Thursday, August 18, 2011

SonicWall Global VPN Client (GVC) Troubleshooting


Are you getting in Windows 7 or Windows Vista: "Failed to Open the IPSec Driver"?

SonicWall Global VPN Client - IPSec Driver Failure to Load
The answer to fix is thankfully very simple but not so obvious. Under Windows Vista, particularly Windows 7, the SonicWall IPSec driver is sometimes unable to load.
Fortunately, the remedy is simple:
  1. Close the SonicWall VPN Client and exit it if it appears in the system tray (by the clock);
  2. Go to Device Manager (Computer->Manage->Device Manager);
  3. Go to the "View" menu and select "Show Hidden Devices";
  4. Scroll down in device manager to "Non-Plug and Play" and right-click on "SonicWall IPSec Driver";
  5. Select from the right-click menu "Properties";
  6. Under the "Driver" tab, make sure the "Startup" type is set to "Automatic";
  7. Also, make sure under "Current Status" the service is started. It should look like below:
    SonicWall IPSec VPN Service properties in Device Manager
  8. Now the service is set to auto-start and is running, open up your VPN client and voila! It works! (And don't worry, now you've done this once you don't need to do it again).

Select Phonebook Entry when trying to connect to VPN
Are you getting a dialogue box when you enable your SonicWall Global VPN Client's VPN connection which says "Select Phonebook Entry"; "This connection will use a phonebook entry to connect to the internet"?
SonicWall VPN Client: Select Phonebook Entry box
If so, it is one of two things:
  1. You actually don't have an internet connection active, so SonicWall is prompting to use a dial-up connection to achieve internet connectivity. Check your browser and wireless connection and make sure you have connectivity by visiting a webpage;
  2. You are using Windows 7 E edition (or Windows 7 beta/release candidate) and have removed Internet Explorer 8. Windows 7 allows you, for the first time in over a decade since windows was introduced, to run the Operating System without Internet Explorer installed. Unfortunately, the current version of SonicWall Global VPN Client requires Internet Explorer. Re-install IE, reboot and re-install the SonicWall client.

However, fortunately the remedy is simple. If you definitely have an internet connection and it wants to open a phonebook connection, do the following:

  1. Edit properties of your VPN Connection by right-clicking on connection name and selecting "Properties";
  2. Go to the "Peers" tab and you'll see a list of IP addresses (or just 1) of your firewall(s) to connect to. Click "Edit" on one of them (or the only one);
  3. In the 'Networking' Section, change the "Interface Selection" from "Automatic" to "LAN Only".
    SonicWall Global VPN Client: Selecting LAN Only
  4. Restart GVC and re-connect to your VPN - it should now work!

Deploy SonicWall Global VPN Client via Group Policy, with Client VPN Settings (Default.rcf)
OK, so many small businesses and small medium enterprises use SonicWall's Corporate Firewall devices. They are cost-effective, exceedingly flexible and offer fantastic uncompromised features.
So, why not utilize the power of Group Policy to corporatize your network?
This step-by-step will teach you how to both generate an (optional) default.rcf file (which is the VPN Client settings to tell the computer how to connect to your office firewall) and how to extract and deploy the Sonicwall Global VPN Client through Group Policy Objects.
  1. Download the latest SonicWALL Global VPN Client (at time of writing, it is;
  2. Active Directory Domain with Group Policy Management Tool installed for advanced Group Policy Deployment;
  3. Network Share to store Global VPN Client for client deployment;
  4. Corporate SonicWALL Firewall HTTP Management Page to generate RCF file (settings template) for optional pre-client setup.
  1. If you would like the VPN Clients to be installed pre-configured with your SonicWall Gateway VPN Settings, do the following:
    1. Export the WAN groupVPN configuration from your SonicWall Firewall/UTM appliance: VPN->WAN GROUP VPN Settings -> EXPORT ->RCF FILE
      Create a default.rcf if you want multiple connections. Sonicwall have an admin guide for generating a default.rcf file, or an example one is here.
    2. Rename the exported configuration file to default.rcf
    3. Save this file for later!
  2. Extract the GVCSetupXX.exe setup file (where XX is either 32 for 32-bit Windows platforms or 64 for 64-bit Windows platforms) by typing the command line as follows:
    GVCSetupXX.exe /T:<Path where you want MSI to be extracted> /C
    E.g. GVCSetup32.exe /T:c:\Sonicwall /C
  3. Perform an administrative install of the MSI file (GVCInstallXX.MSI) to make the Global VPN Client (GVC) ready for group policy installation by typing:
    msiexec /a c:\Sonicwall\GVCSetup32.msi /qb TARGETDIR=\\SERVER\GVC SHARE
    This will install the MSI files into a network share for group policy deployment.
  4. [You may skip this step]. Copy the default.rcf file to the \Module Retargetable Folder in the network share (e.g. \\SERVER\GVC SHARE\Module Retargetable)
    This file will be copied during install and when you start the Global VPN Client, it reads the default.rcf and creates the defined connections from it.
  5. Your SonicWall Global VPN Client is now extracted, administratively installed to a share and may optionally include the client connections information (via default.rcf). Now follow Guru Guy's Guide to Software Installation via Group Policy to deploy your software!


No comments: