JHM's Nortel VPN client is not connecting. Any ideas?

[ReeS4e]

I am trying to install the JHM tune and the vpn client won't connect to their vpn. I followed all of the instructions exactly. The error is 'Failed to connect for the following reasons: Unable to reach server." Any suggestions?

I've allowed the app through the firewall. I added UDP 500 inbound and outbound. I've turned off the firewall. I tried swapped the vpn address with the IP. There's just about nothing else to turn off or change. I also tried this on two computers with different firewall software. Both Win 7 x64. The only thing I can't figure out where to set is the IPSec settings. With the firewall off it shouldn't matter anyway.

It would be great if someone who has had this problem could chime in here. I ordered this on 24th and the install keeps getting pushed back for one reason or another. I just want to get it done.

Thanks

[ReeS4e]

I've enable IPSec and turned on auditing. Same issues:
auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy Change","Filtering Platform policy change","IPsec Main Mode","IPsec Quick Mode","IPsec Extended Mode","IPsec Driver","Other System Events","Filtering Platform Packet Drop","Filtering Platform Connection" /success:enable /failure:enable

[ReeS4e]

------------------------ Begin -----------------------------
Level = 4,
1/12/2013 15:52:39.137 [SRVC] -I-Nortel VPN Service started.
1/12/2013 15:52:41.149 [SRVC] -I-nvcServiceCtrl: Code=00000004, event=00000000
1/12/2013 15:54:24.343 [SRVC] -I-nvcServiceCtrl: Code=0000000e, event=00000006
1/12/2013 15:54:24.343 [SRVC] -I-SERVICE_CONTROL_SESSIONCHANGE: event=00000006.
1/12/2013 15:56:50.702 [SRVC] -I-Nortel VPN Service started.
1/12/2013 15:56:50.702 [SRVC] -I-Logging session starting ... Status - 0.
1/12/2013 15:58:50.711 [GUIW] -I-NVC user interface started
1/12/2013 15:59:00.758 [GUIW] -I-Nortel VPN Client Product version 10.01.052
1/12/2013 15:59:03.456 [GUIW] -I-Nortel VPN Client Excecutable File version 10.01.052.0
1/12/2013 15:59:15.110 [GUIW] -I-NVC user interface successfully connected to engine
1/12/2013 15:59:41.437 [GUIW] -I-NVC user interface exits
1/12/2013 16:01:42.150 [GUIW] -I-NVC user interface started
1/12/2013 16:01:42.150 [GUIW] -I-Nortel VPN Client Product version 10.01.052
1/12/2013 16:01:42.150 [GUIW] -I-Nortel VPN Client Excecutable File version 10.01.052.0
1/12/2013 16:01:42.165 [GUIW] -I-NVC user interface successfully connected to engine
1/12/2013 16:01:42.337 [GUIW] -I-Registered for Windows session notification.
1/12/2013 16:01:42.883 [GUIW] -I-Received idle message from engine
1/12/2013 16:08:36.129 [GUIW] -I-Received option set message from engine
1/12/2013 16:08:37.954 [ENGS] -I-IPSec Tunnel Connection initiated to 107.7.140.141 using Diffie-Hellman group 8.
1/12/2013 16:08:38.157 [GUIW] -I-Received negotiation in progress message from engine
1/12/2013 16:09:09.919 [ENGS] -I-Enter: DynamicDnsCleanup.
1/12/2013 16:09:09.934 [ENGS] -E-Start tunnel failed due to: remote host not responding.
1/12/2013 16:09:10.106 [GUIW] -I-Received tunnel abort message from engine
1/12/2013 16:09:10.106 [GUIW] -I-No next profile for failover
1/12/2013 16:09:10.613 [GUIW] -I-Received idle message from engine
1/12/2013 16:10:11.490 [GUIW] -I-Received option set message from engine
1/12/2013 16:10:13.393 [ENGS] -I-IPSec Tunnel Connection initiated to 107.7.140.141 using Diffie-Hellman group 8.
