to access the server.

Go to "VPN Shortcuts" in the app menu.


In the shortcuts section, click on the bottom menu and drag out the File Server icon.


Choose a VPN connection and a server to create your shortcut. If your chosen server does not appear on the list you can also enter it manually.

After you have completed these steps your connection will be saved in the shortcuts section for whenever you need to use it.

This video tutorial shows you how to quickly create a VPN Shortcut to a file server...

Configuring the Pre-Shared Key for a new VPN connection

I have lost my Pre-Shared Key - how can I get it back?

1. Check if you have stored the affected connection in your Personal Safe. If so, you may be able to download the connection again.
2. Check the Keychain (Applications > Utilities > Keychain Access). The Pre-Shared Key is usually saved here. Enter "Shared Secret" into the search bar to view a list of all your saved PSKs.
3. Are you using Time Machine Backup? You could try restoring an older connection with the Pre-Shared-Key.
4. Check your firewall or ask the relevant VPN Administrator. Refer to your device handbook to find out where to obtain this information on your specific firewall.

‣Open System Preferences

‣Go to Security

‣Click "Allow"

Log out of VPN Tracker
Quit and restart the app
Ensure you have an internet connection
Log into VPN Tracker again
Retry downloading the connection

Renewals can be canceled up until 10 days before their renewal date. The cancelation will take effect on the next possible renewal date. You can continue to use the software until the end of your term, at which point your subscription will end.

We don’t offer partial refunds. All of our 365 plans are valid for one year and you can cancel up to 10 days before the end of your term; however, if you do cancel, you will be able to continue using the software the expiration date of your plan.

How to proceed

• Download the VPN Tracker.zip file
• Open Terminal and run the following command:
• shasum -a 256 ~/Downloads/VPN\ Tracker \ 365.zip
  (note the exact path may differ, depending on which version of VPN Tracker you’ve downloaded
• Compare the calculated checksum to the checksum published on the Version History page.

1. If you have connections or Shortcuts on your Mac that are stored in your Personal Safe, deactivate Personal Safe in preferences and create a local copy of your connections
2. Go to your Personal Safe webpage and delete your user keys: https://my.vpntracker.com/user/sync/keys
3. Sign out from your VPN Tracker account on your Mac, open Keychain Access, and delete the entry "Connection Safe Master Key."
4. Then sign back in and add a connection to your safe.
5. Don't forget to write down the new recovery key and keep it in a safe place. This will enable you to log in if you ever lose your login details.

A couple of years ago, a team of security experts released a paper describing an attack that can break an IKEv1 Aggressive Mode Pre-Shared Key connection using an attack that would not equally have been possible with an IKEv1 Main Mode Pre-Shared Key connection, leading to the incorrect assumption that Aggressive Mode is inherently insecure. This claim, however, is not backed up by objective facts. What most people don't know, part of that attack was the ability to guess the Pre-Shared Key (PSK) using a brute force attack and such a brute force attack can only be successful if the PSK is weak. A PSK is also just a password and as with every password, choosing a weak password always leads to poor security. As long as your PSK is at least 14 characters long (the longer the better), consists out of lower case letters, upper case letters and digits, and was randomly generated, so it's impossible to somehow guess it, and as long as your Phase 1 hash algorithm is at least SHA1 (or better, we recommend SHA-256 if possible), there's absolutely no reason to consider IKEv1 Aggressive Mode with Pre-Shared Key as less secure than IKEv1 Main Mode with Pre-Shared Key. If you want to be even more secure, switch to certificate based authentication instead of PSK if possible as then the attack is not possible at all.

Technical background:

The Pre-Shared Key (PSK) is not a password used for encryption of any data, it's used for authentication, just when you log in to a website using a username and a password. During Phase 1, both sides must prove to each other to know the PSK. This cannot be done by just sending it to the other side, as if the other side didn't know it before, it will know it after receiving it. Instead both sides calculate a number (a hash digest) out of data they exchanged so far (data that will be different every time you start a new connection, which ensures the calculated value will be as well) and the PSK. Only this digest is send to other side. The other side can now verify that digest by performing the same calculations and comparing the result with the digest received. If both are equal, the sender must have used the same PSK in the calculation, which proves knowledge of the PSK. Then the receiver also calculates such a digest, using a slightly different formula as before, leading to an entirely different result, and sends it back in reply to also prove its knowledge.

The differences between Main Mode and Aggressive Mode is simply that in Main Mode the digest is exchanged encrypted because the session key exchange already negotiated a session encryption key when the digest is exchanged, whereas in Aggressive Mode it is exchanged unencrypted as part of the key exchange that will lead to a session key. By snooping the connection establishment of an Aggressive Mode connection, the attackers were able to get the digest as well as all values required to calculate that digest, except for the PSK itself. Please note that this alone doesn't mean the connection is broken already, it only means that the attackers now have enough data to start guessing the PSK using a brute force or dictionary attack. Only if the PSK is too weak to withstand those attacks and the attackers are able to correctly guess it, the connection will be broken. That's why a good, secure PSK is essential.

