Download Flow VPN for Windows
Download the Flow VPN Client for Windows.
This client is the easiest way to use Flow VPN on a Windows system, with no complex configuration required.
Download Flow VPN for Windows
Configure VPN IPSec IKEv2 for Windows 2012 and 2016
You can manually configure FlowVPN for Windows 2012 and 2016 to create a secure IPSec IKEv2 connection to our servers.
First, download and install the FlowVPN client from here – you need this even if creating a manual connection as it contains several registry settings for our services.
Next follow this guide to setup FlowVPN for Windows.
Common Windows VPN Errors:
Windows Error 860 The remote access connection completed, but authentication failed because of an error in the certificate that the client uses to authenticate the server.
If you see an error: “Authentication failed because of an error in the certificate that the client uses to authenticate the server,” revisit IKEv2 setup in step 8 and 9 in Network Connections > Properties and uncheck IPV6 in the Networking tab. Try reconnecting Flow VPN.
VPN Error 87: The parameter is incorrect
This is a common error in Windows 10 when Internet Connection Sharing is enabled. Please disable Internet Connection Sharing.
The error has also been reported on systems with VMWare installed. Please disable the VMWare network adaptors.
If the issue persists, please reinstall the IKEv2 WAN Miniport and reboot the machine.
This is an issue with the Windows operating system configuration and not specific to FlowVPN.
Windows Error 13801 IKE Authentication Credentials are Unacceptable
Please install the FlowVPN client from https://www.flowvpx.com/download – this includes a registry fix for this issue. After installing FlowVPN please complete the following:
Network Connection -> FlowVPN -> Related Settings -> Change Adaptor Options -> FlowVPN -> Properties -> Security:
Data Encryption: Optional
Authentication: Use Extensible Authentication Protocol
Microsoft Secured Password
Error 809: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g., firewalls, NAT, Router etc.) between your computer and the remote server is not configured to allow VPN connections.
This error occurs when your system is unable to reach the VPN service. This is usually due to an issue with configuration on your local PC, LAN or an issue in the communication between your system and our VPN server.
Please check the following:
- Any Anti Virus software whitelists FlowVPN
- Ensure no other VPN applications are enabled
- Check your route configuration and ensure the “IPSec Passthrough” is enabled
- Change VPN Protocol
- Change VPN location
- Whitelist FlowVPN in your firewall
VPN Error Code: 868
This error occurs when the domain name for our server cannot be looked up. Please try changing to a different VPN location, or configure the connection manually and use the IP address for the VPN server.
Windows VPN Error Codes
The following list contains the error codes for dial-up connections or VPN connections:
An operation is pending.
The port handle is invalid.
The port is already open.
Caller’s buffer is too small.
Wrong information specified.
Cannot set port information.
The port is not connected.
The event is invalid.
The device does not exist.
The device type does not exist.
The buffer is invalid.
The route is not available.
The route is not allocated.
Invalid compression specified.
Out of buffers.
The port was not found.
An asynchronous request is pending.
The port or device is already disconnecting.
The port is not open.
The port is disconnected.
There are no endpoints.
Cannot open the phone book file.
Cannot load the phone book file.
Cannot find the phone book entry.
Cannot write the phone book file.
Invalid information found in the phone book.
Cannot load a string.
Cannot find key.
The port was disconnected.
The port was disconnected by the remote machine.
The port was disconnected due to hardware failure.
The port was disconnected by the user.
The structure size is incorrect.
The port is already in use or is not configured for Remote Access dialout.
Cannot register your computer on the remote network.
The wrong device is attached to the port.
The string could not be converted.
The request has timed out.
No asynchronous net available.
A NetBIOS error has occurred.
The server cannot allocate NetBIOS resources needed to support the client.
One of your NetBIOS names is already registered on the remote network.
A network adapter at the server failed.
You will not receive network message popups.
Internal authentication error.
The account is not permitted to log on at this time of day.
The account is disabled.
The password has expired.
The account does not have Remote Access permission.
The Remote Access server is not responding.
Your modem (or other connecting device) has reported an error.
Unrecognized response from the device.
