There are a number of possible causes for such a behavior. This FAQ will help you to find out what is causing the problem in your specific situation. In this FAQ we will be using destination device as a generic term for the device you are trying to connect to. The destination device can be anything from a normal computer, to a server, to a network printer.

1. Are you trying to connect to the destination device using a host name?

If you are using a host name, please try once using its IP address instead. If that works, the problem has to do with DNS resolution. Please make sure DNS is enabled for the VPN connection and correctly configured. Note that using Bonjour or NETBIOS hostnames is generally not possible over VPN.

2. Is the IP address you are connecting to really part of the remote network?

For example, if your remote network is 192.168.13.0/24, you should be able to connect to IPs starting with 192.168.13.x, but connections to IPs starting with 192.168.14.x will not work as they are outside the address range of traffic tunneled through the VPN.

3. Is the local address in VPN Tracker part of the remote network?

Using a local address in VPN Tracker (Basic > Local Address) that is part of the remote network is not possible with most VPN gateways. Please use a local address that is outside all remote networks. For example, if your remote network is 192.168.13.0/24, do not use an address starting with 192.168.13. If you are using an automatic configuration method (e.g. Mode Config, EasyVPN, DHCP over VPN) you may be able to assign a local address to VPN Tracker that is part of the remote network. Refer to the configuration guide for your VPN gateway for more information.

4. Could multiple VPN users use the same local address?

If multiple VPN users exist, pleas make sure no two users are using the same local address (Basic > Local Address), otherwise one of them will not be able to use the tunnel anymore whenever both of them are connected. If that field is empty in your configuration, VPN Tracker will just use the IP address of your primary network interface as local address, and of course, this can also cause an address conflict with another user, that’s why we do not recommend to leave that field empty if there are multiple VPN users.

5. Can you ping the LAN address of the VPN gateway?

You can find a ping tool directly in VPN Tracker under Tools > Ping Host. The LAN address of the VPN gateway is special in the regard that this address doesn’t need to be routed at all. So if you can ping that address but no other remote address, it is most likely a routing issue at the remote end.

6. If you can't ping anything, try re-running the VPN Availability Test

The VPN Availability Test can be found in the menu: Tools > VPN Availability Test. Then try connecting the VPN again. The results of this test depend on the capabilities of your local Internet router/modem or the Internet connection itself and they influence how the VPN tunnel is established. VPN Tracker automatically runs the test for every new Internet connection it is able to detect but even if a connection has been tested before, there are various reasons why the behavior of that connection may have changed in the meantime.

7. Is your VPN gateway the default gateway (router) of its network?

If the VPN gateway is not the default gateway, you will in many cases need a suitable routing setup in order for responses to reach you. Whenever a device doesn’t know how to reach an IP address directly, it forwards its reply to its default gateway and if that isn’t the VPN gateway, it won’t know what to do with that reply data. In that case its important to configure the default gateway to forward replies to VPN users to the VPN gateway.

8. Is your VPN gateway the default gateway (router) of its network?

For more details, we would like to direct you to the following FAQ entry.

Disclaimer: Please be aware that resetting your Personal Safe will delete all of your VPN connections and passwords.

If you have your Personal Safe recovery key or can retrieve your old equinux ID password, follow the recovery steps in VPN Tracker instead.

1. If you have connections or Shortcuts on your Mac that are stored in your Personal Safe, deactivate Personal Safe in preferences and create a local copy of your connections
2. Go to your Personal Safe webpage and delete your user keys: https://my.vpntracker.com/user/sync/keys
3. Sign out from your VPN Tracker account on your Mac, open Keychain Access, and delete the entry "Connection Safe Master Key."
4. Then sign back in and add a connection to your safe.
5. Don't forget to write down the new recovery key and keep it in a safe place. This will enable you to log in if you ever lose your login details.

