VPN fails on some networks
You may have a Virtual Private Network (VPN) connection set up on your computer, which you normally use to connect to your workplace network when you are out of the office.
Sometimes, your VPN fails to connect when you are using certain wifi networks or home broadband networks. This can happen even though you know your settings and username / password are correct and the connection works normally at other locations.
You may receive error messages similar to “unable to connect”, “unable to authenticate” “timeout” or “incorrect username / password”.
You are able to browse the internet and may be able to send and receive e-mail successfully while this problem is occurring.
Microsoft Windows laptop and desktop computers
MacOS laptop and desktop computers
Mobile devices including smartphones and tablets which support VPN connections.
Not all networks can be relied upon to transmit all types of VPN traffic from your computer over the internet.
A non-technical summary of the reasons is below, but see the “Additional Information” section for a more detailed technical explanation.
Small free networks – Many free public wireless networks eg: in cafes and bars use domestic networking equipment which don’t allow some types of VPN traffic to pass through them, or only allow one active VPN connection at a time.
Security – Some locations may block outgoing VPN connections for security reasons.
Domestic broadband or mobile networks – Mass market / low cost broadband or network providers make design choices to keep costs low which may prevent some VPN technologies from working.
Commercial reasons – Many mobile or consumer broadband operators offer very low cost services to consumers by only supporting the features most people need - eg: browsing the web, getting email and streaming music or video. Using a VPN may only be available on their business tarriffs, at additional cost.
If these issues are affecting you, your IT department or IT service provider are unlikely to be able to resolve these problems for you.
You will need to:
Find an alternative network or provider which supports VPN usage.
Change to a business tariff or broadband service with your current provider which supports VPN usage.
For mobile VPN access on laptops, all major operators provide a range of 3G / 4G mobile SIM cards and USB sticks for this purpose at affordable rates.
Many VPN systems for business users are based on one of the following protocols, all of which may be affected by the issues described in this article:
The main reasons for VPN failing are:
Small free networks – Domestic networking equipment often has limited or poor Network Address Translation (NAT) implementations. NAT is particularly problematic for PPTP (specifically GRE), and it is common for devices which allow PPTP to only allow one active connection at a time due to limitations of their NAT implementation.
Security – There are many good reasons for blocking outgoing VPN connections from within a corporate network: VPN tunnels hide the user’s internet activity from the network administrator, may allow unauthorised access into the network, and may allow the user to exfiltrate sensitive data or information without complying with the organisation’s security policies.
Domestic broadband or mobile networks – Carrier Grade NAT (CGNAT) has been used by mobile operators for a number of years. Due to the exhaustion of IPv4 address space, and limited takeup of IPv6 among consumers and home networks, many domestic broadband providers are increasingly doing so as well.
Commercial reasons – By reducing the features available on some tariffs, providers can offer low cost services to consumers, on the basis businesses are able to pay more to support their greater needs. VPN usage often suggests higher and more consistent bandwidth usage, which providers may be unable or unwilling to support on low cost packages.