- Getting your VPN to work on your network involves performing some configurations.
- TunnelBear connection issues can also be related to misconfiguration, among other things.
- Having a non-functional VPN on your device could mean putting your privacy at risk.
- Check out our guide and learn how to troubleshoot TunnelBear connection issues like a pro.
Most IT administrators spend a fair amount of time performing troubleshooting on VPNs before successfully deploying a new one.
However, troubleshooting a VPN is similar to troubleshooting problems with your WAN connectivity, owing to its complex nature as data travels via multiple links before reaching its destination.
Something can go wrong at each link in the VPN connection, so knowing the problems and having troubleshooting procedures will help you debug the VPN connection.
Below are the troubleshooting scenarios plus their solutions, to help you when TunnelBear is connected but not working.
FIX: TunnelBear connected but not working
1. Unsuccessful deployment of TunnelBear VPN
At the very minimum, a VPN implementation comprises a RAS PPTP server and a client both of which are connected to the internet, and a PPTP connection in between server and client. If your ISP service or internet connection is available, you can connect to your server or LAN from wherever you want in the world.
The problem is that most VPNs aren’t that simple. More often than not, the VPN’s server is on a routed LAN segment, usually behind a firewall, and the client connection also uses the ISP network which has its own routers and firewalls.
The solution to this is to start with an NT server that has minimal number of installed services, and then limit the protocols to just two – TCP/IP and PPTP. You can also save time by updating your server with service packs before trying to troubleshoot the client connections. NT 4.0 Service Packs 5 (SP5) and SP6a will correct most PPTP connection problems including those related to fragmented packets, dropped and refused connections.
Tip: Keep the server configuration as simple and straightforward as you can for purposes of troubleshooting.
2. TunnelBear VPN connected but client cannot log on
You may also encounter a problem when TunnelBear is connected but the client cannot log on.
There are three possible causes for this:
- Configuring domain and server accounts
This happens if your RAS server is configured as a domain controller or standalone system. If configured as a domain controller, ensure the user’s domain account has dial-in permission. If not a domain controller, RAS server authenticates the client’s credentials by default against the local SAM.
The standalone server can be authenticated either with a local account on the RAS server, or with an edit to the registry that forces it to authenticate credentials against the domain SAM. In both cases, you have to have dial-in permission for the account you supply.
If TunnelBear gives you so many headaches while using it, we strongly recommend you changing it. Our advice is to go for a highly reliable VPN tool such as Private Internet Access.
This US-based company, owned by Kape Technologies, offers OpenVPN protocol support as well as PPTP/L2TP/SOCKS5 for improving compatibility with various networks and devices.
Having many more servers than TunnelBear, PIA ensures that you will almost always have where to connect to and still get good Internet speeds.
Our top reasons to go with PIA are:
- Latest and greatest protocols and technologies used
- 10 simultaneous devices can be connected with one subscription
- VPN Kill-switch provided with the PIA client
- Use their own private DNS servers
- No-logs policy
Private Internet Access
Get this highly configurable VPN service, with port forwarding on many regional gateways, at a great price in this limited-time deal.
- Configuring computer accounts
If your computer is an NT server, it must have an account in the domain. If it is a new system, however, create the new account in Server Manager before testing the connection. If you already have an account but it has been disconnected, the password may not be synchronized with the server, because for every account, a hidden password is generated which the PDC resets automatically.
Therefore, if you’ve been offline for a while, the password may differ from the one on the PDC, but you can delete your account and re-add it to fix this problem.
- Negotiating client authentication
A RAS server can use 3 authentication protocols to authenticate PPTP users: Password Authentication or PAP protocol, Challenge Handshake Authentication or CHAP, and Microsoft CHAP (MSCHAP). The authentication protocols that your computer and server negotiate for logon depend on the encryption settings selected when you configure the server’s incoming VPN ports, and the client PPTP connection network settings.
The options available on the server and client include allowing any authentication, requiring encrypted authentication, or requiring Microsoft encrypted authentication. For the latter, clients that don’t support MSCHAP V2 cannot log on successfully.
What you need to do is enable logon auditing in User Manager and try the connection again. This gives you a picture of what is hindering TunnelBear from working when you check the records in the NT Event Viewer’s Security log, like if the username is invalid, or password expired, or an invalid account and whether VPN ports are available.
3. Connected but cannot browse using LAN
If you’re using TunnelBear VPN and you managed to log on but cannot browse using LAN, first ensure you set the workgroup to target the NT domain name on all Win9x clients. It’s recommended that you understand how the four TCP/IP settings affect your network connection.
When you have users working from home with high connection speeds, browsing via LAN is a great option for remote users. Here’s how to troubleshoot browsing issues:
If you’re browsing and get error 53 from your system “the network path was not found” it means the client cannot resolve NetBIOS names. Ensure the WINS server has been assigned, either statically in PPT connection’s Network Settings, or dynamically using ipconfig for all clients or Winipcfg for Win9x clients. If you don’t have a WINS server address, enter it manually, then reconnect the VPN and try to browse again.
- Set up the default gateway
Check the default gateway setting for the PPTP connection, and if it still points to your ISP, it means every client request to browse the LAN goes direct to your ISP rather than to TunnelBear VPN connection. Thus, the ISP may block ports required for NetBIOS name broadcasts.
Routers and firewalls can also prevent the transmission of NetBIOS names unless you enable unicast traffic on UDP ports 137 and 138, and TCP port 139. NetBIOS names are proprietary to Microsoft so some ISPs may not let such data flow through their infrastructure. Also check if your antivirus is blocking internet access.
You can manually delete the route and add a static route to the VPN server’s virtual interface – the address assigned to the VPN interface (it is also the first available DHCP address in your RAS server configuration).
You can install NetBEUI on the RAS server and remote clients to resolve browsing issues. This can be done for incoming connections on the server’s VPN ports, and select Net BEUI in the PPTP connection on the client. This connects the client to the server with NetBEUI over TCP/IP. This is the easiest way to get a fully browsable LAN.
If you still cannot browse, try connecting to a network share manually, or review TunnelBear VPN server configuration as many server problems affect browsing, however, the list of potential issues is too long to cover in this article.
4. Connected but cannot browse the internet
This problem happens in two scenarios: first, the VPN server may not let remote client’s access the internet when TunnelBear is connected, in which case, if you close the TunnelBear VPN connection, the client can browse because the default gateway reverts to the gateway specified by the ISP.
The second scenarios is that Windows may overwrite the ISP gateway with the VPN server-defined gateway when the client connects, so there’s no path to the internet. For this, you can manually add a static route to the ISP’s default gateway to resolve it, by trying the VPN’s gateway first, then the ISP gateway.
5. Connected but doesn’t appear in the Network Neighborhood
If you get this problem even with a fully functional TunnelBear VPN connection, configure your PPTP connection with TCP/IP only and connect, then authenticate to the VPN server. When the client expands Network Neighborhood, it shows itself and other clients in the list, but the remote system never appears in the Network Neighborhood on LAN. If you want remote clients to appear on the LAN browse list, install NetBEUI on the RAS server and RAS clients.
Share with us your experience with TunnelBear VPN connection, and if these solutions helped, by leaving a comment in the section below.
Frequently Asked Questions
Join the conversation
This post was written by Milan Stanojevic and was first posted to WindowsReport
Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.