Some kinds of software may cause issues with VPN Tracker:

1. Personal Firewalls / Desktop Firewalls
2. Protection Software (e.g Virus Scanners, Malware Protection)
3. Other VPN Clients / VPN Software (for example NCP Client)

Personal Firewalls usually ask the user, if an app should be allowed to send network traffic. It’s important to grant VPN Tracker full network access. If you have already added rules for VPN Tracker, please whitelist VPN Tracker.

Protection Software often sees VPN traffic as a potential source of threat, as it isn’t able to analyze that traffic because of its very strong encryption. Please ensure VPN Tracker is ignored by any protection software running on your Mac and allow VPN traffic to pass through.

Other VPN clients should not be a problem, if they are designed to co-exist with othe VPN apps. Unfortunately, not all other clients are and some capture all VPN traffic as soon as they are installed, even if the app is not running.
In these situations, you may need to uninstall the VPN client - we also suggest asking the vendor to improve its “cooperation” with other VPN apps.

Here are some common examples of the types of apps mentioned above. If you are uncertain whether any of these applications may be installed on your system, try the following:

• Open the app “Terminal”
• Copy and paste the following command: kextstat | grep -v com.apple

You’ll get a list of all kernel extensions that are not from Apple. Just compare that list with the identifiers in parenthesis below:

• Little Snitch
  (at.obdev.nke.LittleSnitch)
   
• TripMode
  (ch.tripmode.TripModeNKE)
   
• Sophos Anti Virus
  (com.sophos.kext.oas, com.sophos.nke.swi)
   
• Symantec Endpoint Protection / Norton AntiVirus
  (com.symantec.kext.SymAPComm, com.symantec.kext.internetSecurity, com.symantec.kext.ips, com.symantec.kext.ndcengine, com.symantec.SymXIPS)
   
• Kaspersky Internet/Total Security
  (com.kaspersky.nke ,com.kaspersky.kext.kimul, com.kaspersky.kext.klif, com.kaspersky.kext.mark)
   
• Intego Mac Internet Security
  (com.intego.netbarrier.kext.network, com.intego.virusbarrier.kext.realtime, com.intego.netbarrier.kext.process, com.intego.netbarrier.kext.monitor)
   
• Fortinet FortiClient
  (com.fortinet.fct.kext.avkern2, com.fortinet.fct.kext.fctapnke)
   
• Cisco Advanced Malware Protection (AMP)
  (com.cisco.amp.nke, com.cisco.amp.fileop)
   
• TUN/TAP based VPN Clients
  (net.sf.tuntaposx.tap, net.sf.tuntaposx.tun)
   
• eset Security Products
  (com.eset.kext.esets-kac, com.eset.kext.esets-mac und com.eset.kext.esets-pfw)
   

By default, traffic to the remote network cannot be sent through the VPN tunnel if it is using the same network as the local network.

Resolving a Network Conflict using Traffic Control

You can use Traffic Control and VPN Tracker will send non-essential local network traffic over the VPN.

Activate Traffic Control:
> Go to Advanced > Traffic Control
> Check "Force traffic over the VPN if remote networks conflict with local networks"

Note that you will never be able to reach the following addresses over VPN: The IP address of your local router, your DHCP server, and your DNS server(s). If you need to reach those IPs over VPN, you will have to resolve the network conflict instead of using Traffic Control. The same applies for any IPs that you need to reach locally and over VPN.

Resolving a Network Conflict Manually

You have two basic options for resolving a conflict:

1. Change the local network to use a different network address. In most situations, this will entail changing the LAN settings on the local router (including DHCP settings if DHCP is used).
2. Change the remote network to use a different network address. With most setups, this entails changing the LAN on the VPN gateway (including DHCP settings if DHCP is used), and changing the IPs used by devices on the VPN gateway's LAN (or triggering a DHCP refresh, if DHCP is used). If the LAN is used in the VPN settings (such as for policies or firewall rules), these will need to be changed as well. Finally, change the remote network in VPN Tracker to match the new settings

If you decide to change the remote network, it makes sense to choose a private network that less commonly used. According to our informal statistics, conflicts are least likely using these networks:

• Subnets of 172.16.0.0/12
• Subnets of 192.168.0.0/16, excluding 192.168.0.0/24, 192.168.1.0/24 and 192.168.168.0/24

If these are not an option, use a subnet of 10.0.0.0/8, excluding 10.0.0.0/24, 10.0.1.0/24, 10.1.0.0/24, 10.1.1.0/24. However, since wireless network operators sometimes choose to use the entire 10.0.0.0/8 network, the first two options are preferred.