1/12/2013 16:10:13.503 [GUIW] -I-Received negotiation in progress message from engine
1/12/2013 16:10:44.796 [ENGS] -I-Enter: DynamicDnsCleanup.
1/12/2013 16:10:44.828 [ENGS] -E-Start tunnel failed due to: remote host not responding.
1/12/2013 16:10:44.999 [GUIW] -I-Received tunnel abort message from engine
1/12/2013 16:10:44.999 [GUIW] -I-No next profile for failover
1/12/2013 16:10:45.503 [GUIW] -I-Received idle message from engine
1/12/2013 16:13:21.738 [GUIW] -I-Received option set message from engine
1/12/2013 16:13:23.610 [ENGS] -I-IPSec Tunnel Connection initiated to 107.7.140.141 using Diffie-Hellman group 8.
1/12/2013 16:13:23.642 [ENGS] -I-Enter: DynamicDnsCleanup.
1/12/2013 16:13:25.420 [GUIW] -I-Received tunnel down message from engine
1/12/2013 16:13:25.420 [GUIW] -E-VPN tunnel disconnected at user's request
1/12/2013 16:13:25.420 [GUIW] -I-Unregistered for Windows session notification.
1/12/2013 16:13:26.204 [GUIW] -I-NVC user interface exits
1/12/2013 16:13:26.204 [ENGS] -I-NvceClose_r: get api and clean up.
1/12/2013 16:13:34.815 [GUIW] -I-NVC user interface started
1/12/2013 16:13:34.815 [GUIW] -I-Nortel VPN Client Product version 10.01.052
1/12/2013 16:13:34.815 [GUIW] -I-Nortel VPN Client Excecutable File version 10.01.052.0
1/12/2013 16:13:34.831 [GUIW] -I-NVC user interface successfully connected to engine
1/12/2013 16:13:35.3 [GUIW] -I-Registered for Windows session notification.
1/12/2013 16:13:35.564 [GUIW] -I-Received idle message from engine
1/12/2013 16:13:37.982 [CFGA] -W-Runtime reported exception 0x490 = 1168
1/12/2013 16:13:37.982 [CFGA] -E-Warning! Specified profile not found.
1/12/2013 16:13:39.121 [GUIW] -I-Received option set message from engine
1/12/2013 16:13:39.901 [ENGS] -I-IPSec Tunnel Connection initiated to 107.7.140.141 using Diffie-Hellman group 8.
1/12/2013 16:13:40.634 [GUIW] -I-Received negotiation in progress message from engine
1/12/2013 16:14:11.865 [ENGS] -I-Enter: DynamicDnsCleanup.
1/12/2013 16:14:11.865 [ENGS] -E-Start tunnel failed due to: remote host not responding.
1/12/2013 16:14:12.193 [GUIW] -I-Received tunnel abort message from engine
1/12/2013 16:14:12.193 [GUIW] -I-No next profile for failover
1/12/2013 16:14:12.705 [GUIW] -I-Received idle message from engine
1/12/2013 16:25:30.283 [SRVC] -I-nvcServiceCtrl: Code=0000000e, event=00000007
1/12/2013 16:25:30.283 [SRVC] -I-SERVICE_CONTROL_SESSIONCHANGE: event=00000007.
1/12/2013 16:35:18.891 [SRVC] -I-nvcServiceCtrl: Code=0000000e, event=00000008
1/12/2013 16:35:18.891 [SRVC] -I-SERVICE_CONTROL_SESSIONCHANGE: event=00000008.
1/12/2013 16:46:52.190 [SRVC] -I-nvcServiceCtrl: Code=0000000e, event=00000007
1/12/2013 16:46:52.190 [SRVC] -I-SERVICE_CONTROL_SESSIONCHANGE: event=00000007.
1/12/2013 16:56:14.111 [SRVC] -I-nvcServiceCtrl: Code=0000000d, event=0000000a
1/12/2013 16:56:14.111 [SRVC] -I-SERVICE_CONTROL_POWEREVENT: event=0000000a.
1/12/2013 16:56:26.903 [SRVC] -I-nvcServiceCtrl: Code=0000000e, event=00000008
1/12/2013 16:56:26.903 [SRVC] -I-SERVICE_CONTROL_SESSIONCHANGE: event=00000008.
1/12/2013 16:59:57.678 [GUIW] -I-Received option set message from engine
1/12/2013 16:59:59.566 [ENGS] -I-IPSec Tunnel Connection initiated to 107.7.140.141 using Diffie-Hellman group 8.
1/12/2013 16:59:59.722 [GUIW] -I-Received negotiation in progress message from engine
1/12/2013 17:00:30.968 [ENGS] -I-Enter: DynamicDnsCleanup.
1/12/2013 17:00:30.968 [ENGS] -E-Start tunnel failed due to: remote host not responding.
