The latest software version can be downloaded HERE.
The following installation files are for older ITASCA software products. These are the latest revision/subversion for each product. Note that technical support is typically only provided for 1-year after the next major version is released.
Click one of the following to download the installer.
Resolving Error 28201 with Kerio VPN Client: A Step-by-Step Guide
Are you encountering the frustrating Error 28201 while trying to connect to your Kerio VPN Client? You're not alone. Many users have reported this issue, which can be a significant hindrance to productivity and secure remote access. In this blog post, we'll explore what Error 28201 is, its common causes, and provide a comprehensive guide on how to resolve it.
What is Error 28201?
Error 28201 is a specific error code associated with the Kerio VPN Client, a popular software solution for secure and remote access to networks. When this error occurs, users are typically unable to establish a VPN connection, receiving a message that reads: "Error 28201: Failed to connect to the VPN server." error 28201 kerio vpn client
Common Causes of Error 28201
Before diving into the solutions, it's essential to understand the common causes of Error 28201:
Troubleshooting Steps to Resolve Error 28201 Resolving Error 28201 with Kerio VPN Client: A
Don't worry; we've got you covered. Follow these step-by-step troubleshooting guides to resolve Error 28201:
Kerio Control uses SSL certificates to encrypt VPN traffic. If the certificate on the server is self-signed, expired, or not trusted by the client, the handshake fails, throwing Error 28201.
The most frequent culprit behind Error 28201 is a network obstruction between the client and the server. Kerio VPN primarily uses UDP port 4090. Many corporate or home firewalls, as well as restrictive ISP routers, might block or throttle this port. To diagnose this, one should use a tool like telnet or nc (Netcat) to test connectivity: telnet <server_ip> 4090. If the connection is immediately refused or times out, a firewall is actively blocking the port. On the server side, an administrator must verify that the Kerio Control firewall’s "VPN" service is enabled and that its incoming rule explicitly allows UDP 4090. Additionally, the server’s own host-based firewall (Windows Defender Firewall or Linux iptables) must permit this traffic. Outdated Kerio VPN Client Software : Using an
If network connectivity is confirmed, the next suspect is a protocol version mismatch. Kerio Control updates often refine the VPN handshake. A client version 9.x attempting to connect to a server version 8.x may trigger Error 28201 because the cryptographic handshake fails. To resolve this, ensure both the client and server are updated to the latest compatible versions (e.g., both on the same major release). In some cases, the server configuration may have "Allow only secure ciphers" enabled, which the client cannot negotiate. The solution is to temporarily relax cipher requirements on the server for testing, then update the client.
Third, client-side configuration corruption is a common source. The Kerio VPN client stores connection profiles and certificates in a local SQLite database or .kvp file. If this file becomes corrupted after an improper shutdown or a failed update, the client will send malformed connection requests, leading to Error 28201. Resolution involves completely uninstalling the Kerio VPN Client, deleting residual folders (e.g., %ProgramData%\Kerio\VPN Client), and reinstalling a fresh copy. Simply reinstalling without removing leftover configuration data often fails to resolve the issue.