If you have a more sophisticated VPN gateway, in particular a SonicWALL, you may be able to set up an alternative remote network on the VPN gateway that is mapped 1:1 through Network Address Translation (NAT) onto the actual network. Users can then connect to this network instead if they have a conflict of networks. We have a guide available that describes this approach for SonicWALL devices.

If the conflict is caused by virtual network interfaces (e.g. Parallels, VMware), see here for more information.

Parallels

Go to "Preferences" > "Network" in Parallels and change the DHCP ranges for Shared and/or Host-Only Networking so they no longer conflict with your VPN's remote network.

VMware Fusion

A PDF with instructions can be downloaded from the VMware community forums:

• VMware Fusion 3.x
• VMware Fusion 1.x/2.x

Such a setup is called “Host to Everywhere” in VPN Tracker. All non-local traffic will be sent through the VPN. For this setup to work, it must be properly configured in VPN Tracker and on the VPN gateway:

1. The Network Topology must be set to “Host to Everywhere” in VPN Tracker
2. The VPN gateway must accept an incoming VPN connection with a 0.0.0.0/0 (= everywhere) endpoint

Once these are configured, it should already be possible to establish the VPN connection. However, it is very likely that Internet access will not yet work. For Internet access to work, several more things need to be configured on the VPN gateway:

1. The VPN gateway must route VPN traffic not destined for its local networks out on the Internet
2. This traffic must be subject to Network Address Translation (NAT) in order for replies to reach the VPN gateway
3. In many cases, a suitable remote DNS setup is necessary for DNS resolution to continue to work

Note that not alll VPN gateways can be configured for Host to Everywhere connections. Most devices designed for small office or home networks (e.g. devices by NETGEAR or Linksys) are not capable of dealing with Host to Everywhere connections.

Current Firmware (Fireware XTM)

WatchGuard Firebox X Edge e-Series devices with Fireware XTM (Fireware 11) are fully supported in current versions of VPN Tracker. For details please see our configuration guide.

Older Firmware

Devices running an older firmware may often work using the following setup. Please note however that we can't guarantee that this setup will work in all cases.

Start by creating a new user on the Firebox Edge and then configure MUVPN support for this user.

In VPN Tracker, use a "Custom Connection" device profile as the basis for your new connection.

Map the WatchGuard settings to your VPN Tracker configuration as shown in the table below:

Watchguard	VPN Tracker
Account Name	Local Identifier
Shared Key	Preshared Key
Virtual IP Address	Local Address
Authentication Algorithm	Phase 1 and Phase 2 Hash/Authentication Algorithms
Encryption Algorithm	Phase 1 and Phase 2 Encryption Algorithms
Key expiration in hours	Phase 1 and Phase 2 Lifetime

The following settings are independent of your specific MUVPN configuration:

• Local Identifier Type: Email (even if it is a name and not an email address)
• Exchange Mode: Aggressive
• Phase 1 Diffie-Hellman Group: Group 2 (1024 bit)
• Perfect Forward Secrecy (PFS): off

Finally make sure the that VPN Tracker's "Network" setting is set to "Host to Network", and the correct Remote Network (i.e. the network that you want connect to through the VPN) is used (e.g. 192.168.1.0/255.255.255.0).

The Pre-Shared Key (sometimes called shared secret) is basically a form of password for your VPN gateway which is set up on your device.

Configuring the Pre-Shared Key for a new VPN connection

VPN Tracker provides setup guides for all major gateway manufacturers. In these setup guides, you will also find information on how to set up a secure Pre-Shared Key for your specific device.

You can access all guides on this page.

I have lost my Pre-Shared Key - how can I get it back?

