When running the Talk2M or VPN wizard, it fails with a connection timeout. The Ewon is connected to the Internet, but it can’t connect to the VPN. It shows offline in eCatcher.
APPLICABLE PRODUCTS
- Ewon Cosy
- Ewon Flexy
- Ewon Talk2M
ISSUE / QUESTION / SYMPTOM
Despite having a good Internet connection, the device can’t finish configuring its connection to Talk2M so it can’t be used for remote access. Some possible errors:
- t2m-HTTPS dialog failed
- t2m-VPN connection timeout
POSSIBLE CAUSES / ANSWER
- Firewall is blocking the Ewon's connection to our servers
- Deep packet inspection breaks the certificate chain, triggering security protections
TROUBLESHOOTING STEPS
- Verify the Ewon’s Internet connection using the Internet connection test in the Internet wizard. This is enabled by default when the Internet wizard is run.
- Run the VPN wizard's test as well.
- WAN connection fails: double check Ewon's Internet connection.
- UDP connection fails: is a firewall blocking UDP connections? Make sure connections on port 1194 are allowed.
- HTTP direct connection fails: is a firewall blocking connections to the Talk2M servers?
- Download and run the Talk2M Connection Checker on a computer with the same connection as your Ewon. Note that Connection Checker is a diagnostic tool that gives us more information about your network. It passing does not necessarily mean there is not some other issue preventing the Ewon from connecting.
- If the Ewon is connected by Ethernet, unplug the cable from the Ewon’s WAN port and plug it into the computer running Connection Checker.
- If the Ewon is connected by Wi-Fi, run Connection Checker on a computer connected to the same Wi-Fi network.
- The utility will attempt to connect to Talk2M servers and report which, if any, it wasn’t able to reach.
- If it is necessary to contact support, include the log files Connection Checker saves to the Documents folder.
- Provide the site's IT team with the document Addresses and ports used by Talk2M.
- Make sure that the firewall allows connections to the Talk2M servers.
- Disable deep packet inspection for the Ewon.
Generally, the following two wildcard addresses should be allowed:
- *.talk2m.com:443 (TCP protocol)
- *.talk2m.com:1194 (UDP protocol)
If wildcard addresses are not acceptable, a full list of server hostnames and IP addresses is available on the HMS webpage Talk2m Onsite Firewall Requirements.