Problem
The IXrouter is unable to set up a Configuration connection (MQTT) or VPN connection. When the connection is checked in the component Cloud connection status, one of the following error messages can be observed:
Connection issues
There seem to be connection issues. The device downloaded its VPN connection config file several times in quick succession and the VPN connection is not established yet.
Rate limit active
There seem to be connection issues. The device downloaded its VPN connection config file several times in quick succession and the VPN connection is not established yet.
Reset rate limiting
Device is blocked
The device is blocked because it tried to retrieve its Configuration connection config file more than 50 times and could not establish the Configuration connection.
Unblock to reset rate limiting
Cause
A firewall is interfering with the connection. In general, this is a company firewall (for wired and Wi-Fi connections) or a firewall at the connection provider (for cellular connections). This can occur with both a VPN connection and a Configuration connection (MQTT). A secure connection is used between the IXrouter and the servers in IXON Cloud. When a firewall somehow makes a change to this connection, e.g. by opening packets for an SSL inspection, the connection is no longer deemed secure and is disconnected. So, although the IXrouter is able to reach the internet and IXON’s servers, setting up the actual connection doesn’t succeed. When there are several consecutive failed connections, rate-limiting occurs. If this continues extensively, connections from the particular IXrouter are ultimately blocked altogether. Both a rate limit and a block can be reset in the Cloud connection status component.
Solution
Make sure that the IXrouter’s internet connection is not blocked or filtered. Besides opening ports and whitelisting IXON’s servers, also make sure that SSL inspection isn’t active as this will invalidate the secure communication between the IXrouter and the servers in the cloud. For more information, see the article How does your device connect to the IXON Cloud? (ports, protocols & servers).
Alternative solution for VPN
A possible alternative solution for VPN could be to use Stealth mode, which encapsulates the OpenVPN traffic in HTTPS. Instead of using the default HTTPS port 443, port 8443 will be used to connect to the VPN server. Stealth mode can be enabled by using the option Use stealth mode under Fleet Manager > select device > Network > VPN > Stealth mode.