VPN Tracker Support

Your browser currently doesn't support JavaScript! Please activate Javascript in the settings of the browser.

News:

01/16/2025: New in VPN Tracker: Connection Publishing for Teams

01/15/2025: Setting up VPN Tracker 365

01/13/2025: VPN Tracker 365 Quick Start Guide

11/05/2024: Start your free VPN Tracker Trial

11/05/2024: What is a VPN Tracker account and why do I need one?

Most wanted

The VPN seems connected but I can't connect to my server or transfer data. What is wrong?

There are a number of possible causes for such a behavior. This FAQ will help you to find out what is causing the problem in your specific situation. In this FAQ we will be using destination device as a generic term for the device you are trying to connect to. The destination device can be anything from a normal computer, to a server, to a network printer.

1. Are you trying to connect to the destination device using a host name?

If you are using a host name, please try once using its IP address instead. If that works, the problem has to do with DNS resolution. Please make sure DNS is enabled for the VPN connection and correctly configured. Note that using Bonjour or NETBIOS hostnames is generally not possible over VPN.

2. Is the IP address you are connecting to really part of the remote network?

For example, if your remote network is 192.168.13.0/24, you should be able to connect to IPs starting with 192.168.13.x, but connections to IPs starting with 192.168.14.x will not work as they are outside the address range of traffic tunneled through the VPN.

3. Is the local address in VPN Tracker part of the remote network?

Using a local address in VPN Tracker (Basic > Local Address) that is part of the remote network is not possible with most VPN gateways. Please use a local address that is outside all remote networks. For example, if your remote network is 192.168.13.0/24, do not use an address starting with 192.168.13. If you are using an automatic configuration method (e.g. Mode Config, EasyVPN, DHCP over VPN) you may be able to assign a local address to VPN Tracker that is part of the remote network. Refer to the configuration guide for your VPN gateway for more information.

4. Could multiple VPN users use the same local address?

If multiple VPN users exist, pleas make sure no two users are using the same local address (Basic > Local Address), otherwise one of them will not be able to use the tunnel anymore whenever both of them are connected. If that field is empty in your configuration, VPN Tracker will just use the IP address of your primary network interface as local address, and of course, this can also cause an address conflict with another user, that’s why we do not recommend to leave that field empty if there are multiple VPN users.

5. Can you ping the LAN address of the VPN gateway?

You can find a ping tool directly in VPN Tracker under Tools > Ping Host. The LAN address of the VPN gateway is special in the regard that this address doesn’t need to be routed at all. So if you can ping that address but no other remote address, it is most likely a routing issue at the remote end.

6. If you can't ping anything, try re-running the VPN Availability Test

The VPN Availability Test can be found in the menu: Tools > VPN Availability Test. Then try connecting the VPN again. The results of this test depend on the capabilities of your local Internet router/modem or the Internet connection itself and they influence how the VPN tunnel is established. VPN Tracker automatically runs the test for every new Internet connection it is able to detect but even if a connection has been tested before, there are various reasons why the behavior of that connection may have changed in the meantime.

7. Is your VPN gateway the default gateway (router) of its network?

If the VPN gateway is not the default gateway, you will in many cases need a suitable routing setup in order for responses to reach you. Whenever a device doesn’t know how to reach an IP address directly, it forwards its reply to its default gateway and if that isn’t the VPN gateway, it won’t know what to do with that reply data. In that case its important to configure the default gateway to forward replies to VPN users to the VPN gateway.

8. Is your VPN gateway the default gateway (router) of its network?

For more details, we would like to direct you to the following FAQ entry.

What is the Pre-Shared key and how do I get it?

The Pre-Shared Key (sometimes called shared secret) is basically a form of password for your VPN gateway which is set up on your device.

Configuring the Pre-Shared Key for a new VPN connection

VPN Tracker provides setup guides for all major gateway manufacturers. In these setup guides, you will also find information on how to set up a secure Pre-Shared Key for your specific device.

You can access all guides on this page.

I have lost my Pre-Shared Key - how can I get it back?

Here are a few tips for you to try and restore your Pre-Shared Key:

Check if you have stored the affected connection in your Personal Safe. If so, you may be able to download the connection again.
Check the Keychain (Applications > Utilities > Keychain Access). The Pre-Shared Key is usually saved here. Enter "Shared Secret" into the search bar to view a list of all your saved PSKs.
Are you using Time Machine Backup? You could try restoring an older connection with the Pre-Shared-Key.
Check your firewall or ask the relevant VPN Administrator. Refer to your device handbook to find out where to obtain this information on your specific firewall.

How do I fix issues with random MAC Addresses under macOS Sequoia

After upgrading to macOS 15 Sequoia, you might notice that your Mac constantly changes its MAC address, affecting your ability to connect to your VPN. This behavior is due to macOS 15’s new privacy features, which can assign randomized MAC addresses for network connections. However, you can configure your network settings to always use a fixed MAC address, which can resolve issues with VPN connectivity, such as DHCP reservations failing due to MAC address changes.

How to Set a Fixed MAC Address in macOS 15 (Sequoia):

Open System Settings:
- Click the Apple logo in the top-left corner of your screen.
- Select System Settings from the dropdown menu.
Go to Wi-Fi Settings:
- In the left sidebar, click Wi-Fi.
- Select the Wi-Fi network you usually connect to for VPN access and click on "Details...".
Configure the MAC Address:
- Look for the option labeled Private Wi-Fi Address.
- Change this option to "Fixed" to use a fixed MAC address instead of a randomized one.
- Your network will now always connect using the same MAC address, helping maintain your VPN connection stability.
Re-establish VPN Tracker Connection:
- Once you've set a fixed MAC address, ensure that your VPN’s DHCP reservation or configuration aligns with this MAC address.

This process will restore the VPN Tracker’s ability to connect reliably using a consistent MAC address, resolving issues caused by macOS 15 Sequoia’s default MAC address randomization feature.

My Office network uses the same IP range as my home network. What can I do?

There are two types of IP addresses:

Private IP Addresses, and
Public IP Addresses

Private IP addresses can be used by any person or organisation for their private network.

The two most commonly used private network ranges (range of IP Addresses) are:

192.168.0.x, and
192.168.1.x

When for example your home network and your company network both use the same Private IP Range, there will be problems because you will see multiple devices with the same IP Adress and your computer will get confused.

Your Company Network:
When setting up a company network, most companies try to avoid the above listed IP ranges, which is also recommended by us, in order to not cause conflicts with people connecting over VPN. However, there are still some companies that use one of these popular network ranges.

Your Home Network:
A lot of popular home routers like Netgear, Asus, Google, D-Link, TP-Link, Linksys, Trendnet, AVM all use an IP Range of 192.168.0.x.

If your company Network uses the same IP Range as your home network you are going to run into problems.
{S_1182}

Here are two possible solutions:

Change your local network to a different range (Preferred)

Possible Ranges are:
- 10.250.250.x
- 172.30.30.x
- 192.168.250.x
Advantage: Once you have made this change on your home network, you will never have conflicts in this network.
Disadvantage: You will need to change the settings on your private network router once, this requires access and can take some time.
What to do:
- Login to your home router
- Find the setup section with “DHCP” settings.
- Change your router to a different IP adress (for example an address from one of the ranges listed above, for example 172.30.30.1)
- Change the DHCP Server Settings to the same range of your router (If your router IP is 172.30.30.1, your range could be 172.30.30.10 to 172.30.30.253){S_1183}
After you have made these changes, there will be no more conflicts between your home and company network.{S_1184}
Force Traffic over VPN

There may be situations where it's not possible to use the first option (for example if you're in a coffee shop or hotel) In this case you have the option to force the traffic over your VPN Network, this means your VPN Network (company network) will always win.
Advantage: This setting is global, meaning no matter what network you are in you will always be able to connect.
Disadvantage: Once you are connected to your company’s VPN, you can not access local service, like home router, local storages or printers.
What to do:
- Configure your VPN Tracker connection
- Select the "Advanced" Tab at the top
- In the "Traffic control" section, activate the Checkbox "Force traffic over the VPN if remote networks conflict with local networks"{S_1189}

Download VPN Tracker free

How do I activate my VPN Tracker license?

If you haven't already, you can download VPN Tracker using this link.
After the download has completed, launch the app and click the "Login" button in the top left-hand corner of the app home page.
Enter your equinux ID and password in the space provided. Hint: This is the login you first created when purchasing VPN Tracker in our online store.

Are you a World Connect User?

You will need to download VPN tracker World Connect. You can do so using this link. VPN Tracker World Connect must be installed using the App Store. Once you've installed the app on your device, sign in with your equinux ID and password.

VPN Tracker is asking for my password. Why? Which password do I need to enter?