1/12/2013 17:00:31.234 [GUIW] -I-Received tunnel abort message from engine
1/12/2013 17:00:31.234 [GUIW] -I-No next profile for failover
1/12/2013 17:00:31.744 [GUIW] -I-Received idle message from engine
1/12/2013 17:03:29.508 [SRVC] -I-nvcServiceCtrl: Code=0000000d, event=0000000a
1/12/2013 17:03:29.508 [SRVC] -I-SERVICE_CONTROL_POWEREVENT: event=0000000a.
1/12/2013 17:10:08.775 [GUIW] -I-Received option set message from engine
1/12/2013 17:10:10.694 [ENGS] -I-IPSec Tunnel Connection initiated to 107.7.140.141 using Diffie-Hellman group 8.
1/12/2013 17:10:11.84 [GUIW] -I-Received negotiation in progress message from engine
1/12/2013 17:10:42.128 [ENGS] -I-Enter: DynamicDnsCleanup.
1/12/2013 17:10:42.128 [ENGS] -E-Start tunnel failed due to: remote host not responding.
1/12/2013 17:10:42.565 [GUIW] -I-Received tunnel abort message from engine
1/12/2013 17:10:42.565 [GUIW] -I-No next profile for failover
1/12/2013 17:10:43.64 [GUIW] -I-Received idle message from engine
1/12/2013 17:23:59.397 [GUIW] -I-Received option set message from engine
1/12/2013 17:24:01.284 [ENGS] -I-IPSec Tunnel Connection initiated to 107.7.140.141 using Diffie-Hellman group 8.
1/12/2013 17:24:01.643 [GUIW] -I-Received negotiation in progress message from engine
1/12/2013 17:24:32.942 [ENGS] -I-Enter: DynamicDnsCleanup.
1/12/2013 17:24:32.957 [ENGS] -E-Start tunnel failed due to: remote host not responding.
1/12/2013 17:24:33.82 [GUIW] -I-Received tunnel abort message from engine
1/12/2013 17:24:33.82 [GUIW] -I-No next profile for failover
1/12/2013 17:24:33.592 [GUIW] -I-Received idle message from engine
1/12/2013 17:26:34.381 [GUIW] -I-Received option set message from engine
1/12/2013 17:26:36.253 [ENGS] -I-IPSec Tunnel Connection initiated to 107.7.140.141 using Diffie-Hellman group 8.
1/12/2013 17:26:36.503 [GUIW] -I-Received negotiation in progress message from engine
1/12/2013 17:27:08.175 [ENGS] -E-Start tunnel failed due to: remote host not responding.
1/12/2013 17:27:08.175 [ENGS] -I-Enter: DynamicDnsCleanup.
1/12/2013 17:27:08.503 [GUIW] -I-Received tunnel abort message from engine
1/12/2013 17:27:08.503 [GUIW] -I-No next profile for failover
1/12/2013 17:27:09.4 [GUIW] -I-Received idle message from engine
1/12/2013 17:46:34.151 [GUIW] -I-Received option set message from engine
1/12/2013 17:46:36.23 [ENGS] -I-IPSec Tunnel Connection initiated to 107.7.140.141 using Diffie-Hellman group 8.
1/12/2013 17:46:36.304 [GUIW] -I-Received negotiation in progress message from engine
1/12/2013 17:47:07.972 [ENGS] -I-Enter: DynamicDnsCleanup.
1/12/2013 17:47:07.972 [ENGS] -E-Start tunnel failed due to: remote host not responding.
1/12/2013 17:47:08.253 [GUIW] -I-Received tunnel abort message from engine
1/12/2013 17:47:08.253 [GUIW] -I-No next profile for failover
1/12/2013 17:47:08.757 [GUIW] -I-Received idle message from engine
1/12/2013 17:50:29.351 [GUIW] -I-Received option set message from engine
1/12/2013 17:50:31.192 [ENGS] -I-IPSec Tunnel Connection initiated to 107.7.140.141 using Diffie-Hellman group 8.
1/12/2013 17:50:31.223 [GUIW] -I-Received negotiation in progress message from engine
1/12/2013 17:51:03.140 [ENGS] -I-Enter: DynamicDnsCleanup.
1/12/2013 17:51:03.140 [ENGS] -E-Start tunnel failed due to: remote host not responding.
1/12/2013 17:51:03.218 [GUIW] -I-Received tunnel abort message from engine
1/12/2013 17:51:03.218 [GUIW] -I-No next profile for failover
1/12/2013 17:51:03.713 [GUIW] -I-Received idle message from engine