Here are a few tips for you to try and restore your Pre-Shared Key:

1. Check if you have stored the affected connection in your Personal Safe. If so, you may be able to download the connection again.
2. Check the Keychain (Applications > Utilities > Keychain Access). The Pre-Shared Key is usually saved here. Enter "Shared Secret" into the search bar to view a list of all your saved PSKs.
3. Are you using Time Machine Backup? You could try restoring an older connection with the Pre-Shared-Key.
4. Check your firewall or ask the relevant VPN Administrator. Refer to your device handbook to find out where to obtain this information on your specific firewall.

Beta versions are soon to be released versions of VPN Tracker 365. We like to release beta versions to allow users to give us feedback on new features we've been developing before we roll them out to the general public.

If you would like to become part of our beta testing program, you will need to activate access to early release versions in the app.

Open the VPN Tracker 365 app and go to "VPN Tracker 365" > "Preferences"
Next to "Update", check the box "Get early access to Pre-Release versions"
From the drop down menu, select "Beta versions"

{S_1174}

Tip: Next to "Update" you can also check "Automatically check for updates". This way, VPN Tracker 365 will inform you whenever a new beta version is available for testing.

Are you an experienced IT admin wanting to take things one step further? Check out our Nightly builds...

If you run into issues on a beta version and want to get back to an older build, you can always find our latest official release on the version history page. Please also note that you can deactivate beta testing at any time by unchecking the box in your app preferences.

Nightly builds are exclusive early preview versions of cutting edge, new features that the development team has been working on. We release these to give experienced IT admins the chance to work alongside us and test our latest work even before the beta release.

If you would like access to Nightly builds, you need to activate access to early release versions in the app.

Open the VPN Tracker 365 app and go to "VPN Tracker 365" > "Preferences"
Next to "Update", check the box "Get early access to Pre-Release versions"
From the drop down menu, select "Nightly Builds"

{S_1175}

Tip: Next to "Update" you can also check "Automatically check for updates". This way, VPN Tracker 365 will inform you whenever a new Nightly build is available for testing.

Not sure you're up for Nightly testing? If you want to test a more ready-to-launch version of VPN Tracker before it goes live, our beta testing program is another great alternative.

If you run into issues on a Nightly version and want to get back to an older build, you can always find our latest official release on the version history page. Please also note that you can deactivate Nightly testing at any time by unchecking the box in your app preferences.

‣ Choose “File" > "Export…” 

{S_938_50%}

‣ Save your file. 

‣ Then, find your saved file in the location that you saved it to.

‣ Right-click the file and choose "Compress “YOUR FILE NAME”" in the menu bar:

{S_939_50%}

‣ This will create a .zip file:

{S_940_50%}

Please refer to the following page for further information on how to export your email design as a .zip file:

• Exporting as a .zip file guide.

VPN Tracker supports industry standard OpenVPN, IPsec (IKEv1 + IKEv2), L2TP, PPTP, SSL, SSTP, and WireGuard® protocols. This means that it will work with almost all devices supporting these types of VPN connections.

A list of tested devices is available on our website

What if my device is not on this list?

There are hundreds of VPN devices available on the market, and we'd love to offer device profiles for all of them. Unfortunately, it is impossible to test all devices. If your gateway is not in the list, it will probably still work with VPN Tracker.

Tip: Try out one of our custom protocol profiles to test your VPN connection free in VPN Tracker on Mac, iPhone or iPad.

SonicWALL Simple Client Provisioning with VPN Tracker is available with all SonicWALLs running SonicOS 4.0 or newer and all editions of VPN Tracker.

If you are still using VPN Tracker 6 or earlier, Professional or Player Edition is required.

Mail Designer 365 needs your permission to access your previous designs and app preferences from earlier Mail Designer versions:

 Click on "File" > "Import settings and designs."
{S_1032}

When the migration window pops up, select "Grant access" to continue.
{S_1033}

In the next window, simply select "Grant access" again to allow Mail Designer 365 access to the design files in your Library. You do not need to select a different folder.
{S_1035}

Select from the list which settings you would like to copy over to Mail Designer 365 and then click "Import selected."
{S_1034}

Your designs and in-app preferences will then be quickly imported into Mail Designer 365.
{S_1036}

You can retrieve your equinux ID or password using this form.