There are multiple passwords that VPN Tracker may require: Your admin password for installation, passwords needed for connecting to your VPN or accessing your Keychain, etc.

This guide shows all password prompts you may encounter in VPN Tracker, explains why they are needed and lets you know which password should be entered.

Administrator password prompts

VPN Tracker will occasionally require you to enter an administrator password - for example during the macOS installation process in order to approve the System Extension needed to allow VPN Tracker to work effectively.

Account + licensing

To log in to VPN Tracker on Mac or iOS, or to log in to your account on my.vpntracker.com, you will need to enter your equinux ID and password. This password gives you access to your VPN Tracker account where your plan, team data, connections and device information is stored.

{S_1327}

Pre-Shared Key

Many VPN connections are secured using a Pre-Shared Key (PSK) or Shared Secret which is set on the VPN gateway during the configuration process. You need to enter the PSK in VPN Tracker in order to connect to your VPN.

{S_1328}

If you are not the administrator of your VPN gateway, contact the admin for assistance. Tip: Admins can share pre-configured VPN connections using TeamCloud to avoid PSK confusion at enduser level.

Extended Authentication (XAUTH)

Most VPNs have a list of permitted VPN users - e.g. members of staff. Each VPN user has their own unique username and password which they need to enter in order to connect to the VPN. These are often the same credentials you use to sign in at the office. If you're not sure, get in touch with your admin who can advise you further.

{S_1329}

Why doesn't my certificate show up in the "Local Certificate" list?

For a certificate to be available in the "Local Certificate" list, it must be present in the Mac OS X Keychain with its corresponding private key.

You can easily check this in the Keychain Access application: If a certificate is listed under "My Certificates" (and not just "Certificates"), its private key is available and you will be able to select it in VPN Tracker as the "Local Certificate".

Important note for CheckPoint VPN users:

The Mac OS X Keychain Access application currently does not understand how to read private keys from some CheckPoint generated certificates.

To properly import the certificate into the Mac OS X Keychain, first convert it using the openssl command line tool:

Open a Terminal ("Applications" > "Utilities" > "Terminal")
Convert the certificate to PEM format:
```
  openssl pkcs12 -in /Users/joe/Desktop/MyCheckPointCert.p12 -out /tmp/out.pem
```
Replace /Users/joe/Desktop/MyCheckPointCert.p12 with the path to the actual certificate that you want to convert.
You will first be asked for the password that the certificate is encrypted with. If you do not know it, please ask the administrator who has created your certificate for you. You will then be asked twice for the password that will be used to protect the exported PEM file. You can use the same password that the original certificte was encrypted with. Note that no characters will appear on screen while you type in your passwords. Simply type the password and press the return key.
Convert the PEM file back to PKCS#12 (.p12) format:
```
  openssl pkcs12 -in /tmp/out.pem -export -out ~/Desktop/MyFixedCheckPointCert.p12
```
Replace /Users/joe/Desktop/MyFixedCheckPointCert.p12 with the path where you want the fixed certificate to be stored.
You will first be asked for the password that you have just used for exporting to the PEM file, and then for a password to protect the fixed .p12 file with. You can again use the same password for everything.

Now double-click your fixed certificate file to import it into the Mac OS X keychain.

What hardware do I need for a VPN?

To establish a VPN connection to a certain location (such as your office), you will need a VPN gateway at that location. This gateway could be a hardware VPN gateway device (see our compatibility page for compatible devices and setup guides).

The VPN gateway needs to be connected to the Internet (e.g. to a DSL modem or similar), preferably with a static IP address or it should be capable of using a service like DynDNS.org to map its dynamic IP to a hostname. Configuration is easiest if the VPN gateway is also the router (default gateway) of its network. If the VPN gateway is not the router of its network, a suitable routing setup may be necessary for traffic over the VPN to be routed correctly.

Configuration details can be found in the configuration guides for specific devices.

I am using the Option "comp-lzo no" in my OpenVPN connection and I have trouble creating a connection with VPN Tracker.

The option "comp-lzo no" is considered depricated and will not be supported by future OpenVPN clientsor servers. Don't use this option on your server.
The recommendation of the OpenVPN developers is to best not use this option at all anymore. It is better toeither activate compression ("comp-lzo yes"), or to not use any compression at all (in this case the option "comp-lzo" should not even appearin the configuration).
The Optiome "comp-lzo no" doesn't mean "no compression", it means "compression only if the server requests it." Because of this the "comp-lzo" option is being replaced by the new option "compress", which partially shows a different behavior and thus is not backward compatible.

How can I reset my Personal Safe?

Disclaimer: Please be aware that resetting your Personal Safe will delete all of your VPN connections and passwords. You will need to start from scratch, building up your connections.

If you do not have your Personal Safe recovery key or can't retrieve your old equinux ID password, follow the recovery steps in VPN Tracker instead.

If you have connections or Shortcuts on your Mac that are stored in your Personal Safe, deactivate Personal Safe in preferences and create a local copy of your connections
Go to your Personal Safe webpage and delete your user keys: https://my.vpntracker.com/user/sync/keys
Sign out from your VPN Tracker account on your Mac, open Keychain Access, and delete the entry "Connection Safe Master Key."
Then sign back in and add a connection to your safe.
Don't forget to write down the new recovery key and keep it in a safe place. This will enable you to log in if you ever lose your login details.

What is NAT-Traversal and how do I rule out problems with NAT-Traversal?

IPsec VPN uses a different protocol (ESP) for the actual data transfer than for establishing the connection (IKE). Since the ESP protocol does not use network ports, NAT (Network Address Translation) routers may have difficulties handling it correctly. Only NAT routers that support "IPSec Passthrough" (sometimes also named "VPN Passthrough" or "ESP Passtrhough") and where this option is also enabled, can handle ESP data packets.

To work around this problem, two alternative tunneling methods exist:

NAT-Traversal (old, RFC draft version)
NAT-Traversal (new, RFC standard version)

Which of these methods will work with your connection depends on two properties:

Which of these methods allows traffic to pass through your local Internet router.
Which of these methods are supported by your VPN remote gateway.

To test for the first property, VPN Tracker will automatically establish three VPN test connections to a VPN gateway hosted by us whenever it detects a new router that has not been tested before. One connection uses plain ESP, the other two either NAT-T method mentioned above. It will remember the test results for this router and take them into account whenever you start a connection from the network location. The reason we are testing with our own gateway is simply that the test requires a gateway supporting all three methods, with a known configuration and a simply way to verify if traffic did arrive at that gateway.

The second property is not tested in advance, VPN Tracker will become aware of that information when it actually tries to connect to your VPN gateway. VPN Tracker will compare the methods your gateway supports with the stored test results. If there is a match, a method that your gateway supports and that was also working during the test, this method will be used. If there is no match, VPN Tracker will immediately stop and show an appropriate error in the log, explaining the situation.

If you suspect a NAT-Traversal issue or you think the previous test results may be wrong or outdated, simply re-run the test:

‣ Make sure NAT-Traversal (Advanced tab) is set to Automatic
‣ Go to "Tools" > "Test VPN Availability"
‣ Click "Test Again"
‣ Wait until the test has completed, then connect to your VPN

The test dialog also allows you to tell VPN Tracker to not test the current location and forget any previously created test results. This is rarely needed and also not recommended but there might be situation where the test results are wrong because access to our VPN gateway is not possible (e.g. it is blocked) and thus the test result are just bogus and say nothing about the true capabilities of your VPN gateway.

Why is file access so much slower over VPN?

To access volumes and files hosted on a file server, one of several available distributed file system protocols must be used. As of 2018, the most common protocols are SMB/CIFS (default for Windows and macOS 10.9 or newer), AFP (default for macOS prior to 10.9), NFS (default for Linux and most UNIX operating system), WebDAV (based on HTTP, vendor neutral). All these protocols, except for WebDAV, have originally been designed to access files hosted on a file server located in the same network as the client accessing it. This can often lead to issues when using these protocols over a VPN connection.

A VPN connection typically runs over the Internet and the Internet has quite different network characteristics than a company or home network. Local networks typically offer a high amount of symmetric (upload equals download) bandwidth, very low and stable latency, very litte packet loss, almost no data corruption and a rather high and always constant maximum transmission unit size (MTU). Contrary to that, Internet connections offer a lot less bandwidth, usually asymmetric (much more download than upload) and the Internet has a rather high, very fluctuating latency, typically at leas some packet loss, data corruption can happen as well and the maximum transmission unit size can be much lower and is subject to change at any time even during an active transmission. Some of the protocols above can cope better with these conditions than others.