[Rondonia]

Did you try to ping the VPN server? Maybe it's down.

[Nillamb]

1/12/2013 17:10:42.128 [ENGS] -E-Start tunnel failed due to: remote host not responding.

Lots of these messages. Assuming you have the right address, I'd guess it was down, too. When I set up my connection, I got the same error for 10 mins or so, then it resolved itself without me changing anything, so I assumed that was also the remote host down.

[dparm]

Why don't you guys just call JHM when this stuff happens? If you don't tell them about problems, they won't know to fix them.

[Justincredible]

Why don't you guys just call JHM when this stuff happens? If you don't tell them about problems, they won't know to fix them.

good point. It is saturday tho

from what I have been able to gather. activx and your internet browser can push you our or not allow you connection. From what Ive read they (JHM) are getting there own browser made to completely fix this. All I know is when I converted over to flash My flash was doing the same thing. It was my active X settings.

[Mistro]

I don't think ActiveX settings would affect the VPN client though.

For what its worth, it was definitely up between 10am-ish and 1pm-ish eastern time yesterday. (Not sure what time zone your logs are in)

Maybe something to do with your local connection? Was the VPN server pingable? Its pingable right now so maybe give it another shot.

[ReeS4e]

Why don't you guys just call JHM when this stuff happens? If you don't tell them about problems, they won't know to fix them.

They are not available on weekends. I've already called, left a message and and sent an email. They will definitely hear from me on Monday too. Tried connecting again today and it still doesn't work.
I've been able to ping it. I also tried using the IP.

[Mistro]

Did you try turning off your firewall?
Like fully off not just the application exception rule.

[ReeS4e]

Yeah, totally off. I might try setting something up on EC2, but right now I'm looking for a way to test the UDP port.

[dparm]

They are not available on weekends. I've already called, left a message and and sent an email. They will definitely hear from me on Monday too. Tried connecting again today and it still doesn't work.
I've been able to ping it. I also tried using the IP.

Then don't undertake projects like this on weekends. If something goes wrong and you brick your ECU, your car will be out of commission until Monday.

I hate to oversimplify, but it's quite risky to do something like this with no help.

[ReeS4e]

Then don't undertake projects like this on weekends. If something goes wrong and you brick your ECU, your car will be out of commission until Monday.

I hate to oversimplify, but it's quite risky to do something like this with no help.

??

So I shouldn't use a forum to describe a problem with a vendor's product that other's might have also had and resolved? That'll happen never.

[ReeS4e]

Dru emailed me today and said APR was down completely last week for an unknown reason. So it sounds like APR is hosting the VPN. He's going to follow up with them.

[cerwin69]

Another option to look at is your router to ensure IPsec passthrough is turned on or allowed.

[ReeS4e]

IPSec is enabled. I am going to try bypassing the router later, not that I could install it this way...

[BlueSteW8]

Dru emailed me today and said APR was down completely last week for an unknown reason. So it sounds like APR is hosting the VPN. He's going to follow up with them.

Hmm...wonder if my local APR dealer can hook me up?
Have to check into that - much simpler route for me.

[cerwin69]

Were you able to ping the IP address? If not that would be the first issue. Firewall turned off? Do you have admin rights by default if not, did you right click the shortcut and select "run as administrator"?

[ReeS4e]

Were you able to ping the IP address? If not that would be the first issue. Firewall turned off? Do you have admin rights by default if not, did you right click the shortcut and select "run as administrator"?

yes to all.

[ReeS4e]

I've tried 3 Windows 7 laptops, a Windows 7 laptop in XP mode, and for kicks, a Windows 2008 Server running in AWS. None of them can connect.

[NY07RS4]

I know you said in "XP mode" but if you can get your hands on an actual XP machine you may have better luck.

