The IXrouter uses the following three connections to connect to the IXON Cloud. You can see which one of these connections are active in the Cloud Connection Status component. When you have one of three connections, your IXrouter will report being online.
- VPN connection: This connection can be used to securely access your machine remotely as if you are on-site. The VPN connection is required to use VNC and HTTP services as well. The connection can be turned off.
- Configuration connection: This connection is used to send configuration settings, firmware upgrades and settings from the IXON Cloud to the IXrouter. This MQTT connection should always be active.
- Data logging connection: The IXrouter uses this connection to send machine data to the IXON Cloud, which is necessary and only active when you are logging data (Live data or Historical data) or want to receive notifications about important machine events (Alarming).
VPN server location
The IXrouter chooses the VPN server based on its location. The location is based on the IXrouter's IP-address. This is called GeoIP. You can overrule this by manually entering a location and then switching VPN off and back on again.What connection problem do you have?
Please select what connection problem you are encountering with your IXrouter:
- I'm having trouble with getting my IXrouter online
- I'm having trouble with establishing a VPN connection
I'm having trouble with getting my IXrouter online
By default, all connections use the standard way out of your corporate network to connect to the IXON Cloud (TCP traffic over port 443). This port is blocked by some corporate networks. The first troubleshooting step should therefore be to check if your firewall isn't blocking the IXrouter's outgoing connections. You can also check if you need to use a proxy server for outgoing traffic.
You can very easily check this by using the same entry point on your laptop or mobile device and see if your firewall isn't blocking the IXrouter's outgoing connections. For a wired connection, connect the ethernet cable in the IXrouter's WAN-port to your laptop and see if you can use the internet with this cable. Please make sure your laptop can't connect to the internet with a different connection. For a wireless connection, connect to the same Wi-Fi network as the IXrouter. For a cellular connection, check if you can use the internet with the SIM-card in your mobile phone and if the signal quality is sufficient.
- If you can't use the internet, the problem is in your local network. Please contact your network administrator to allow the required outgoing connection (TCP traffic over port 443).
- If you can use the internet, please continue troubleshooting in this article.
I'm having trouble with establishing a VPN connection
First, you need to go to the IXON Cloud and see if you have an active VPN connection in the Cloud Connection status component. If the VPN connection has a green light, you have an active VPN connection. If you can't connect to VPN while you have this green light, you are having trouble with the VPN Client on your laptop
I don't have an active VPN connection
When your IXrouter is online, but you don't have an active VPN connection, something is probably blocking the IXrouter's VPN connection to the IXON Cloud. Please check if any of the following common issues are causing the problems.
- The very first package sent by the IXrouter may be considered unencrypted as the OpenVPN handshake takes place prior to the TLS handshake. For this reason an exception may be required on firewall rules that block non-SSL traffic over SSL-ports.
- When you have set your VPN settings to UDP traffic, port 1194 needs to be opened in your firewall. If you failed to do so, this is blocking your VPN connection. To resolve this problem, open port 1194 in your firewall, or switch your VPN settings back to TCP traffic.
- When you have set up Stealth Mode, you need to open port 8443 on your firewall. If you failed to do so, this is blocking your VPN connection. To resolve this problem, open port 8443 on your firewall, or turn off Stealth Mode if this is possible.
- If your corporate firewall uses application protocol filter, you may need to whitelist the application protocols used by the IXrouter for establishing a VPN connection (HTTPS, OpenVPN and MQTT).
- If your corporate firewall uses SSL and/or deep packet inspection, your firewall may change the SSL-certificate of the connection. Because the secure connection is being altered by the inspection, the IXON Cloud can't verify the safety and will refuse the connection. You need to create exceptions to allow a VPN connection between the IXrouter and the IXON Cloud.
I can't establish a VPN connection from my laptop
When you have an active VPN connection, but your VPN isn't working, the problem is likely not between your IXrouter and the IXON Cloud but between your laptop and the IXON Cloud.
Your laptop uses IXON's VPN Client to establish a VPN connection. First, you need to check if your laptop's antivirus isn't blocking the VPN Client. To do this, see if you can go to https://localhost:9250 in your browser. If this can't be opened, please turn off your antivirus briefly to see if that is causing your problems.
- If your antivirus is blocking the VPN Client, please contact the supplier of the antivirus software on how to allow use of your VPN Client.
- If your antivirus isn't blocking the VPN Client, please continue with the steps below.
Please check if any of the following common issues is causing your problems.
- The very first package sent by the VPN Client may be considered unencrypted as the OpenVPN handshake takes place prior to the TLS handshake. For this reason an exception may be required on firewall rules that block non-SSL traffic over SSL-ports.
- When you have set up Stealth Mode for your VPN Client, you need to open port 8443 on your firewall. If you failed to do so, this is blocking your VPN connection. To resolve this problem, open port 8443 on your firewall, or turn off Stealth Mode if this is possible.
- Check if a proxy server should be configured in your network configuration. You can configure a proxy server on the webpage of the VPN Client (https://localhost:9250). More information can be found in this article.
- If your corporate firewall uses application protocol filter, you may need to whitelist the application protocols used by the VPN Client for establishing a VPN connection (HTTPS and OpenVPN).
- If your corporate firewall uses SSL and/or deep packet inspection, your firewall may change the SSL-certificate of the connection. Because the secure connection is being altered by the inspection, the IXON Cloud can't verify the safety and will refuse the connection. You need to create exceptions to allow a VPN connection between the VPN Client and the IXON Cloud.
Problem solved?
Problem solved? Good! If not, please contact us.This article can also provide more information on VPN connection issues.