A macro required by the device was not found in the device .INF file section.
A command or response in the device .INF file section refers to an undefined macro
The macro was not found in the device .INF file section.
The macro in the device .INF file section contains an undefined macro
The device .INF file could not be opened.
The device name in the device .INF or media .INI file is too long.
The media .INI file refers to an unknown device name.
The device .INF file contains no responses for the command.
The device .INF file is missing a command.
Attempted to set a macro not listed in device .INF file section.
The media .INI file refers to an unknown device type.
Cannot allocate memory.
The port is not configured for Remote Access.
Your modem (or other connecting device) is not functioning.
Cannot read the media .INI file.
The connection dropped.
The usage parameter in the media .INI file is invalid.
Cannot read the section name from the media .INI file.
Cannot read the device type from the media .INI file.
Cannot read the device name from the media .INI file.
Cannot read the usage from the media .INI file.
Cannot read the maximum connection BPS rate from the media .INI file.
Cannot read the maximum carrier BPS rate from the media .INI file.
The line is busy.
A person answered instead of a modem.
There is no answer.
Cannot detect carrier.
There is no dial tone.
General error reported by device.
ERROR WRITING SECTIONNAME
ERROR WRITING DEVICETYPE
ERROR WRITING DEVICENAME
ERROR WRITING MAXCONNECTBPS
ERROR WRITING MAXCARRIERBPS
ERROR WRITING USAGE
ERROR WRITING DEFAULTOFF
ERROR READING DEFAULTOFF
ERROR EMPTY INI FILE
Access denied because username and/or password is invalid on the domain.
Hardware failure in port or attached device.
ERROR NOT BINARY MACRO
ERROR DCB NOT FOUND
ERROR STATE MACHINES NOT STARTED
ERROR STATE MACHINES ALREADY STARTED
ERROR PARTIAL RESPONSE LOOPING
A response keyname in the device .INF file is not in the expected format.
The device response caused buffer overflow.
The expanded command in the device .INF file is too long.
The device moved to a BPS rate not supported by the COM driver.
Device response received when none expected.
ERROR INTERACTIVE MODE
ERROR BAD CALLBACK NUMBER
ERROR INVALID AUTH STATE
ERROR WRITING INITBPS
X.25 diagnostic indication.
The account has expired.
Error changing password on domain.
Serial overrun errors were detected while communicating with your modem.
RasMan initialization failure. Check the event log.
Biplex port is initializing. Wait a few seconds and redial.
No active ISDN lines are available.
Not enough ISDN channels are available to make the call.
Too many errors occurred because of poor phone line quality.
The Remote Access IP configuration is unusable.
No IP addresses are available in the static pool of Remote Access IP addresses.
PPP terminated by remote machine.
No PPP control protocols configured.
Remote PPP peer is not responding.
The PPP packet is invalid.
The phone number, including prefix and suffix, is too long.
The IPX protocol cannot dial-out on the port because the computer is an IPX router.
The IPX protocol cannot dial-in on the port because the IPX router is not installed.
The IPX protocol cannot be used for dial-out on more than one port at a time.
Cannot access TCPCFG.DLL.
Cannot find an IP adapter bound to Remote Access.
SLIP cannot be used unless the IP protocol is installed.
Computer registration is not complete.
The protocol is not configured.
The PPP negotiation is not converging.
The PPP control protocol for this network protocol is not available on the server.
The PPP link control protocol terminated.
The requested address was rejected by the server.
The remote computer terminated the control protocol.
The server did not assign an address.
The remote server cannot use the Windows NT encrypted password.
The TAPI devices configured for Remote Access failed to initialize or were not installed correctly.
The local computer does not support encryption.
The remote server does not support encryption.
The remote server requires encryption.
Cannot use the IPX net number assigned by the remote server. Check the event log.
The callback number contains an invalid character. Only the following 18 characters are allowed: 0 to 9, T, P, W, (,), -, @, and space
A syntax error was encountered while processing a script.
The connection could not be disconnected because it was created by the multi-protocol router.
The system could not find the multi-link bundle.
The system cannot perform automated dial because this connection has a custom dialer specified.
This connection is already being dialed.