Issues to expect: Slow to very slow directory browsing (because of the large latency), copying a file from remote is slow (limited by the upload of the other side), copying a file to remote is slow (limited by the upload of the local side), directly opening a file directly is even slower (caused by limited upload bandwidth but also large latency and small packet sizes can play a role), and file access failures are possible (caused by packet loss and/or data corruptions). Please note that none of these is the fault of the VPN itself, even when running these protocols over the same Internet line without any VPN, the results would only be marginally better or not better at all.

Unfortunately there is little that can be done about these problems. There is nothing users can do to improve latency. Improving upload bandwidth will always help if such an option does exist as if bandwidth is the problem, it's almost always upload and not download bandwidth. Switching the protocol may help, as especially SMB/CIFS doesn't work very well over Internet lines with bigger latency and if it has to fall back to an older protocol version (one older than SMB 3.0), it will be a catastrophe (up to not working at all anymore). A problem is that SMB and WebDAV are the only protocols that Windows supports natively, whereas macOS supports all the protocols named above natively, thus it's required to resort to third party products to teach Windows alternative protocols. In a pinch one can try to use WebDAV, but WebDAV has a rather poor performance even when used in local networks. Dedicated NAS devices usually support NFS when enabled, which could yield a better performance than SMB.

How do I set up an OpenVPN connection to my NETGEAR Nighthawk device?

Setting up an OpenVPN connection to your NETGEAR Nighthawk device on Mac, iPhone or iPad is easy with VPN Tracker. VPN Tracker has a device profile specifically set up to work with the NETGEAR Nighthawk range, which means configuration is super straightforward.

With the help of this configuration guide, you'll be up and running with your NETGEAR Nighthawk in no time.

Tips for file server access over VPN on iPhone and iPad

You can access file servers on your iPhone and iPad using VPN Tracker for iOS and the Files app:

Connect to your VPN
Open the Files app
Tap the ··· icon in the top right corner
Choose 'Connect to Server'
Enter your file server hostname or IP address (e.g. fileserver.internal.example.com)
Sign in with your company login credentials when prompted

You should now see your file server volumes as you do on macOS.

Troubleshooting tips

If you experience trouble listing your files, there are a few things to try:

Enter the full volume path, not just the server hostname: e.g. if you are connecting to the share called Marketing on your fileserver, enter files.internal.example.com/Marketing
Ask the person who manages the file server to enable SMBv2 as well as SMBv3 (iOS uses some v2 features to set up the connection)
Try a 3rd party file server app from the App Store. Some of them offer better compatibility with certain file server configurations

I accidentally deleted or changed my VPN connection? Where can I access backups?

VPN Tracker automatically stores a backup of all your VPN connections on your Mac. If you have inadvertently deleted a connection, or wish to revert to an earlier copy of a connection, you can manually restore the backup copy.

1. Turn off Personal Safe syncing

You need to deactivate Personal Safe for the connections you're trying to restore from your backup, to prevent unwanted changes being synced:

Open VPN Tracker 365
From the menu bar, choose: VPN Tracker 365 > Preferences > Personal Safe
Uncheck the connections you want to restore from your backup
Quit VPN Tracker 365

2. Restore from your Backup

Open Finder and choose "Go" > "Go to Folder…" from the menu bar
Enter this path and press Return:
/Library/Application Support/VPN Tracker 365
Rename your "etc" folder to "etc-backup" – for safekeeping
Go into the "backup" folder

Here you'll see a number of backup folders, all organized and named by date.

Move the "etc-date" folder you want to restore up one level into the main "VPN Tracker 365" folder
Rename the folder your just moved to just "etc" (deleting the date)
Open VPN Tracker 365

All of your connections will now be restored to their backed-up state.

3. Re-activate Personal Safe

Choose: VPN Tracker 365 > Preferences > Personal Safe from the menu bar
Check your connections, to add them to Personal Safe

Download VPN Tracker free

How do I access files over VPN on a Mac?

Opening files over VPN on your Mac is easy with VPN Tracker:

Start your VPN connection in VPN Tracker
Go to the Finder > Go To >Connect to Server
In the Server Address field, enter the name or IP address of the server you want to connect to
Click on the Connect button.

Create a VPN Shortcut:

VPN Tracker offers convenient shortcut options for frequently used connections. You only have to set up the shortcut once. Afterwards you will be able to connect to your VPN and open your files with just one button click.
Find out more: {FQ1859}

How do I make all traffic go through the VPN tunnel?

Such a setup is called “Host to Everywhere” in VPN Tracker. All non-local traffic will be sent through the VPN. For this setup to work, it must be properly configured in VPN Tracker and on the VPN gateway:

The Network Topology must be set to “Host to Everywhere” in VPN Tracker
The VPN gateway must accept an incoming VPN connection with a 0.0.0.0/0 (= everywhere) endpoint

Once these are configured, it should already be possible to establish the VPN connection. However, it is very likely that Internet access will not yet work. For Internet access to work, several more things need to be configured on the VPN gateway:

The VPN gateway must route VPN traffic not destined for its local networks out on the Internet
This traffic must be subject to Network Address Translation (NAT) in order for replies to reach the VPN gateway
In many cases, a suitable remote DNS setup is necessary for DNS resolution to continue to work

Note that not alll VPN gateways can be configured for Host to Everywhere connections. Most devices designed for small office or home networks (e.g. devices by NETGEAR or Linksys) are not capable of dealing with Host to Everywhere connections.

How can I save my password for Cisco AnyConnect VPN client?

Unable to save your AnyConnect VPN password in the Cisco VPN client?

Here's the fix:

Download VPN Tracker for Mac or iPhone
Copy your VPN connection details from the AnyConnect app
Connect and enter your username and password when asked

That's it! VPN Tracker will store your login details securely via end-to-end encryption so you can get connected faster – for the best VPN experience on Mac and iOS.

macOS is saying a System Extension is blocked?

Setting up VPN on your Mac
VPN Tracker is the leading VPN client for macOS and works seamlessly on all the latest macOS operating systems.
You can download and test VPN Tracker here free.

Launching VPN Tracker for Mac
The first time you launch VPN Tracker on your Mac, you may need to grant it permission to create VPN connections for you.

First please make sure VPN Tracker is in your Applications folder and complete these steps locally on the Mac (e.g. not over Screen Sharing, Remote Desktop or other remote access tool).

IMPORTANT: macOS notices when you run remote desktop systems like TeamViewer, Apple Remote Desktop, VNC or similar. and hides these buttons. You MUST be local to the Mac.

Then do this:

‣Open System Preferences

‣Go to Security

‣Click "Allow"

{S_685}

Now you'll be able to set up VPN Tracker.

Troubleshooting VPN Setup on macOS
If the "Allow" button can not be clicked, please make sure you are not using a 3rd party mouse or tablet input device, as these can look like remote desktop software to your Mac. If you are using e.g. a Wacom input tablet or mouse utility tool, try disabling those, reboot your Mac and then try clicking the button again.

In case the button doesn't even appear in the dialog, please note that if your Mac has a MDM profile installed, the MDM profile can forbid users to approve their own System Extensions. In that case the profile itself has to approve our extension. Please see technical notes below.

Technical note for Enterprise Rollouts:
VPN Tracker for Mac uses a System Extension to create a secure VPN tunnel and manage network traffic. macOS High Sierra and newer macOS versions now require users to manually approve all System Extensions. For Enterprise rollouts via MDM, you can also pre-approve the VPN Tracker Kernel Extension using a special profile. Our Team IDs are CPXNXN488S and MJMRT6WJ8S.
Please see Apple's Support Document for more details.

Not using an MDM managed Mac?
If your Mac is not MDM managed, please try rebooting, as macOS occasionally can get tripped up with System Extensions. After the reboot, VPN Tracker should work fine.

How to migrate a Windows PPTP VPN connection to a Mac

Migrating an existing Windows PPTP VPN connection to a Mac may sound daunting, but with VPN Tracker 365 the process is quick and easy. By the end, you will be able to connect your Mac to your PPTP VPN connection and continue working as normal.

Here's how it works:

Find your PPTP VPN connection settings in the Control Panel of your Windows PC
Start VPN Tracker 365 on your Mac and click the "+" to create a new PPTP connection
Copy the connection settings from the first step into the configuration window
Finally, start up your PPTP connection to test

{S_1177}
You can now use your Windows PPTP VPN connection on your Mac, thanks to VPN Tracker 365. If you require a more detailed walkthrough, please check out this step-by-step PDF guide: Migrating a Windows PPTP VPN Configuration

Find out more about PPTP VPN under macOS Big Sur

» Product Website » Licensemanager

FAQ

Send us a message

Tips for file server access over VPN on iPhone and iPad

You can access file servers on your iPhone and iPad using VPN Tracker for iOS and the Files app:

Connect to your VPN
Open the Files app
Tap the ··· icon in the top right corner
Choose 'Connect to Server'
Enter your file server hostname or IP address (e.g. fileserver.internal.example.com)
Sign in with your company login credentials when prompted

You should now see your file server volumes as you do on macOS.