If you don’t receive the email* containing your information, please note that the email may have mistakenly been marked as spam or junk mail, so be sure to check your email filters.

If you are unable to retrieve your username and password using the retrieval form, please contact the support team for assistance. When contacting us, please provide your old and new email adresses.

* Please note that the email will be sent to the address active on account. If your email address has since changed and you no longer have access to the previous account, you will need to contact the support team for assistance.

The following article describes where VPN Tracker stores its data in case you need to make manual backups instead of using Time Machine.

VPN Tracker stores all its data files in the standard system locations as recommended by Apple. Depending on the fact if these are system-wide or per-user files, they are either found in /Library (system-wide) or ~/Library (per-user), where ~ is a placeholder meaning "home of the current active user".

To access the system-wide library folder:

In Finder Choose "Go" > "Go to Folder ..." 
Enter /Library

To access the user library folder:

In Finder Choose "Go" > "Go to Folder ..." 
Enter ~/Library

VPN shortcuts, all information related to your equinux ID, accounting data, scanner results, and window positions are per-user settings.

For a full backup of all your settings, you need to backup the following files and folders:

• /Library/Application Support/VPN Tracker 365
• /Library/Preferences/com.equinux.VPNTracker365.plist
• ~/Library/Application Support/VPN Tracker 365
• ~/Library/Preferences/com.equinux.VPNTracker365.plist

Of course, the name depends on the exact version of VPN Tracker you area using; names above are for VPN Tracker 365 version 36517.0 or newer. If you still run an older version of VPN Tracker 365, please update to the latest version first.

Backup your keychain
Please note that passwords in VPN Tracker are usually not stored in any of the locations named above but in your keychain. If you have no external backup of all your passwords, be sure to also backup your keychains which can be found in ~/Library/Keychains

If you need to transfer a license to another equinux ID, you can easily do this yourself at my equinux.

‣ First log in with your equinux ID and password: http://my.equinux.com
‣ Click the checkboxes for each product that you want to transfer
‣ Click the "Transfer" button below and enter the equinux ID or email address of the new license owner and click next.       
‣ Finally click "Confirm" to complete the transfer. The system will transfer the license, display a message and email both the old and new license owner that the license has been transferred.

VPN Tracker 365 Plans cannot be transfered to another equinux ID. However, under https://my.vpntracker.com you can assign a plan to a colleague so they can use one of the VPN Tracker 365 plans that are connected to your account.
This is especially useful if you are the admin of all VPN Tracker licenses in your company and want to manage who can use one of the purchased plans.

If you are working from home and need to connect to VPN, your admin will send you a connection file which you can import into the VPN Tracker 365 app.

{S_1169}

This is the pre-configured VPN connection that you need in order to connect your Mac to your office network and access your internal services.

Here's how it works:

Double click the connection file to import into VPN Tracker 365.
Enter the import password - your network admin will give this to you.
Now, click the toggle switch to connect to your VPN. Note: If you are asked  to enter user credentials, your admin will tell you which login you need to use.

This video tutorial shows you how to get started with your company VPN:

There are two types of IP addresses:

• Private IP Addresses, and
• Public IP Addresses

Private IP addresses can be used by any person or organisation for their private network.

The two most commonly used private network ranges (range of IP Addresses) are:

• 192.168.0.x, and
• 192.168.1.x

When for example your home network and your company network both use the same Private IP Range, there will be problems because you will see multiple devices with the same IP Adress and your computer will get confused.

Your Company Network:
When setting up a company network, most companies try to avoid the above listed IP ranges, which is also recommended by us, in order to not cause conflicts with people connecting over VPN. However, there are still some companies that use one of these popular network ranges.

Your Home Network:
A lot of popular home routers like Netgear, Asus, Google, D-Link, TP-Link, Linksys, Trendnet, AVM all use an IP Range of 192.168.0.x.

