Hi Fred,
Kyle is out this week for training so I’ll take over this ticket. If the device is being unresponsive can you try and follow the recovery procedure that I talk about in the post below?
Thanks,
-Tim
Tim
The beginning of the ticket you linked me to shows how to update the firmware (which I did), and at the bottom it explains how to do a recovery (which I’m not sure if I’m supposed to do since I have already updated the firmware). It’s unclear what I’m supposed to do. I found the guide online that shows how to do a factory reset, but I want to be sure it’s the appropriate action I should do. Apparently, it will wipe out my configuration. I did do a backup using eBuddy. Maybe you can remote in to check my device? Please advise. Thank you
Hello,
Is there a number I can call you at to try and go through this?
Tim - You can reach me at
Thank you , Fred
Hi fred I gave you a call but got a busy line so I left a message.
Is there a time that works better for you tomorrow?
Tim - how about 9 AM pst? If not, give me a time that’s convenient for you.
yeah that works
Calling back at 4 EST
Tim
- connected locally with my laptop and could access web interface with ebuddy
- times out when connecting from our LAN
- Status says Internet = OK; VPN = not configured
- Continuous PING to IP address while power cycled EWON to confirm that IP address is correct and not in use by another device
- updated firmware last week to 13.0s0
Tim - if ok with you, can we change to 1:30 PST? If not, let’s try tomorrow.
Thank you
Tim I will be in late today. I apologise. Give me a time for later today or tomorrow
Hey Fred,
Want to try for 830 PST again tomorrow morning?
830 PST tomorrow is good for me.
Thanks Tim
Fred Villalobos
Tim - my manager and I checked the firewall and we can’t see anything being blocked. Just to verify with you: we need to allow openvpn TCP and UDP ports 443 and 1194? is this correct? I’m getting ready to open a case with Palo Alto Networks so they can have a look in case we’re missing something.
Also, I came across Talk2M connection checker. I installed and ran it. Everything checked good except “invalid client (1001)”. Under that it says “skipping the connection test to VPN server”.
Do you think this might be related to the issue?
Also, in the past I’ve been able to connect to the web interface. Might the fact that I can’t now point to some other issue? I’m just throwing stuff out. It’s just strange that all of a sudden I have a connection issue after it has been working so well for all this time.
Thank you, Fred
Hi Fred,
Generally we don’t recommend using the connection checker because while that may show all passes it doesn’t mean that the device can necessarily connect.
Would it be possible to temporarily take the firewall down just to test if the device can connect after that? For the most part we just need to have udp 1194 and tcp 443 as well as making sure that the openvpn isn’t being blocked by a firewall or other network settings
Hi Fred,
I wanted to check in to make sure you have been able to resolve this. The following document has instructions for IT departments for firewall configuration:
And here are the IP addresses we are currently using:
Kyle
Thanks for this documentation. I have a case out with Palo Alto Networks. If it’s a firewall issue, they will help me resolve this. I’ll keep you updated.
Thanks again, Fred
Kyle
A Palo Alto Networks engineer has determined the firewall is not blocking the EWON:
“From looking at the packet captures and flow basic, I do not believe the firewall is causing the OpenVPN to not connect.
All ports are allowed so nothing is being blocked by the firewall. I see the packets being sent and returned are going through the firewall.”
I’m not sure what else to do. If you don’t have any further recommendations, I’ll notify the manager of the department that has the EWON so he can contact the vendor and get a tech onsite to look at it. Thank you Fred
Hi Fred,
If the firewall is not blocking the VPN connection than I suspect an issue with the device itself. It will be easiest at this point to just do a factory reset. Prior to the reset, please do a backup using eBuddy. Here is the procedure:
• Power the unit OFF and ON again
• Immediately press and hold the reset button (labelled BI1 by the SD card slot on the Flexy 201) while connecting to power. The LED labeled BI1 turns ON.
• Wait approximately 35+ seconds until the USR LED flashes RED for a few seconds and then remains steady RED.
• When this state is reached, release the button. The LED labeled BI1 turns OFF.
• Check if the auto test is successful, the USR LED flashes RED with a pattern of 200ms ON
and 1,5 sec OFF1
. The eWON COSY does NOT restart in normal mode by itself and remains running in this diagnostic mode.
• You have to power the eWON COSY OFF and ON again to reboot the unit in normal mode. As described before, the eWON returns to its default COM parameters and factory IP addresses (like LAN 10.0.0.53) after this level 2 reset is performed.
After resetting the device, run the wizards and see if you can complete the process and connect with eCatcher. (You will need the authorization key found in eCatcher, in the devices Properties > Talk2M Connectivity section to enter into the VPN Wizard) Later, I can help you configure the settings from your backup.
If the devices still doesn’t work after this, you should try it from another network.
Thanks,
Kyle
Kyle - I’ll try the reset. You can go ahead and close this. Thank you
Topic closed due to inactivity.