Troubleshooting tips

If you experience trouble listing your files, there are a few things to try:

Enter the full volume path, not just the server hostname: e.g. if you are connecting to the share called Marketing on your fileserver, enter files.internal.example.com/Marketing
Ask the person who manages the file server to enable SMBv2 as well as SMBv3 (iOS uses some v2 features to set up the connection)
Try a 3rd party file server app from the App Store. Some of them offer better compatibility with certain file server configurations

VPN protocols not supported on iPhone/iPad

The following VPN protocols are currently not supported by VPN Tracker for iPhone / iPad:

L2TP
PPTP

Workarounds
Many VPN gateways support more than one VPN standard. Check your VPN gateway or ask your network administrator and see if a compatible protocol can be enabled instead.

Tip: Hide Unsupported Protocols
Inside VPN Tracker, go to Settings → Connection Settings to hide unsupported connections from your list.

I already have VPN Tracker for Mac - can I also use it on iPhone / iPad?

If you are have a VPN Tracker for Mac VIP or VPN Tracker for Mac Consultant license, you can add iOS support to your plan at no extra cost. Head to your my.vpntracker account and cross upgrade your subscription to an updated edition:
{S_1343}
The remaining value of your current plan will be credited toward your new plan.

Alternatively, you can choose a new VPN Tracker plan that contains iOS support.

How to access file servers on iOS

You can access files on your network file storage on your iPhone or iPad using the Files app. Here's how it works:

Open the Files app
Tap the ··· option button and choose "Connect to Server" (or hit ⌘+k on your iPad keyboard
Enter your file server's IP address or hostname
Enter your username and password when prompted

{S_1301}

Can't see your file shares?
If you just see an empty directory instead of shares, you may need to add the share you're trying to access to the path.

For example: If you are trying to access the file share work on the server 192.168.50.2, enter the server address as smb://192.168.50.2/work

I can't see all of my connections when I sign in to VPN Tracker on iOS

VPN Tracker syncs VPN connections between your Mac and iOS devices - provided they are saved in Personal Safe or TeamCloud. This means existing connections will automatically appear when you sign in to VPN Tracker on your iPhone or iPad.

Important note: VPN connections using PPTP or L2TP will not appear on iPhone or iPad as they are currently not supported on iOS.

Tip: Not sure which protocol your connection uses? Check the black protocol badge displayed in VPN Tracker 365 on your Mac.

{S_1305}

Accessing connections on iOS

When you sign in to VPN Tracker for iOS with your equinux ID and password, your Personal Safe and TeamCloud connections will show up in the app.

Use the filter in the top left corner of the app to only see TeamCloud connections from your team or personal connections from Personal Safe.

{S_1303}

Important: If you have connections which you have only saved locally on your Mac, these will not be available on your other devices. To get those connections onto your iPhone or iPad, right click the connection and choose "Add to Personal Safe" or "Share with TeamCloud".

{S_1302}

Those connections will show up on your iPhone or iPad.

{S_1304}

Is setting up my connection on my.vpntracker secure?

Note: Setting up connections on my.vpntracker is currently in beta and coming to more accounts later this year.

You can create and edit connections right inside my.vpntracker.com using any browser. Thanks to advanced engineering, this works with the same data security you know from VPN Tracker on the Mac.

It works like this

Choose your device brand and model
Enter your connection details

Here's the key: None of this information is transferred over the internet. It's only being entered locally in your browser, on your device.

To save your new connection:

You enter your equinux ID password
Your encrypted secure master key is fetched from my.vpntracker

Now a program is run locally on your device through your browser that handles encryption:

The local encryption program decrypts the master key on your device
Then it uses your master key to encrypt the new connection data
The fully encrypted connection is then uploaded to your Personal Safe or TeamCloud on my.vpntracker
Your Mac, iPhone or iPad can then fetch the encrypted connection, ready for you to connect

So there you have it. Integrated connection editing on my.vpntracker with the full security and end-to-end encryption you know from VPN Tracker for Mac.

Which VPN protocols does VPN Tracker for iOS support?

VPN Tracker for iOS supports IPSec (including SonicWALL SCP & DHCP, EasyVPN and Mode Config), IKEv2 (Beta), OpenVPN, SSTP, SonicWALL SSL, Cisco AnyConnect SSL, Fortinet SSL and WireGuard®.

Get VPN Tracker for iOS here.

WireGuard® is a registered trademark from Jason A. Donenfeld.

Can I use VPN Tracker on my iPad or iPhone?

VPN Tracker is now available on iPhone and iPad!

Connect to your VPN on the go on your iPhone or iPad using the new VPN Tracker for iOS app.

Multiprotocol VPN support
High speed connections
Zero-config VPN - thanks to TeamCloud & Personal Safe technology

Test VPN Tracker for iPhone and iPad.

I'm having problems with my VPN Tracker connection on iPhone/iPad. How can I send a log (TSR)?

To send a VPN Tracker Log (Technical Support Report, TSR) on iOS/iPadOS, please follow these steps:

Tap the connection. The connection card appears.
Tap on “Feedback”
Provide a short description of the connection problem
Tap on Send

When you submit feedback in the iOS app, the connection log, settings and other relevant information is automatically sent to us. No login and password data will be transmitted.

Can I connect to my Cisco AnyConnect SSL VPN connection on my iPhone?

VPN Tracker is available for iOS! Use the brand new VPN Tracker for iOS to securely connect to your Cisco AnyConnect SSL VPN on the go on your iPhone or iPad.

Discover VPN Tracker for iOS now.

I have installed a certificate under iOS, but it is not evaluated!

On iOS you need two steps to trust a certificate. The second step is often forgotten. So here are both steps again so that a certificate works under iOS.

Assuming you have created a certificate for your VPN connection and want to use it on iOS (so as not to get a certificate error message when starting the connection).

Send the certificate to your iPhone/iPad:
> Send the certificate to you by email or transfer it via Airdrop. Open it on iOS. A message appears asking whether you want to install it on the device. Confirm this message. The question is a bit misleading because it isn't installed at all, it's just loaded onto the device.

Then you have to carry out two steps:

First step: Install certificate
> Home screen > Settings > General > VPN and device management > Loaded profile > Tap profile name
> Tap “Install” profile (top right)

afterwards (this step is often forgotten!)

Second step: Trust the certificate
> Home screen > Settings > General > Info > Certificate settings > Set the switch next to the certificate to green

Can I connect to my SonicWALL SSL VPN on my iPhone?

VPN Tracker is now available on iPhone and iPad! Use brand new VPN Tracker for iOS to securely connect to your SonicWALL SSL VPN on the go on your iPhone or iPad.

Get early access here.'>Discover VPN Tracker for iOS.

How can I set up two-factor authentication for my VPN Tracker account?

You can add two-factor authentication to your equinux ID at id.equinux.com.

Visit our step-by-step guide to 2FA for more details.

To sign-in to your equinux ID with two-factor authentication, please make sure you're using the latest version of VPN Tracker for Mac or VPN Tracker for iPhone & iPad.

Can I use the Personal Hotspot on my iPhone or smartphone to connect to VPN on the Mac?

If you need internet on your Mac while traveling, you can activate the personal hotspot feature on your iPhone or Android smartphone in order to share a 4G/LTE/5G mobile connection with your Mac.

In general, this will work fine for the majority of VPN connections. However, there are a few points to be aware of:

PPTP VPN connections are not supported, as iOS and Android do not support PPTP passthrough
For IPsec VPN connections, it's possible you may have to adjust your settings for NAT-T.

Legacy VPN Tracker products: End-of-support

In the following overview, you'll find the end of support dates for older VPN Tracker products with legacy licensing.

VPN Tracker 10
Support for VPN Tracker 10 ends on March 31st 2021. VPN Tracker 10 will not receive any updates/support after this date.

VPN Tracker 9
Support for VPN Tracker 9 ends on March 31st 2020.
After March 31st 2020, VPN Tracker 9 will not receive any updates/support after this date.

VPN Tracker versions 1-8
These legacy versions are no longer supported.

How to get support & updates
If you are still using a older VPN Tracker version, we strongly recommend you move to a modern VPN Tracker 365 plan, which includes ongoing updates and support.

What happens to unsupported products?
As they are no longer being updated, they may stop working due to changes on your VPN gateway, server or other technical requirements.

How do I cancel my subscription in the App Store?

All Apple subscriptions are managed in iTunes.

This link will directly take you to your profile administration:

https://apple.co/2Th4vqI

You will find all running subscriptions under "Subscriptions." You can also disable the automatic extension of your subscriptions.