The same attack is in fact also possible with a Main Mode PSK connection, it just requires some extra work. For a Main Mode connection it's not enough to just snoop the traffic, the attackers would need to perform a so called Man-in-the-Middle (MitM) attack, allowing them to capture and manipulate all traffic exchanged. By performing a MitM attack, attackers can break the key exchange and thus will be able to decrypt all the exchanged packets. Doing so will not make it possible to break into your VPN, they still need to know the PSK for that, otherwise they cannot successfully authenticate to the other side and then Phase 1 will never complete, but that way they can get all the information required to start guessing on the PSK, just as in case of a an Aggressive Mode connection. And if an attacker is already able to snoop on your VPN traffic (which is required to attack Aggressive Mode), it's very likely that attacker is equally possible to perform a MitM attack and in that case using Main Mode will not offer you any additional protection.

A PSK out of 11 random alphanumeric characters offers an entropy of approx. 64 bits, that's 2^64 possible values. Modern high end graphics adapter (as of 2015) can calculate in the order of 1 billion SHA-256 hashes a second. On average one has to try 50% of all possible values to find a match, wich would be about 292 years. Yet if the attackers have an array of 100 such graphics adapters, it would "only" be around 3 years. If the PSK is 14 characters, the entropy is about 80 bits and you are already at 19,154,798 years. Now even having 10,000 graphics adapters would help a lot. Also one must consider the costs of such an attack, which is not so much the cost of buying all these graphics adapters, rather their power consumption when all these graphics adapters run at maximum current 24 hours a day and that for years, decades, or even centuries. The power costs will be billions of dollar and all that to just break one single PSK connection in the entire world. And whenever you change the PSK, an attacker must start all over, so if you change the PSK regularly, let's say once a year, an attacker has at most one year to find it; that's very ambitious, even for a weak PSK.

In some circumstances, VPN Tracker may not be able to store your account login credentials in your Keychain.

To fix this issue, please try the following:

• Quit VPN Tracker
• Open Keychain Access from Applications > Utilities
• Select your login keychain
• Choose File > Lock Keychain “login”
• Then choose File > Unlock Keychain “login”

On newer macOS releases, you may not see the option to lock/unlock your Keychain. In that case, please enter the following command via the Terminal:

security lock-keychain ~/Library/Keychains/login.keychain

security lock-keychain ~/Library/Keychains/login.keychain

Now re-open VPN Tracker and try signing in again.

If the problem still pops up, try this:

• Quit VPN Tracker
• Go back to Keychain Access
• In the search box enter “VPN Tracker User Auth”
• Delete the VPN Tracker User Auth Token entry

Now re-open VPN Tracker and try signing in again.

If none of the tips above work, macOS has an option to reset your Keychain. Note that this should only be tried as a last resort, as it completely resets your login Keychain:

• Open Keychain Access
• Go to Keychain > Preferences
• Choose "Reset Default Keychains…"

If there are any further issues, please contact our support team and include the application logs from this location:
/Library/Application Support/VPN Tracker 365/var/log.

• Open the VPN Tracker Connection Creator for PPTP VPN
• Enter the IP address or Host Name of the PPTP server you want to connect to, then follow the remaining steps in the setup wizard
• Save your new VPN connection in your account using secue end-to-end encryption to start using on your Mac

• If the app you want to quit is in your dock, hold the "Option" (⌥) key and right-click on the app icon, then, select "Force Quit" from the menu.
• You can also hold down "Option" (⌥) + "Cmd" (⌘) + "Esc" which will trigger a window with a list of apps you have running. To force quit one or more of these apps, simply select it from the list and click the "Force Quit" button.

In our online store we accept a variety of payment methods:

• Visa
• Mastercard
• American Express
• PayPal*
• Personal/Business Checks* (US Orders Only)
• Bank Transfers* (European Union Only)

* License will be emailed to you once your payment has cleared.

When paying my check or bank transfer, you will receive an email with additional payment details once you have placed your order. Bank Transfer and Check orders are currently not available for Mail Designer Purchases

• Press "Shift" (⇧) + "Cmd" (⌘) + "4" then click and drag the mouse cursor to capture a specific area of your screen.
• Press "Shift" (⇧) + "Cmd" (⌘) + "4" and then the space bar to capture a specific window or element on your screen.
• Alternatively, press "Shift" (⇧) + "Cmd" (⌘) + "3" to capture your full screen.

If you have a charge from equinux on your credit card that you do not recognize, it may be for one of the following products offered through the equinux Online Store:

• VPN Tracker (VPN software for Mac, iPhone and iPad)
• Mail Designer 365 (email newsletter design software for Macs)
• tizi (iPhone and iPad accessories)

Common scenarios

Auto-renewing products

VPN Tracker and Mail Designer 365 are offered as subscriptions. When a plan has been configured to auto-renew, the associated payment method will automatically be charged.

Additional team-members added

If multiple employees are using one of our products, they may have configured team billing. This means the associated credit card may have been charged, in order to add a new team member to an account.

Invoices and other questions

You can download your invoices from our website:

• VPN Tracker Invoices
• Mail Designer 365 Invoices
• Other equinux invoices

If you have checked with your team and still have additional questions regarding a charge, please contact our support team. Be sure to include the details from your credit card statement and the last 4 digits of your card.

WireGuard is a registered trademark of Jason A. Donenfeld.

• Google Authenticator
• Microsoft Authenticator
• Twilio Authy
• 1Password
• FreeOTP
• Bitwarden

• Security software (e.g. virus scanners, Malware blockers)
• Malware or Adware

• Kaspersky