Fixing Windows VPN Errors
The native Windows VPN client is prone to many errors when connecting to the Northwestern VPN. If you encounter any error when connecting, follow the troubleshooting steps below.
Feinberg School of Medicine members should contact FSM IT at email@example.com for assistance with any VPN errors.
Use Cisco AnyConnect instead
Northwestern IT recommends using Cisco AnyConnect to connect to the VPN on Windows; most VPN errors do not occur when using the Cisco client instead. See this Knowledge Base article for instructions to set up Cisco AnyConnect.
Make sure your network is not blocking L2TP ports
If you are connecting on a home or private network, an error will appear if your router is not allowing network traffic through certain ports. The Nortwestern VPN requires UDP ports 500, 1701, and 4500 to be open to function; make sure any firewalls on your computer or router do not block these ports. Consult your router's or firewall software's documentation for instruction on opening these ports, or contact your network administrator for help; Northwestern IT cannot help configure networks not operated by the University. Some Internet service providers may not allow VPN connections; contact your ISP if you feel this may be the case.
A public network and/or country's firewall may block the VPN connection
Many public networks and all networks in countries with restrictive national firewalls (including the People's Republic of China and other countries with state-operated internet filtering) may block L2TP-VPN connections. Using the Cisco AnyConnect client may get around this restriction.
If you still cannot connect to the Northwestern VPN and you cannot use the Cisco AnyConnect client, see below for further error-specific troubleshooting.
Error 609 and 633
To resolve this issue, uninstall and reinstall the miniports manually.
- Click Start > All Programs > Accessories > Command Prompt
- In the command prompt, type the following commands one by one and press Enter after each one.
- When prompted by User Account Control, click Continue.
If you see the error "A connection to the remote computer could not be established" or "The port was disconnected", check the following items:
- Open the Windows Task Manager by pressing Control + Alt + Delete on the keyboard and selecting the Start Task Manager option from the list shown.
- End any other VPN programs or processes that may be running by selecting the item from the shown list and selecting the button that says End Task under the Applications tab, or End Process under the Processes tab.
- If ending the process does not fix the issue, uninstall the VPN program by going to the Control Panel and selecting Uninstall a Program from under the Programs header. Select the program from the list and select uninstall.
- Restart your computer.
- If the port is not open, go to the Control Panel and select the System and Security tab.
- Select the Windows Firewall tab, and select Advanced Settings from the menu on the left.
- Select Outbound Rules from the menu on the left, and then select Action from the top menu.
- Select New Rule, then select Port, and click Next. In the space for Specific remote ports, enter in 1723 and then click Next.
- Select the option to Allow the connection and click Next.
- Select all the options for where the rule should apply and then click Next.
- Enter in NUVPN for the Name field and click Finish.
Error 691 indicates an incorrect NetID or password is entered. Make sure you enter the correct NetID and password and that Caps Lock is off. If you encounter issues with your NetID login, see this Knowledge Base Article for password reset assistance.
The preshared/secret key was not entered correctly. The preshared key is northwesternvpn ; verify that it is entered and that all other VPN configuration settings are correct. The VPN will only look for a certificate if the server does not recognize the preshared/secret key entered.
Either the pre-shared key (northwesternvpn) was entered incorrectly or the network blocked the connection.
First, verify that you entered the pre-shared key correctly during configuration. If you still receive the error, make sure your network allows VPN connections and that UDP ports 500, 1701, and 4500 are open; Northwestern IT cannot help configure networks not operated by the University.
Note that this error appears if you try to connect to the VPN on restricted networks such as in public places or in countries with restrictive national firewalls; the only solution to connect in this case is to use another network or configure and use Cisco AnyConnect instead.
The connection type is incorrectly set to "Automatic" instead of "Layer 2 Tynneling Protocol with IPsec (L2TP/IPsec)". See Step 8 of the Native VPN configuration (for Windows 10/8.1/8) or step 10 (for Windows 7) for instructions to change the VPN type.
Your network connection is blocking UDP port 500 or 4500.
If you are on a private network, be sure any firewall(s) and your router have these ports open; consult your router's documentation for instructions. Northwestern IT cannot configure networks not operated by the University.
If you are on a public network, the only solution to connect is to use a different network or configure and use Cisco AnyConnect instead.
An essential networking process used by the native VPN is not running. If you need to use the native VPN client and you encounter this error, contact your deptartmental IT support. Otherwise, using the Cisco AnyConnect client avoids this problem.
If you see the error "The remote connection was not made because the name of the remote access server did not resolve", check the following:
- Ensure that you have an internet connection by selecting the Network Icon at the bottom of your screen and confirming it says Connected.
- After selecting the Network Icon, select Northwestern VPN from the top of the list
- Right-click Northwestern VPN and select View connection properties.
- Under the General tab, ensure that the Host Name is set to vpn-nu.vpn.northwestern.edu.
If the Host Name is correctly set, and the VPN connection still does not work, try the following:
- Click Start > All Programs > Accessories > Command Prompt.
In the Command Prompt, type:
- Copy the given IP Address into the Host Name field referred to above.
- Make sure to disable all third party anti-virus or firewall software.