What Is PPTP VPN? (Point-to-Point Tunneling Protocol)

PPTP VPN, or Point-to-Point Tunneling Protocol Virtual Private Network, is a widely used protocol for implementing virtual private networks. It enables secure data transfer over the internet by creating a private, encrypted tunnel between your device and a VPN server. Here's a breakdown of key aspects:

Protocol Explanation:
- Point-to-Point Tunneling Protocol (PPTP): PPTP is a protocol that facilitates the secure transfer of data between a user's device and a VPN server. It creates a tunnel through which data is encapsulated, providing a secure connection.
Encryption and Security:
- Encryption: PPTP employs various encryption methods to secure the data transmitted through the tunnel, making it difficult for unauthorized parties to intercept or decipher.
Ease of Setup:
- User-Friendly Setup: PPTP is known for its simplicity and ease of setup. It's often the preferred choice for users who prioritize a straightforward configuration process.
Compatibility:
- Widespread Compatibility: PPTP is compatible with a wide range of devices and operating systems, including Windows, macOS, Linux, iOS, and Android, making it accessible for users across different platforms.
Speed and Performance:
- Performance Considerations: PPTP is recognized for its relatively fast connection speeds, making it suitable for activities like streaming and online gaming.
Considerations for Security-Conscious Users:
- Security Concerns: While PPTP offers a convenient solution for many users, it's important to note that some security experts have raised concerns about its vulnerability to certain types of attacks. Users with high-security requirements may want to explore alternative VPN protocols like OpenVPN or L2TP/IPsec.
Choosing the Right VPN Protocol:
- Consider Your Needs: When selecting a VPN protocol, it's essential to consider your specific requirements, including the balance between ease of use and the level of security needed for your online activities.

In summary, PPTP VPN is a widely accessible and user-friendly protocol suitable for various devices. However, users should be mindful of their specific security needs and consider alternative protocols if stronger encryption is a priority.

Did you know? VPN Tracker is the only VPN Client for Mac for PPTP VPN under macOS Sonoma and macOS Sequoia.

Which is faster: IPSec or SSL VPN?

For a faster VPN connection that is just as secure, we recommended changing from SSL VPN to IPSec VPN.
In comparison to SSL VPN, IPSec is able to offer you much faster connection speeds as it runs on the network layer – level 3 of the OSI model – meaning it’s much closer to the physical hardware.

Check out this post to find out more about how to improve your VPN performance.

I am confused by the new VPN Tracker Plans, how do I choose which one best fits my needs?

Our goal with the new licensing model was to facilitate the selection of an appropriate license. Instead of a variety of other factors, we now primarily limit licenses based on the number of connections a user has. We have developed the Basic license specifically for individual users who only need access to one VPN connection.

The license options we offer are as follows:

VPN Tracker for Mac BASIC - 1 Connection
VPN Tracker for Mac PERSONAL - 10 Connections
VPN Tracker Mac & iOS EXECUTIVE - 15 Connections
VPN Tracker Mac & iOS PRO - 50 Connections
VPN Tracker Mac & iOS VIP - 100 Connections
VPN Tracker Mac & iOS CONSULTANT - 400 Connections

To upgrade your existing licenses, please go to the subscriptions tab in your my.vpntracker.com account and press the "Upgrade" Button. You can then choose a a suitable license from the dropdown link under "New Plan".

We hope that this licensing model will make the licensing more clear moving forward.

Why does my Internet stop working after connecting to my VPN?

This usually has one of two main causes:

If your VPN connection is configured to be Host to Everywhere, all non-local network traffic is sent over the VPN tunnel once the connection has been established. All non-local traffic includes traffic to public Internet services, as those are non-local, too. Those services will only be reachable if your VPN gateway has been configured to forward Internet traffic sent over VPN to the public Internet and to forward replies back over VPN, otherwise Internet access will stop working.

A possible workaround is to configure a Host to Network connection instead, where only traffic to configured remote networks will be sent over VPN, whereas all other traffic is sent out like it is when there is no VPN tunnel established at all. In case the remote network are automatically provisioned by the VPN gateway, this has to be configured on the VPN gateway, automatic provisioning has to be disable in VPN Tracker (not possible for all VPN protocols), or the Traffic Control setting has to be used to override the network configuration as provided by the gateway (Traffic Control is currently not available on iOS).

A Host to Everywhere setup may be desirable for reasons of anonymity or to pretend to be in a different physical location (e.g. a different country), since all your requests will arrive at their final destination with the public IP address of the VPN gateway instead of your own one. Also that way you can benefit from any maleware filters or ad blockers running on the VPN gateway, yet it also means that the gateway can filter what services you have access to in the first place. If Host to Everywhere is desired but not working, this has to be fixed on at the remote site, since what happens to public Internet traffic after being sent over the VPN is beyond VPN Tracker's control.
If the connection is configured to use remote DNS servers without any restrictions, all your DNS queries will be sent over the VPN. Before any Internet service can be contacted, its DNS name must be resolved to an IP address first and if that isn't possible, as the remote DNS server is not working correctly or unable to resolve public Internet domains, the resolving process will fail and this quite often has the same effect in software as if the Internet service is unreachable.

A possible workaround is to either disable remote DNS altogether, if not required for VPN usage, or to configure it manually, in which case it can be limited to specific domains only ("Search Domains"). By entering a search domain of example.com, only DNS names ending with example.com (such as www.example.com) would be resolved by the remote DNS servers, for all other domains the standard DNS servers will be used as configured in the system network preferences.

Using a remote DNS server may be desirable to filter out malicious domains, to circumvent DNS blocking of an Internet provider, to hide DNS queries from local DNS operators (since DNS is typically unencrypted), or to allow access to internal remote domains that a public DNS server cannot resolve, as they are not public. For the last case, configuring the internal domains as search domains is sufficient. For all other cases, the issue must be fixed at the remote site, since what happens to DNS queries after being sent over the VPN is beyond VPN Tracker's control.

I have already set up VPN connections with VPN Tracker on my Mac. Can I use them on my iPhone or iPad?

Absolutely! VPN Tracker for iOS is powered by TeamCloud and Personal Safe, meaning your existing VPN connections show up instantly – zero setup required!

Discover VPN Tracker for iOS now.

Can I connect to WireGuard VPN?

Great news: WireGuard® VPN support is available in VPN Tracker for Mac, iPhone and iPad!

WireGuard® is a registered trademark of Jason A. Donenfeld.

Why is it so important that a certificate is stored correctly on the VPN gateway?

A certificate is like an identity document; you send it to the other party to identify yourself as authorized or to confirm your identity. However, since anyone can create a certificate with any content on their computer, it is important that a trustworthy CA confirms the information in the certificate by signing the certificate. This also prevents the certificate from being changed later. The CA certificate is only needed to be able to later check the validity of this signature and to see which CA is responsible for this information, so that I can decide whether I want to trust this CA.

Each certificate has a private key. This serves as proof that you are the owner of the certificate or are authorized to identify yourself with this certificate, since only authorized people are ever allowed to have access to the private key, while the certificate can and often is accessible to everyone. So I can easily get the certificate of any web server or OpenVPN gateway, because both send me the certificate when I try to connect to them, but without a private key I cannot identify myself with the certificate .

If an attacker wants to pretend to be a specific OpenVPN gateway, e.g. to get passwords from users, then he has to set up his own OpenVPN gateway and redirect his victim's data traffic there, both of which are quite possible. But then he has a problem: he also has to identify himself as the correct gateway. However, if the client does not check whether the gateway address is in the certificate, it can simply use a user certificate from a VPN user, because this is also signed with the same CA as the gateway certificate.

It is much easier to get a user certificate and its private key than the gateway certificate.

To get the gateway certificate, you have to hack into the gateway directly, but if I have unrestricted access to the gateway, then I no longer need the certificate because then I can intercept passwords directly at the gateway and have full access immediately to all private networks behind it.

Gateways are of course designed to be as difficult to attack as possible, in contrast to users' work computers, which can be much more easily foisted with a Trojan. And it's even easier if a VPN user wants to act as a hacker himself, because he has regular access to a valid user certificate including a matching private key and can thus get other users' passwords, which may grant him extensive access rights Passwords are often managed centrally and the same password is also used for other company services.

That's why it's not enough that a certificate is valid and signed with the appropriate CA, it also has to be ensured that the gateway certificate is really the gateway certificate and also matches the gateway you're currently talking to, anything else undermines the whole thing Security concept of certificates.

I'm having trouble signing in with two-factor authentication (2FA)

If you are having trouble accessing your equinux ID account with 2FA, please read on. For support with 2FA for your VPN connection itself, please reach out to your VPN admin who can assist you with resetting your 2FA setup.