If your company Network uses the same IP Range as your home network you are going to run into problems.
{S_1182}

Here are two possible solutions:

1. Change your local network to a different range (Preferred)

   
   Possible Ranges are:
   
   • 10.250.250.x
   • 172.30.30.x
   • 192.168.250.x
   
   Advantage: Once you have made this change on your home network, you will never have conflicts in this network.
   Disadvantage: You will need to change the settings on your private network router once, this requires access and can take some time.
   What to do:
   
   • Login to your home router
   • Find the setup section with “DHCP” settings.
   • Change your router to a different IP adress (for example an address from one of the ranges listed above, for example 172.30.30.1)
   • Change the DHCP Server Settings to the same range of your router (If your router IP is 172.30.30.1, your range could be 172.30.30.10 to 172.30.30.253){S_1183}
   
   After you have made these changes, there will be no more conflicts between your home and company network.{S_1184}

2. Force Traffic over VPN

   
   There may be situations where it's not possible to use the first option (for example if you're in a coffee shop or hotel) In this case you have the option to force the traffic over your VPN Network, this means your VPN Network (company network) will always win.
   Advantage: This setting is global, meaning no matter what network you are in you will always be able to connect.
   Disadvantage: Once you are connected to your company’s VPN, you can not access local service, like home router, local storages or printers.
   What to do:
   
   • Configure your VPN Tracker connection
   • Select the "Advanced" Tab at the top
   • In the "Traffic control" section, activate the Checkbox "Force traffic over the VPN if remote networks conflict with local networks"{S_1189}
   
   

Download VPN Tracker free

To access volumes and files hosted on a file server, one of several available distributed file system protocols must be used. As of 2018, the most common protocols are SMB/CIFS (default for Windows and macOS 10.9 or newer), AFP (default for macOS prior to 10.9), NFS (default for Linux and most UNIX operating system), WebDAV (based on HTTP, vendor neutral). All these protocols, except for WebDAV, have originally been designed to access files hosted on a file server located in the same network as the client accessing it. This can often lead to issues when using these protocols over a VPN connection.

A VPN connection typically runs over the Internet and the Internet has quite different network characteristics than a company or home network. Local networks typically offer a high amount of symmetric (upload equals download) bandwidth, very low and stable latency, very litte packet loss, almost no data corruption and a rather high and always constant maximum transmission unit size (MTU). Contrary to that, Internet connections offer a lot less bandwidth, usually asymmetric (much more download than upload) and the Internet has a rather high, very fluctuating latency, typically at leas some packet loss, data corruption can happen as well and the maximum transmission unit size can be much lower and is subject to change at any time even during an active transmission. Some of the protocols above can cope better with these conditions than others.

Issues to expect: Slow to very slow directory browsing (because of the large latency), copying a file from remote is slow (limited by the upload of the other side), copying a file to remote is slow (limited by the upload of the local side), directly opening a file directly is even slower (caused by limited upload bandwidth but also large latency and small packet sizes can play a role), and file access failures are possible (caused by packet loss and/or data corruptions). Please note that none of these is the fault of the VPN itself, even when running these protocols over the same Internet line without any VPN, the results would only be marginally better or not better at all.

Unfortunately there is little that can be done about these problems. There is nothing users can do to improve latency. Improving upload bandwidth will always help if such an option does exist as if bandwidth is the problem, it's almost always upload and not download bandwidth. Switching the protocol may help, as especially SMB/CIFS doesn't work very well over Internet lines with bigger latency and if it has to fall back to an older protocol version (one older than SMB 3.0), it will be a catastrophe (up to not working at all anymore). A problem is that SMB and WebDAV are the only protocols that Windows supports natively, whereas macOS supports all the protocols named above natively, thus it's required to resort to third party products to teach Windows alternative protocols. In a pinch one can try to use WebDAV, but WebDAV has a rather poor performance even when used in local networks. Dedicated NAS devices usually support NFS when enabled, which could yield a better performance than SMB.