Remote Access Services could not be started automatically. Additional information is provided in the event log.
Internet Connection Sharing is already enabled on the connection.
An error occurred while the existing Internet Connection Sharing settings were being changed.
An error occurred while routing capabilities were being enabled.
An error occurred while Internet Connection Sharing was being enabled for the connection.
An error occurred while the local network was being configured for sharing.
Internet Connection Sharing cannot be enabled. There is more than one LAN connection other than the connection to be shared.
No smart card reader is installed.
Internet Connection Sharing cannot be enabled. A LAN connection is already configured with the IP address that is required for automatic IP addressing.
A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate.
Internet Connection Sharing cannot be enabled. The LAN connection selected as the private network has more than one IP address configured. Reconfigure the LAN connection with a single IP address before enabling Internet Connection Sharing.
The connection attempt failed because of failure to encrypt data.
The specified destination is not reachable.
The remote computer rejected the connection attempt.
The connection attempt failed because the network is busy.
The remote computer’s network hardware is incompatible with the type of call requested.
The connection attempt failed because the destination number has changed.
The connection attempt failed because of a temporary failure. Try connecting again.
The call was blocked by the remote computer.
The call could not be connected because the remote computer has invoked the Do Not Disturb feature.
The connection attempt failed because the modem (or other connecting device on the remote computer is out of order.
It was not possible to verify the identity of the server.
To dial out using this connection, you must use a smart card.
An attempted function is not valid for this connection.
The connection requires a certificate, and no valid certificate was found. For further assistance, click More Info or search Help and Support Center for this error number.
Internet Connection Sharing (ICS and Internet Connection Firewall (ICF cannot be enabled because Routing and Remote Access has been enabled on this computer. To enable ICS or ICF, first disable Routing and Remote Access. For more information about Routing and Remote Access, ICS, or ICF, see Help and Support.
Internet Connection Sharing cannot be enabled. The LAN connection selected as the private network is either not present, or is disconnected from the network. Ensure that the LAN adapter is connected before enabling Internet Connection Sharing.
You cannot dial using this connection at logon time, because it is configured to use a user name different than the one on the smart card. If you want to use it at logon time, you must configure it to use the user name on the smart card.
You cannot dial using this connection at logon time, because it is not configured to use a smart card. If you want to use it at logon time, you must edit the properties of this connection so that it uses a smart card.
The L2TP connection attempt failed because there is no valid machine certificate on your computer for security authentication.
The L2TP connection attempt failed because the security layer could not authenticate the remote computer.
The L2TP connection attempt failed because the security layer could not negotiate compatible parameters with the remote computer.
The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.
The L2TP connection attempt failed because certificate validation on the remote computer failed.
The L2TP connection attempt failed because security policy for the connection was not found.
The L2TP connection attempt failed because security negotiation timed out.
The L2TP connection attempt failed because an error occurred while negotiating security.
The Framed Protocol RADIUS attribute for this user is not PPP.
The Tunnel Type RADIUS attribute for this user is not correct.
The Service Type RADIUS attribute for this user is neither Framed nor Callback Framed.
A connection to the remote computer could not be established because the modem was not found or was busy. For further assistance, click More Info or search Help and Support Center for this error number.
A certificate could not be found that can be used with this Extensible Authentication Protocol.
Internet Connection Sharing (ICS cannot be enabled due to an IP address conflict on the network. ICS requires the host be configured to use 192.168.0.1. Ensure that no other client on the network is configured to use 192.168.0.1.
Unable to establish the VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection.
This connection is configured to validate the identity of the access server, but Windows cannot verify the digital certificate sent by the server.
The card supplied was not recognized. Check that the card is inserted correctly, and fits tightly.
The PEAP configuration stored in the session cookie does not match the current session configuration.
The PEAP identity stored in the session cookie does not match the current identity.
You cannot dial using this connection at logon time, because it is configured to use logged on user’s credentials.
The router is not running.
The interface is already connected.
The specified protocol identifier is not known to the router.
The Demand-dial Interface Manager is not running.
An interface with this name is already registered with the router.
An interface with this name is not registered with the router.
