Troubleshooting
If DigiTunnel can't connect at all: (Error "Sorry, I cannot find the PPTP Server")
Error: "Sorry, I am unable to completely connect..."
If authentication fails
Other reasons why DigiTunnel can't connect
How do I configure DigiTunnel for my Airport, network, PPP, other Internet connection?
It connected, but I get DNS errors so I can't connect to anything
It connected, but services on the VPN servers (such as web or file-sharing) don't work
Services on the Windows server can be reached, but not services on other servers on the private network
AppleTalk printers or file sharing doesn't work
When I try to disconnect from a file server, it says "the Disk is in use", even though I have no files open on it
After the login window for an SMB (Windows) file server, it says "No services are available at this URL"
Tools for troubleshooting
If DigiTunnel can't connect at all: (Error "Sorry, I cannot find the PPTP Server")
- The server address in DigiTunnel's General tab may be incorrect. With a bad address (or an address that is not a PPTP server), the Connection Log shows "LCP: timeout sending Config-Requests" This error can also indicate a blocked connection mentioned above.
- Is your Internet connection working?
- You may have outbound connections blocked by a firewall on your Mac. Some built-in firewalls, such as ipfw or BrickHouse, can be configured to block all outbound connections. If you use such a firewall, you must allow outbound TCP port 1723 and inbound/outbound protocol 47 (GRE). Norton Personal Firewall does not block outbound connections or GRE, so it is not a factor.
- The server you are trying to connect to may not be a PPTP server. Other protocols such as IPSec are not compatible with DigiTunnel.
Error: "Sorry, I am unable to completely connect..."
- You may be trying to connect through a NAT router that is not PPTP-aware, such as Airport's built-in NAT. See the router compatibility list or if you have an Airport base station, see Airport workarounds.
- You may be trying to connect with encryption off to a server that requires encryption. Check the box in DigiTunnel preferences.
- A firewall may be blocking inbound/outbound protocol 47 (GRE). OS X's built-in firewall, ipfw, can be configured to do this. Norton Personal Firewall does not block this, so it's no problem for DigiTunnel users. Brickhouse users should Allow Custom Service 47, no port, Source Internet, Destination My Computer.
If authentication fails:
Other reasons why DigiTunnel can't connect:
- The server may not be configured for VPN remote access, or could be incorrectly configured (see Windows server).
How do I configure DigiTunnel for my Airport, network, PPP, other Internet connection?
- You don't. DigiTunnel always uses the primary network that is currently up (connected).
- If you have multiple network interfaces (Ethernet, airport, modem) that are up at the same time, and you want to make one primary: (1) Open Network Preferences. (2) From the Active Ports popup menu, choose Network Ports. (3) Drag the desired interface to the top of the list. (Note: moving PPTP configurations in this list has no effect except to reorder Internet Connect's popup list display.)
It connected, but I get DNS errors so I can't connect to anything:
- If you have DigiTunnel's all-VPN routing turned, off, the likely cause is that your organization's DNS servers are on a different subnet (IP address range) than your VPN server. The easy fix is to turn all-VPN routing on (DigiTunnel's Routing tab): check "Route all traffic through VPN". Or, use a larger Subnet Mask (DigiTunnel's General tab). Check with your system administrator for the correct value. Hint: a larger Subnet Mask ends in more zeroes. The subnet mask is not used for all-VPN routing.
- Ask your system administrator if you should be using any proxy settings (DigiTunnel's Proxies tab).
It connected, but some or all services on the VPN servers (such as web or file-sharing) don't work:
- This solution works in many cases: In DigiTunnel's General tab, click "Advanced." In the Advanced window, change "mtu 1466" to "mtu 400". Click OK, then click Apply Now. Reconnect and try the services again. Large (>400K) SMB file uploads in particular work better with mtu 400. Apple File Sharing (AFP), on the other hand, may work better with mtu 1466.
- Some services and some server installations don't work no matter what we do. If this is the case for your service/server, you may need to use some alternative to DigiTunnel (MS Windows in VPC, TunnelBuilder in OS 9, or VPN client in a future version of OS X).
- See also the next item about services on other servers.
Services on the VPN (Windows) server can be reached, but not services on other servers on the private network:
- If "Route all traffic through VPN" is turned off, check the Subnet Mask setting under DigiTunnel's General tab. This should be the same as that for any computer physically on the network at the office.
AppleTalk printers or file sharing doesn't work:
- Sorry, AppleTalk is not supported over the VPN. AppleTalk printers can be reached by setting up a print server that receives jobs via LPR (a protocol that works over IP). File sharing over AppleTalk can be upgraded to use TCP/IP.
When I try to disconnect from a file server, it says "the Disk is in use", even though I have no files open on it:
- De-select the server icon or close its window so that its contents are not seen in any window. Drag the server icon to Trash/Disconnect in the Dock.
- If that doesn't work, log out of the Finder and log back in (or restart the Mac). In this case, you may get better results with a smaller mtu setting (see above).
After the login window for an SMB (Windows) file server, it says "No services are available at this URL":
- This error message comes up for any problem with SMB. It may just mean that you are using the wrong password/user name.
Tools for troubleshooting:
- Internet Connect: Choose Window->Connection Log. Send this log to Gracion support for analysis.
- DigiTunnel Plumber: Download this tool from Gracion. It produces a configuration report that can be sent in for analysis and help.
- Applications ->Utilities -> Console. Generally not needed, because the Connection Log already shows all info of interest. But in case you need it: Information about the connection process, tagged "pppd", are shown in /var/log/system.log. Scroll to the bottom for a real-time view. (The default Console Log is designed to only show errors from all applications.)
- On the Windows VPN server, open Programs->Administrative Tools->Event Viewer->System Log. This shows login errors. To enable this logging, right-click your server under Routing and Remote Access, click Properties, Event Logging. If set for maximum logging, also shows normal successful login and logout.
- A Windows 2000 server at Gracion Software is available for connections to help troubleshoot your DigiTunnel client. Ask Gracion for details.