Reset 2FA for your equinux ID

If you no longer have access to your 2FA device, you can reset 2FA using your recovery codes. Visit the 2FA guide for details.

I don’t have recovery codes

If you no longer have your recovery codes, 2FA can be reset by the equinux support team. Please note that for security reasons, manual 2FA reset will take up to 72h to process, to reduce the risk to accounts.

To proceed, please contact equinux support with your equinux ID and our team will let you know which additional data is required to reset your 2FA setup.

OpenVPN connection to Ubiquiti Unifi Gateways does not work

In order to get OpenVPN connections from Ubiquiti Unifi to work correctly with VPN Tracker, the following change must be made to the config file before importing it into VPN Tracker:

- Download the OpenVPN configuration file from the Unifi console.
- Open the configuration file with a text editor.
- Identify this line:
Cipher AES-256-CBC
- Change the line to:
AES-256-GCM
- Save the file.
- Import the file into VPN Tracker

Why does my connection sometimes work and sometimes not, especially when using personal hotspots or LTE/5G routers?

When your IPsec connection is often able to establish a connection, but sometimes times out because there was no response to the first packet, the problem might be due to host name resolution. This is often the case in IPv6-based networks such as cellular connection, e.g. also when using the Personal Hotspot function on the iPhone.

Some host names can resolve to both IPv4 and IPv6 addresses, but depending on your current network location and VPN gateway it's possible that only IPv4 addresses work correctly.

You can enforce resolving to IPv4 addresses only for your connection:

Edit your connection.
Navigate to the “Advanced Options” section.
In “Additional Settings”, change the setting “Connect using IPv4 or IPv6” to “Use IPv4”.
Save your connection and start your connection.

Another way to completely disable IPv6 for Wi-Fi on macOS:

1. Open the Terminal app from the Utilities folder.
2. Enter the following command:
sudo networksetup -setv6off Wi-Fi

Note: If your Wi-Fi interface has a different name (e.g., `en0`), replace "Wi-Fi" with the correct name. You can check the name of the interface using this command:
networksetup -listallnetworkservices

3. After entering the command, you'll be prompted to enter your admin password.

This will completely disable IPv6 for your Wi-Fi connection.

When will VPN Tracker for iOS be available?

VPN Tracker for iOS is now available!

Find out more

Which iOS versions are compatible with VPN Tracker?

VPN Tracker for iOS is compatible from iOS 15, including iOS 16.

Test VPN Tracker for iOS here.

How can I connect to a WireGuard® VPN server?

To connect to a WireGuard® VPN server - e.g. in order to remotely connect to your home network -, you need a VPN client app. VPN Tracker supports WireGuard® VPN connections on Mac, iPhone and iPad!

To get connected, follow these 3 steps:

Open VPN Tracker and add a new WireGuard® connection
Upload your WireGuard® configuration file or scan your QR code
Save your connection to your account using secure end-to-end encryption

{S_1317}

You can now connect to your WireGuard® VPN server on Mac, iPhone or iPad.

→ More information on connecting to WireGuard® VPN in VPN Tracker

WireGuard® is a registered trademark of Jason A. Donenfeld.

I'm having problems with my OpenVPN connection, the connection keeps dropping out. I am using the “TLS-Crypt” option on the OpenVPN server.

With TLS-Crypt the data is encrypted twice. Once with the connection key, which is renegotiated every connection, and once with a static key, which is part of the config and therefore never changes. In order to better secure this static key, with TLS-Crypt the packets contain an additional timestamp that is otherwise not needed and this causes the problem.

We therefore recommend turning off TLS crypt on the server. TLS crypt is activated by the following entry in the server config: "tls-crypt ta.key".

If you remove this, nothing changes except that TLS crypt is no longer used and must also be switched off in VPN Tracker. This still gives you an encrypted connection, it's just no longer double encrypted, but simply encrypted once.

This makes the connection even faster and not more insecure. TLS-Crypt only serves to make it impossible for attackers to find an OpenVPN server on the network and, if necessary, to paralyze it via a DoS attack, because if the first packet is not correctly encrypted, the server will not respond to the packet at all.

Without a TLS crypt it would respond and only the negotiation of the key would then fail, but then an attacker would know that an OpenVPN server is running there and could bombard it with requests until it collapses, since it is responsible for every request computing time has to be spent.

I'm having disconnections with my OpenVPN connection. What can I do?

Each side (i.e. server and client) sets its own rules as to when the connection key must be renegotiated. If connections are frequently lost, it may help to extend the time required to renegotiate the connection key.

If no lifetime is set in VPN Tracker, VPN Tracker takes one hour (3600 seconds). The connection can be edited in VPN Tracker and this value can be increased. To keep the key valid for 24 hours, you would have to set the value to 86400 seconds.

The same should be stored on the server side.

OpenVPN connection works in general but disconnects after a while

If your OpenVPN connection drops after a while, it may be due to the rekeying period. Test whether extending the period can solve the problem.

Proceed as follows:

Edit your OpenVPN connection in VPN Tracker
Navigate to "Advanced Settings > Phase 2"
Change the Lifetime value to 28800 (which corresponds to a period of 8 hours)

If this doesn't resolve your issues, may also want to check your interoperability keep-alive, activity, and dead peer detection settings.

If you continue to have problems with your VPN connection, please send us a TSR report.

I’m having trouble connecting to my Sonicwall using the “Sonicwall Mobile Connect for Mac and iOS” client on my Mac and iOS devices. Every time I try to establish a connection, I receive the message “This is not a SonicWall SSL VPN server.” What should I do?

Sonicwall has been experiencing various issues with its iOS and Mac VPN client ("„Sonicwall Mobile Connect") recently.

An error message appears during setup:

'Your Sonicwall' is either currently unreachable or is not a valid SonicWall appliance. Would you like to save this connection anyway?

When starting the connection, the following appears:

Connection Error

'Your Sonicwall' is not a SonicWall SSL VPN server.

In such cases, we recommend switching to VPN Tracker. VPN Tracker is available for both Mac and iOS. An added advantage is that once a connection is set up, it’s immediately available on both devices, as VPN Tracker securely syncs the settings through the Personal Safe.

Update September 2024: SonicWall has introduced another update with SonicOS 6.5.4.15-116n, which has rendered SSL VPN functionality non-operational for many SonicWall devices.

Update November 2024: This issue seems to be addressed by the SonicOS 6.5.4.15-117n update. For more information, please visit:
https://www.sonicwall.com/support/knowledge-base/mobile-connect-breaks-after-upgrade-to-sonicos-6-5-4-15/240903132324983

Can you help me set up a VPN connection for SonicWALL TZ series?

VPN Tracker 365 offers support for countless VPN protocols and gateways, including support for the SonicWALL TZ series.

Our detailed step-by-step guide shows you exactly how to set up a VPN connection on your SonicWALL device using VPN Tracker 365.

I set up a WireGuard connection on my Fritzbox and imported it into VPN Tracker. When I connect to the Fritzbox via VPN, all internet traffic is routed through the Fritzbox. How can I prevent this?

1. Open the connection in VPN Tracker and go to “Edit > Setup > Advanced Settings”.
2. Navigate to “Traffic Control” and add the Fritzbox’s IP range, e.g., 192.168.178.0/24, under “Use VPN for the following addresses only”.

“Use VPN for the following addresses only”
192.168.178.0/24

3. If your Fritzbox uses a different IP range, enter the corresponding range instead.

How do I change my Team Name?

To change the name of your VPN Tracker Team follow these steps:

Log in to your my.vpntracker.com account
Select your team in the top left corner
On the left side choose "Team Cloud"
Scroll down to the section "Rename your team"
Enter your new Team Name and press "Rename" {S_1320}

How do I invite a new team member?

To add a new team member to your VPN Tracker Team follow these steps:

Log in to your my.vpntracker.com account
Select your team in the top left corner
On the left side choose "Team Cloud"
In the Invite section at the top, enter your new Team Member's name and company email address, then click "Send invitation". {S_1324}
The invited team member will then receive an automatic email invitation with a personalised link to click on and join your team.
Tip: Each VPN Tracker 365 user needs their own, personal equinux ID. After the user receives a team invitation from you and clicks the invite link, they can either create a new equinux ID or log in using their existing account.
In case the user does not receive the invitation email, you can access the invitation link by clicking on "Details" next to the user name
{S_1386}
{S_1387_50%}
Once a team member has accepted your email invitation, you will be notified via email
{S_1325}

Why am I experiencing DNS issues in Firefox when connected to VPN?

Since 2019, Firefox have been rolling out DNS over HTTPS (DoH) by default in several countries, including the USA, Canada, Russia and Ukraine.

What does this mean?