[ReeS4e]

This was my bad.

I thought I had configured everything that could be configured. Added rules, disabled firewalls in both Windows and the router, tried it on different networks and different environments, etc. Having tried it through AWS, my office's guest network and primary network with the same results, I was totally convinced the problem was on the other side of the fence.

Ultimately, it was the router settings. I couldn't find anything on IPSec in the manual so I ran the policy update for it shown above. This should have been obvious, but that doesn't affect anything on the router side.

Jake and Jason from JHM spent over an hour walking through the issues I was experiencing and stuck with it until it was connecting. I owe them a big thanks for that.

After I got off the phone, I was able to tweak the security and restore some of the settings I changed in trying to get things going.

Here are the takeaways:

1. The Windows firewall can stay on.
   
2. I didn't need any Windows firewall rules for the Nortel client or UDP (Inbound or Outbound).
   
3. The router firewall needs to be off. (I can probably add rules there. Need to look into it more.)
   
4. I have a new Asus RT-N65R. The IPSec settings can be found under Advanced Settigns > WAN > Nat Passthrough. You want to enable IPSec Passthrough.
   
5. The one thing I avoided trying because of aforementioned reasons and the fact I wouldn't be able to flash the car this way, was directly connecting to the modem. I should have just done it anyway.
   
6. This was going to be the next step, but in hindsight, it would have been better to call my router mfg first to definitely eliminate this as the problem. Keep that in mind if you can't connect to the remote host through the router, but you can if you bypass it.
   

Now that the connection issues are resolved, I will commence flashing.

[ReeS4e]

BTW this is a Lenovo v570 running Windows 7 Pro x64 with a quad core i5 processor.

[ReeS4e]

Ugh. With all of my testing, it looks like I've reached a maximum session count and it won't let me back on. Hopefully, it will reset tomorrow.

[Tech/Sales@JHM]

This was my bad.

I thought I had configured everything that could be configured. Added rules, disabled firewalls in both Windows and the router, tried it on different networks and different environments, etc. Having tried it through AWS, my office's guest network and primary network with the same results, I was totally convinced the problem was on the other side of the fence.

Ultimately, it was the router settings. I couldn't find anything on IPSec in the manual so I ran the policy update for it shown above. This should have been obvious, but that doesn't affect anything on the router side.

Jake and Jason from JHM spent over an hour walking through the issues I was experiencing and stuck with it until it was connecting. I owe them a big thanks for that.

After I got off the phone, I was able to tweak the security and restore some of the settings I changed in trying to get things going.

Here are the takeaways:

1. The Windows firewall can stay on.
   
2. I didn't need any Windows firewall rules for the Nortel client or UDP (Inbound or Outbound).
   
3. The router firewall needs to be off. (I can probably add rules there. Need to look into it more.)
   
4. I have a new Asus RT-N65R. The IPSec settings can be found under Advanced Settigns > WAN > Nat Passthrough. You want to enable IPSec Passthrough.
   
5. The one thing I avoided trying because of aforementioned reasons and the fact I wouldn't be able to flash the car this way, was directly connecting to the modem. I should have just done it anyway.
   
6. This was going to be the next step, but in hindsight, it would have been better to call my router mfg first to definitely eliminate this as the problem. Keep that in mind if you can't connect to the remote host through the router, but you can if you bypass it.
   

Now that the connection issues are resolved, I will commence flashing.

ReeS4e-

Thank you for the kind words! I'm glad we were able to pinpoint the exact issue that was causing you to not be able to connect to our server. Also, thanks for posting the information on what it took to get your issue resolved to help anyone else that may end up running into this same issue.

Everyone Else-

There may be some confusion going on regarding our JHM Tunes and I would like to clear the air. The JHM Tunes that are being flashed to your car are still JHM's proprietary calibrations that we have been using for quite some time and NOT APR's Tunes. However, we are using alternate means of getting our JHM Tunes onto your vehicle. Recently we have purchased a server that currently resides at APR's facility that has nothing but JHM information on it. That is why Flashing APR software and JHM software is performed in a very similar manner.

What ReeS4e had mention earlier about our server being down because of APR was down (in the rare occasion that they are) is because our JHM Flashing Server is located at APR.

If anyone has any questions please feel free to give us a call.

Regards,

Jake