7.1 VPN Client Issues

This section covers the following issues:

Installing VPN client on Linux breaks the existing Nortel VPN client plug-in functionality

Action: Install the novell-nortelplugins.

Download the novell-nortelpulgins from the Novell Forge Web site.

VPN connection through vpnlogin fails

Explanation: VPN connection through vpnlogin is not supported. It can be used for profile creation only.

Error in accessing protected networks

Explanation: After you have set up a VPN connection and try to access protected networks, you might see an error message: Resource temporarily not available.
Possible Cause: The IPSec SAs are being created.
Action: Try accessing the protected networks after a few minutes.
Explanation: After you have set up a VPN connection and try to access protected networks, you might an see error message: Operation not permitted.
Possible Cause: The policies do not allow you to access the protected networks.

Registry settings (If VPN client install fails)

Action: Follow these steps:

  1. In the registry, remove the key under hklm\software\microsoft\windows\currentversion\uninstall, which has its display name as Novell BorderManager 3.9 VPN Client.

  2. Remove the hklm\software\novell\novell BorderManager VPN Client key.

  3. Restart the system and re-install.

VPN client files

Explanation: The files are available at:

  • IKE file name: drive:/novell/vpnc/winnt/log/ikelog.txt for Windows 2000 and XP.

  • Certificate location: drive:/novell/vpnc/certificates/users for user personal certificate (.pfx) and drive:/novell/certificates/trustedroots for server certificates ( .der).

Why does installation of the latest VPN client or, uninstallation of the previous VPN client fail?

Action: If there is a failure, remove the bindings manually. To do this,

On Windows 2000 and XP:

  1. Restart the system in safe mode.

  2. Go to My Computer > Properties > Hardware > Device Manager.

  3. Select View > Show Hidden Devices.

  4. Under Network adapters, search for Novell Virtual Private Network bindings. Remove these bindings.

  5. Restart the system and re-install the Novell BorderManager 3.9 VPN Client.

Does NMAS support the VPN client with universal smart card?

Explanation: The VPN client supports Universal Smart Card for NMAS. The supported drivers are provided by Universal Smart Card. These drivers need to be installed where the VPN client is installed.
Action: Refer to third party documentation for Universal Smart Card driver installation.

What are the minimum requirements for universal smart card?

Explanation: Ensure that the following are installed on both the client and the server:

  • NICI

  • NMAS

  • NMAS method for USC

  • NMAS method for LDAP

What are the steps for using NMAS universal smart card on client?

Action: Follow these steps:

  1. Select VPN client > Configuration > NMAS and USC.

  2. Click VPN client > VPN and fill the details.

  3. Enter the PIN number. This is the number of the smart card.

Why does the VPN client not work in dial-up mode?

Explanation: Install dial-up settings before you install the VPN client.
Action: If you have already installed the VPN client, uninstall the VPN client. Install dial-up and reinstall the VPN client.

Why does the VPN client not work with other IPSec VPN clients?

Explanation: You need to uninstall any other VPN client that you may have on the workstation, before the Novell BorderManager 3.9 VPN client is installed.

Why does VPN client login fail with NMAS with a -1663 Error?

Explanation: This could happen if NDSĀ® (eDirectory) is not first in the login sequence.
Action: See TID # 10088199 at the Novell Support Web site.