When DoH is enabled, it bypasses your DNS server and instead, domains you enter into your browser are sent via a DoH-compatible DNS server using an encrypted HTTPS connection.

This is intended as a security measure to prevent others (e.g. your ISP) from seeing the websites you are trying to access. However, if you're using a DNS server provided by your VPN gateway, it allows DNS queries to run outside the VPN tunnel. Moreover, if the VPN specifies a DNS server that resolves internal host names, these are either not resolved at all or resolved incorrectly when DoH is enabled.

How to disable DNS over HTTPS in Firefox

To ensure all your DNS queries run via your VPN's DNS, you will need to disable DoH in Firefox. To do so, open your Firefox browser, go to Firefox > Preferences > Network Settings and deselect the checkbox by "Enable DNS over HTTPS":
{S_1331}

Click OK to save your changes.

I upgraded my Sonicwall to 6.5.4.13. Now I have problems with my IPsec connections. What can I do?

SonicWALL listed a known issue in the release notes of 6.5.4.13:

An established IPSEC VPN tunnel intermittently fails in a NAT environment. (GEN6-2296)

Please contact Sonicwall for more information on when Sonicwall plans to fix this issue.

Why has the lifetime of certificates been shortened further and further in recent years?

Whenever a security problem with certificates is discovered, the rules for certificates are adjusted and tightened accordingly. However, the new rules do not apply retroactively, i.e. they only apply to certificates that were created after the new rules have already come into force. Certificates that are older must still be accepted as valid, even if they were created according to older rules.

The longer an old certificate remains in circulation, the more likely that someone with the appropriate knowledge and skills will come across it and then exploit its security problem. Therefore, you don't want to have long terms, because if a certificate has to be renewed, it must always be renewed in accordance with the current applicable rules and this happens sooner, the shorter its term is. In the past, the runtimes were too long, but this had led to problems several times when RSA was cracked with 768 bits or when a method was found to create SHA-1 collision, which means that signatures based on SHA-1 all at once could be forged. Back then, it took far too long until insecure certificates were no longer in circulation, which resulted in various avoidable attacks.

By the way, renewing only affects the gateway certificate. User certificates do not need to be renewed if you exchange the certificate at the gateway. Users also do not need a new configuration. In fact, users don't even notice such an exchange. On web servers today, this usually happens automatically and even more often, as web certificates are often only valid for a maximum of 90 days.

Am I eligible for a refund?

We offer a free trial for VPN Tracker which can be used to test all functionality of the app, helping users identify the best fit for their needs. After this trial period, all sales are final upon subscription, in accordance with our Terms and conditions.

Please be aware that we cannot process refunds in the following scenarios:

Non-usage of the app or service
Failure to cancel your account within the cancelation period
Lack of features or functionality on your subscribed plan
Purchases made in error
Exceptional circumstances beyond our control
Violations to our Terms of Use

Why would OpenVPN connections to Zyxel USG FLEX firewalls always fail with early timeout?

By default Zyxel creates firewall policies to allow traffic to flow from SSL VPN to LAN zone and from LAN to SSL VPN zone. Those rules are required to allow VPN traffic flow once the connection has been established. But there is no policy that actually allows VPN management traffic at the WAN port, client requests arriving at the WAN port are discarded by the firewall.

To allow an OpenVPN connection on the WAN port, you first have to create an own policy. In the main navigation, select Security Policy > Policy Control, click on the + Add button and create a policy that allows traffic for the service SSLVPN to flow from WAN to ZyWALL. Please see screenshot below.

{S_1469}

Will I be charged a fee when starting a trial license?

When you start a trail license (e.g. 7 days), we authorize your card for the annual amount of the corresponding license as soon as you start the test (similar to a hotel or rental car deposit).
If you cancel the trial license within the specified period, your account will not be charged. The pre-authorization then no longer applies.

I am having issues setting up my VPN connection with Fortigate. In the Fortigate web interface, I cannot fill in the Preshared Key, for example.

There can be some problems with the setup in the Fortigate web interface, possibly with certain browsers like Safari. Here are some tips:

• Check if there is a firmware update for the Fortigate device: Firmware Updates
• First, set up the new connection in the Fortigate web UI, and then review all fields again by selecting ‘Edit’. This can help, as not all fields may have been visible during the initial setup

My VPN Tracker licenses are up for renewal soon, and I would like to change the number of licenses. How can I do that?

Convert Your Products into Store Credit

If you wish to change the number of your licenses, you have the option to convert your existing license into store credit. You can then use this credit for your next purchase:

Visit our Store Promo Code Transfer Page and follow the instructions to receive your promo code.
Select your new products in the my.vpntracker Store.
Enter your promo code during the checkout process.

Note: If the remaining value of your old product exceeds the amount for the new product, you will receive an additional promo code for the remaining value.

Some users are experiencing connectivity issues with their SonicWall VPN, while others can connect successfully using the same VPN configuration. This is not an authentication problem, but once the connection is established, the VPN becomes unusable.

Certain SonicWall releases have known issues with DHCP IP assignment for clients, which can result in duplicate IP address assignments. To troubleshoot this, try the following:

1. Connect to the VPN with the computer experiencing the connection problem.
2. Note its assigned client IP address.
3. Ping this IP address from within your LAN.
4. Disconnect the VPN on the problematic computer. You will likely observe that the ping continues, indicating that another device is using this IP address.

Troubleshooting Steps:

1. Identify the computer that is using the duplicate IP address. Often, a computer within the LAN is already using an IP address that falls within the DHCP range of the SonicWall.
2. If step 1 does not resolve the issue, restart the SonicWall.

I’m having issues with a Cisco AnyConnect gateway. What can I do?

In AnyConnect gateways, the case sensitivity of the gateway address can sometimes matter. gateway.example.com and Gateway.example.com are treated differently. Please ensure that the case exactly matches the AnyConnect gateway settings.

Connection Drops during Rekeying using TCP with OpenVPN connections

What are connection drops during rekeying?
Connection drops during rekeying occur when the VPN connection is interrupted during the key update (rekeying). This causes traffic to not be processed for a short period, which is particularly problematic for stable connections such as video conferences.
Why does the problem occur during rekeying?
The problem arises because, when using TCP with OpenVPN, the firewall does not accept any traffic during the rekeying process. This leads to an interruption of the traffic.
What impact do connection drops have on a video conference?
During a video conference, connection drops during rekeying can result in a complete interruption of the traffic. This causes the connection to break, disrupting or even ending the video conference.
Why is TCP susceptible to this problem?
According to OpenVPN, TCP is problematic for VPN connections because it is more sensitive to traffic congestion during network disruptions or the rekeying process. OpenVPN therefore recommends using UDP instead, as it can better handle rekeying processes.
What solution does VPN Tracker provide for the problem?
VPN Tracker offers a particularly user-friendly solution: when establishing a connection, VPN Tracker automatically sets the rekeying timer to 24 hours. This significantly minimizes connection drops due to rekeying processes, keeping the connection especially stable. Additionally, VPN Tracker supports switching to UDP, which allows for an even more reliable connection.
Why should the rekeying timer be set to 24 hours?
A longer rekeying cycle reduces the frequency of connection drops. By setting the timer to 24 hours— as VPN Tracker does by default— the likelihood of the rekeying process being triggered during a critical phase, such as a video conference, is decreased.
What advantages does VPN Tracker have when using UDP over TCP?
VPN Tracker makes it easy to configure UDP, which offers faster connections and less sensitivity to packet loss. UDP is more efficient and resilient to interruptions during the rekeying process, which is particularly beneficial for bandwidth-intensive applications like video conferencing or streaming.
What recommendations does VPN Tracker provide for companies to optimize their VPN connections?
For companies relying on stable connections, VPN Tracker offers simple and effective solutions:
- By default, the rekeying timer is set to 24 hours to minimize connection drops.
- It is recommended to use UDP instead of TCP whenever possible to further enhance performance.

I am having issues with my FortiSSL connection. Could it be due to the “Strict Host Check”?

If you are experiencing problems with your FortiSSL connection, it might be related to the “Strict Host Check.” You can try disabling this setting on the gateway.

Follow these steps:

To disable the host check on the FortiSSL server side, you can turn off the “Host Check” in the SSL-VPN settings.

Steps:

1. Log in to the FortiGate CLI or GUI (Command Line Interface or Graphical User Interface).
2. Enter the following command in the CLI to disable the host check:

config vpn ssl settings
set host-check disable
end

This will disable the strict host check for SSL-VPN clients.

How can I identify issues with my internet connection, for example, when receiving error messages that a specific server could not be reached?

For error messages related to a possible faulty internet connection, try the following steps:

1. Are you connected to the internet? Check your internet connection by opening a website like www.google.com in your browser (e.g. Safari).
If that works, proceed to Step 2.

