FWIW - my error message is "The VPN connection to the selected secure gateway requires a routable IPv4 physical adapter address. Please move to an IPv4 network and retry the connection or select a different secure gateway."
I spent a long time composing a reply but the site ate it when I hit "post". So here's a shorter reply.
A routable IPv4 address is one that is uniquely assigned throughout the internet.
The opposite is a private one, which could be used on any and every LAN. See RFC1918.
Rogers assigns each customer one routable address. This is normally used for the public interface of a router. Most routers then assign each node on the LAN a private address. Through a process called NAT (Network and port Address Translation), the router rewrites inbound and outbound packets to make this work.
NAT only works for TCP and UDP protocols.
The Internet Standard VPN protocol is IPsec and it uses AH and ESP packets, not something NAT can handle.
There are hacks to IPsec to encapuslate AH and ESP in UDP for "NAT Traversal".
A server cannot be behind NAT without really hairy hacks.
Summary both ends of an IPsec tunnel ought to have routable IP addresses. If you've enabled NAT Traversal on your IPsec system, the initiator ("client") can be behind NAT. Normally, the responder ("server") cannot be behind NAT.
It isn't clear which end the message refers to. Is it requesting that your Security Gateway (i.e. your computer) doesn't have a routable IPv4 address, or that the far side doesn't have a routable IPv4 address. If it is complaining about your end, you should figure out how to enable NAT Traversal. If it is complaining about the other side, you probably haven't configured that correctly (because that computer surely has a routable IP address).
Some routers have a setting called "VPN Passthrough". I'm not sure that ever works. It certainly isn't documented.
Some other VPN protocols (eg. OpenVPN) are based on TLS. That uses TCP and can survive NAT on the client side.
I work from home using FortiClient. Works for me with no router changes required. Rogers would be making a big mistake if it did not allow VPN with so many working from home.
Not supported and blocked are two different things.
Pretty much.. well EVERYTHING almost rogers doesnt officially support. They cant guarantee that ANYTHING will work on their internet. They can support that your internet is working.. and beyond that, its up to the user to figure it out.
My personal VPN is still working from my Ignite connection at home. (PIA)
My work VPN on my work laptop, through Cisco Anyconnect (which is an SSL VPN)
So may only be blocking IPSec vpns?
Though PIA uses PPTP, L2TP/IPsec, SOCKS5 and OpenVPN.. not sure which specific its using when it works for me.
My wife and I signed up for Ignite this fall when we moved. It's great for TV, but honestly, who really watches TV any more? The internet is or should be Rogers' core business. Anyway, it didn't take long for the VPN issue to raise its ugly head. She can't connect to work, and connecting via another commercial VPN is spotty at best. Looking for solutions, I stumbled on these and similar messages. I can't help but be struck by how backward the Rogers approach is - "We don't care. Solve your own problem" is the core message. For comparison, imagine for a second the protests and loss of business if we couldn't use a car - if it just stalled - on highways because "use of highways isn't supported." The problem with that is that using VPNs is now normal, from work to personal life. If Rogers can't fix the problem for us, then maybe Bell will. But who knows? They may have similar issues. And that, folks, is why healthy competition is so important.
By chance which model modem do you have for ignite?
There is another thread on this.
Trying to figure out if its a modem hardware/firmware issue, as there are two different ones used out there for the Ignite.
I have a personal VPN, through PIA, which seems to connect just fine. Mind you its not on all the time and for long.
I also use a VPN for work, cisco anyconnect, and it seems to connect just fine as well.
(Mind you its not a full 100% vpn, its a split tunnel, so only some data is specifically sent across the vpn)