The interface is not connected.
The specified protocol is stopping.
The interface is connected and hence cannot be deleted.
The interface credentials have not been set.
This interface is already in the process of connecting.
An update of routing information on this interface is already in progress.
The interface configuration in invalid. There is already another interface that is connected to the same interface on the remote router.
A Remote Access Client attempted to connect over a port that was reserved for Routers only.
A Demand Dial Router attempted to connect over a port that was reserved for Remote Access Clients only.
The client interface with this name already exists and is currently connected.
The interface is in a disabled state.
The authentication protocol was rejected by the remote peer.
There are no authentication protocols available for use.
The remote computer refused to be authenticated using the configured authentication protocol. The line has been disconnected.
The remote account does not have Remote Access permission.
The remote account has expired.
The remote account is disabled.
The remote account is not permitted to logon at this time of day.
Access was denied to the remote peer because username and/or password is invalid on the domain.
There are no routing enabled ports available for use by this demand dial interface.
The port has been disconnected due to inactivity.
The interface is not reachable at this time.
The Demand Dial service is in a paused state.
The interface has been disconnected by the administrator.
The authentication server did not respond to authentication requests in a timely fashion.
The maximum number of ports allowed for use in the multilinked connection has been reached.
The connection time limit for the user has been reached.
The maximum limit on the number of LAN interfaces supported has been reached.
The maximum limit on the number of Demand Dial interfaces supported has been reached.
The maximum limit on the number of Remote Access clients supported has been reached.
The port has been disconnected due to the BAP policy.
Because another connection of your type is in use, the incoming connection cannot accept your connection request.
No RADIUS servers were located on the network.
An invalid response was received from the RADIUS authentication server. Make sure that the case-sensitive secret password for the RADIUS server is set correctly.
You do not have permission to connect at this time.
You do not have permission to connect using the current device type.
You do not have permission to connect using the selected authentication protocol.
BAP is required for this user.
The interface is not allowed to connect at this time.
The saved router configuration is incompatible with the current router.
RemoteAccess has detected older format user accounts that will not be migrated automatically. To migrate these manually, run XXXX.
The transport is already installed with the router.
Received invalid signature length in packet from RADIUS server.
Received invalid signature in packet from RADIUS server.
Did not receive signature along with EAPMessage from RADIUS server.
Received packet with invalid length or Id from RADIUS server.
Received packet with attribute with invalid length from RADIUS server.
Received invalid packet from RADIUS server.
Authenticator does not match in packet from RADIUS server.
How to manually set up Flow VPN on Windows 7, 8 and 10
You’ve signed up for Flow VPN and received your client area and VPN login details by email. Next, you need to configure your computer / device…
Windows 7 and 8: manually configure a connection
1. Open Notepad and save an empty file, ideally on your desktop
2. Right-click on the file, select ‘rename’ and change the file extension from .txt to .pbk
You’ll see a warning – click ‘Yes’, then the file’s icon should change.
3. Double click on your new .pbk file to open it. You’ll see a message: “The phonebook is empty…” – click ‘OK’
4. “Set up a new connection”: select ‘Workplace network’
5. Populate ‘server name’ with your choice of Flow VPN server addresses – you’ll find the full list in your client area.
Destination name can be anything, ‘FlowVPN’ is fine. Click ‘Create’
7. Enter your username and your VPN password – for Flow VPN subscribers your username will be your email address and you can find your VPN password in your client area. Please note that your VPN password is not the one used to log in to the client area.
Windows 10: manually configure a connection
- Go to All Settings > Network & Internet > VPN
- sweep from the right of the screen to open the menu and click VPN
- search for VPN and select “Change virtual private networks”
2. Click ‘Add a VPN connection’
3. Complete the fields as follows…
VPN Provider: Windows
Connection name: Flow VPN
Server name: your choice of server location – see the list in your client area – entered in the format uk.flow.host
VPN Type: PPTP
Type of sign-in info: Username and password
Username: your email address
Password: you can find your special VPN password in your client area
…then click ‘Save’
4. You’ll be returned to Network & Internet > VPN. Select Flow VPN and click ‘Connect’