If no page loads, try the following:

Check your Wi-Fi connection: Make sure Wi-Fi is enabled on your device and connected to the correct network.
Check cable connections: If you are using a wired connection, ensure the cable is securely connected and undamaged.
Restart the router: Disconnect the router from the power source for about 30 seconds, then plug it back in. Wait a few minutes for the connection to re-establish.
Contact an administrator or provider: If the problem persists, there may be an issue with your internet provider. Contact your administrator or your internet provider's customer service.
Use a mobile hotspot: If you have access to mobile data, try setting up a hotspot to test the connection.

2. If a specific server is mentioned in the error message, try accessing the specified address via your browser (e.g., Safari).

If that works, proceed to Step 3.

If it doesn’t work, there may be an issue with the server mentioned in the error message. In this case, please try the action in VPN Tracker that triggered the error message again at a later time.

3. Check if your current VPN connection or a firewall is blocking access to the internet or a specific site, and disable this block if necessary.

You can see and configure if your currently active VPN connection excludes certain internet addresses in the connection configuration: In VPN Tracker, select the connection, choose "Edit," and then "Advanced Settings." In the "Traffic Control" area, there may be internet addresses listed that the VPN restricts access to.
To check if your firewall excludes certain internet addresses, temporarily disable your firewall and try again the action in VPN Tracker that triggered the error message.
Check your firewall settings for blocked applications or websites. Some firewalls allow specific IP addresses, domains, or applications to be selectively blocked or allowed.
If you find that a rule is blocking access, you can adjust this rule or add an exception to allow access to specific websites or services.
If you are still unable to gain access to certain areas, contact your firewall manufacturer's support or your IT support.

My SonicWall connection fails with “Negotiation Failed (PPP)”

SonicWall's SonicOS 6.5.4.15-116n update breaks SSL-VPN connections with SonicWall Mobile Connect and VPN Tracker 365.
In VPN Tracker's log, you can also see the error message:

LCP: PPP peer accepted proposal but also modified it which isn't allowed.

Please update your Sonicwall to at least SonicOS 6.5.4.15-117n to fix this problem. For more information, please visit: https://www.sonicwall.com/support/knowledge-base/mobile-connect-breaks-after-upgrade-to-sonicos-6-5-4-15/240903132324983

FortiGate: Should I Use IPsec or SSL-VPN?

Fortinet recommends using the IPsec protocol for FortiGate devices and now explicitly highlights this preference (as of November 2024):

{S_1480}

Our experience also shows that IPsec connections are significantly more performant, so we likewise recommend using IPsec.

Which hardware (MAC) address will be used for DHCP over VPN with SonicWall devices?

When connecting via SonicWall SCP or SonicWall IKEv1 with DHCP, VPN Tracker 365 for Mac requests an IP address from the SonicWall gateway using the DHCP protocol. For this request, VPN Tracker 365 modifies the MAC address slightly, making it different from the actual MAC address of your device. This allows administrators to assign a fixed IP address when your Mac is connected via LAN or WiFi and a different IP when it’s connected through VPN.

This modification sets a specific bit in the MAC address, marking it as a self-assigned address rather than a factory-assigned one.

Example:
Original MAC address: 00:1B:63:B7:42:23
VPN Tracker MAC address: 02:1B:63:B7:42:23

Starting with macOS 15 Sequoia, Apple defaults to using a rotating MAC address for WiFi connections, labeled as a “Private Wi-Fi Address” in System Settings. To prevent connectivity issues related to this feature, VPN Tracker 365 reports the actual hardware address (with the minor modification described above) instead of the one used in “Rotating” or “Fixed” modes.

On iOS, VPN Tracker cannot retrieve a MAC address directly. Instead, it generates a random value once and stores it for future use. VPN Tracker for iOS then uses this stored value as the MAC address.

How do all the OpenVPN keep-alive, activity, and alive checks settings work together?

Send keep-alive ping every
This option controls whether and how often VPN Tracker sends keep-alive pings. A keep-alive ping is not a normal ping, and is not considered tunnel traffic by the VPN gateway, so it does not keep the connection alive at the gateway. The sole purpose of these pings is to keep the connection alive through firewalls and NAT routers between VPN Tracker and the gateway when no other tunnel traffic is being sent.
Disconnect if inactive for
This option controls if and after how long VPN Tracker will disconnect due to inactivity. Only tunnel traffic is considered activity, keep-alive pings sent from either side and protocol management traffic are not considered tunnel traffic.
Consider the peer dead if no sign of liveliness for
This option controls if and after what time VPN Tracker will disconnect due to no sign of life. Any traffic from the gateway is considered a sign of life, regardless of whether it is tunnel traffic, keep alive ping, or protocol management traffic.
This option has no effect if the gateway is not configured to send pings (--ping option or ping in the server configuration file), because without pings enabled, there may be no tunnel or management traffic for quite some time, but this is not proof that the gateway is no longer alive, since it won't send anything if there is nothing to send. With ping enabled, the gateway would at least send keep-alive pings in such a situation, and if those don't arrive either, the gateway has most likely dropped the connection or gone offline.

How Can I Print Documents on My Home Printer While Using VPN Tracker Remotely?

Yes, you can print to your home printer while connected to VPN Tracker away from home. To ensure a seamless remote printing experience, follow these steps:

1. Assign a Static IP Address to Your Printer

Access your router’s web interface by entering its IP address in a web browser (e.g., 192.168.1.1 or 192.168.0.1).
Navigate to the LAN or DHCP settings.
Assign a static IP address to your printer (e.g., 192.168.50.100) so it remains consistent.

2. Configure Your Mac for Remote Printing

Connect to your > Printers & Scanners on your Mac.
Click "+" to add a new printer.
Select the IP tab and enter the static IP address assigned to your printer.
Choose the correct printer driver to ensure compatibility.

3. Avoid Bonjour for Remote Printing

Apple’s Bonjour service helps detect devices on local networks but does not work reliably over VPN due to its reliance on multicast DNS (mDNS). Instead, always connect to your printer using its static IP address.

4. Check Firewall & Network Settings

Ensure that your firewall allows print traffic over VPN.
Verify that the printer and VPN settings do not block remote connections.

By setting up a static IP address, avoiding Bonjour, and ensuring proper firewall rules, you can print documents remotely via VPN Tracker without issues.

Load more entries

You can also contact us via direct mail.

VPN Tracker Product *

365 (Mac)

365 (iPhone/iPad)

10 or older

Version number *

VPN gateway make & model

TSR (Technical Support Report)

Attach a screenshot

Operating System

Name *

E-Mail *

equinux ID

A brief description of your inquiry

Detailed description of your issue or suggestion.

I hereby acknowledge that this web form is only provided for non-binding inquiries and to obtain information. It can not be used for legal electronic communication with equinux AG or its subsidiary companies. This also applies to familiar email addresses of equinux AG and its subsidiary companies. I agree with the storage of my data according to the privacy policy. This agreement can be revoked at any time. *

Please complete all fields marked with a *.

Submit message

Choose your Timezone:

Interested in our products?

You're interested in equinux products and have additional questions regarding your purchase or product activation?
The equinux Sales Team is here to help: Call or chat with us,

Phone

From USA and Canada:		1-888-equinux (378-4689)
Other countries:		+49-89-520 465-280

Technical VPN Tracker for iPhone / iPad Questions?

You have a question that can only be answered by a VPN Tracker for iPhone / iPad pro? No problem! The equinux development team is personally available to answer your questions and hear your suggestions – on VPN Tracker for iPhone / iPad Expert's Day.

If you would prefer not to wait: Send us a message!

Next VPN Tracker for iPhone / iPad Expert Day

Fetching date/time...
Timezones: Berlin, Brussels, Copenhagen, Madrid, Paris

The #1 VPN Client for Mac, iPhone & iPad

The #1 VPN Client for Mac, iPhone & iPad

Configuring the Pre-Shared Key for a new VPN connection

I have lost my Pre-Shared Key - how can I get it back?

How to Set a Fixed MAC Address in macOS 15 (Sequoia):

Change your local network to a different range (Preferred)

Force Traffic over VPN

Are you a World Connect User?

Administrator password prompts

Account + licensing

Pre-Shared Key

Extended Authentication (XAUTH)

Troubleshooting tips

Create a VPN Shortcut:

Setting up VPN on your Mac

Launching VPN Tracker for Mac

Troubleshooting VPN Setup on macOS

Troubleshooting tips

Accessing connections on iOS

What does this mean?

How to disable DNS over HTTPS in Firefox

1. Assign a Static IP Address to Your Printer

2. Configure Your Mac for Remote Printing

3. Avoid Bonjour for Remote Printing

4. Check Firewall & Network Settings