Having problems with VPN connections since V16 update

[RainCaster]

Because of some issues with an older machine and no instruction support, I had to upgrade my hardware. Well, all the details seem to be working correctly now, except that none of the machines will connect to a VPN service I use called "IP Vanish". I was having these problems on my linux laptop (WiFi connection, FWIW), so I tried a Windows machine that was also reliably connecting before the 16.01 upgrade. This machine won't connect either.

I have tried to bipass the client machine, but that doesn't help. Any ideas?

[donhwyo]

What protocol do they use? Maybe ports are blocked?

[RainCaster]

Standard port is 443, have also tried 1194. Will use either TCP or UDP, have tried both.
What worked before was tcp:1194

[donhwyo]

Protocol would be something like openvpn or ipsec or maybe some proprietary thing. If 1194 worked it could be openvpn. Try tunnelvpn.

[RainCaster]

I'm using the standard VPN cient in Ubuntu, which is OpenVPN. Please explain to me why I need to keep trying other client software. The only thing that has changed is my version of untangle.

BTW, I am seeing some odd stuff when I look at the server connection from the Untangle troubleshooter.
DNS shows this result:

Thu Oct 29 2020 13:42:33 GMT-0700 (Pacific Daylight Time) - Test Started
sea-a28.ipvanish.com has address 156.154.113.17
sea-a28.ipvanish.com has address 156.154.112.17
Test Successful
Thu Oct 29 2020 13:42:35 GMT-0700 (Pacific Daylight Time) - Test Completed

--------------------------------------------------------

While PING shows something very different:

--------------------------------------------------------

Thu Oct 29 2020 14:01:47 GMT-0700 (Pacific Daylight Time) - Test Started
PING sea-a28.ipvanish.com (146.112.61.106) 56(84) bytes of data.
64 bytes from hit-adult.opendns.com (146.112.61.106): icmp_seq=1 ttl=59 time=11.0 ms
64 bytes from hit-adult.opendns.com (146.112.61.106): icmp_seq=2 ttl=59 time=11.0 ms
64 bytes from hit-adult.opendns.com (146.112.61.106): icmp_seq=3 ttl=59 time=11.0 ms
64 bytes from hit-adult.opendns.com (146.112.61.106): icmp_seq=4 ttl=59 time=10.10 ms
64 bytes from hit-adult.opendns.com (146.112.61.106): icmp_seq=5 ttl=59 time=11.0 ms

--- sea-a28.ipvanish.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 10.992/11.017/11.040/0.016 ms
Thu Oct 29 2020 14:01:52 GMT-0700 (Pacific Daylight Time) - Test Completed

--------------------------------------------------------

So what is going on here? Which IP address is correct? Why is the other one being used?

[RainCaster]

Also, the traceroute test goes to the wrong address as well.
--------------------------------------------------------

Thu Oct 29 2020 14:15:57 GMT-0700 (Pacific Daylight Time) - Test Started
traceroute to sea-a28.ipvanish.com (146.112.61.106), 30 hops max, 60 byte packets
1 74.82.241.1.ifibertv.com (74.82.241.1) 15.068 ms 15.069 ms 15.069 ms
2 208.84.220.193.ifibertv.com (208.84.220.193) 7.613 ms 7.635 ms 7.624 ms
3 cr1-ewncwaem-hu-0-0-1-0.bb.as20055.net (107.191.238.38) 8.064 ms 8.084 ms 8.074 ms
4 cr2-sttlwawb-b-be17.bb.as20055.net (107.191.236.56) 11.521 ms 11.537 ms 11.541 ms
5 six.opendns.com (206.81.80.53) 12.319 ms 12.335 ms 12.338 ms
6 hit-adult.opendns.com (146.112.61.106) 10.956 ms 10.937 ms 10.940 ms
Test Successful
Thu Oct 29 2020 14:16:00 GMT-0700 (Pacific Daylight Time) - Test Completed

--------------------------------------------------------

[RainCaster]

I have also tried to use the OpenVPN app, and that fails to import the client settings file.
"Import failure: java.lang.RuntimeException: Failed to import client config."

[RainCaster]

Well, the OpenVPN app in NGFW is still having problems, but I did figure out what was going wrong with the client OpenVPN connections.

It turned out to be the DNS servers I had switched to. They were lying about the IPs of the VPN servers. I suspected that from the tests I had run (above), and how odd the DNS settings appeared. Once I changed DNS servers and disabled DNS caching I was able to make connections like normal.