Q100030: Remotely accessing your floating licenses through a VPN (Virtual Private Network)



We are often asked if it’s possible to access licenses floated from a RLM license server on a local network when a user is working remotely. The good news is that this can be done with a VPN connection to the company network that the license server is on.

A VPN (virtual private network) connection is simply a tunnel on a network, usually via the internet. If a machine is remotely connected via VPN to a company network then it should be able to contact a license server and check out a license.  The remote machine will be able to use the license as long as it remains connected via VPN.

NOTE: We cannot assist with configuring a network or VPN settings.  Please contact your network administrator for assistance.

However, we can give some general guidance on what you’ll need to open to get a floating license to and how you can test if a connection isn’t working.



In order for a machine to checkout a license from a server it needs to be able to contact the license server using its hostname, fully qualified domain name (FQDN) or IP address and the ports used by the license server need to be open in any firewall or VPN settings.

The main port used for connecting to the license server is specified on the HOST line of the license server file.  This is usually port 4101 but you may be using a different port if you have a custom setup or a combined RLM server for multiple vendors.  A second port is used by the ISV vendor daemon part of the server license server, this is normally assigned at random but if you need to float licenses through a firewall or VPN then you need to assign a port for the ISV too so the same one is used every time.  Instructions on how to do this are in Q100374: How to make the RLM server use a dedicated ISV port

Once you have set a port you’ll also need to add an exception to your firewall settings to let the RLM server communicate through it.  Please note that you need to allow both IPv4 and IPv6 communication through the firewall. Information on firewall exceptions is available in Q100216: How to Use A License Server Through a Firewall

How to add and checking existing server connections

You can point a machine to a license server using the Foundry Licensing Utility (FLU) or the licensing dialog in our applications. Instructions on how to do this are in Q100264: How to point a machine to your license server

When giving the server details you can use the hostname, fully qualified domain name or IP address as long as they are static and can be resolved through the VPN connection. In most cases the port to specify is 4101 but please double check with your license administrator in case.

You can check the details of the licenses server(s) a machine is pointing to with FLU 8 and above.  Install and launch the FLU on a remote machine then click on “License Server Connections” to view or add a new connection. 

Testing remote connections

The first step to test if a remote machine can contact the license server is to run a ping command from a command prompt or terminal, i.e.

ping servername

where "servername" is the hostname, FQDN or IP address.  A successful ping command will look like the following (where sikorski is the remote client): 

sikorski:~ dave$ ping grim
PING grim.thefoundry.co.uk ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=0.477 ms
64 bytes from icmp_seq=1 ttl=64 time=0.380 ms
64 bytes from icmp_seq=2 ttl=64 time=0.249 ms
64 bytes from icmp_seq=3 ttl=64 time=0.313 ms
64 bytes from icmp_seq=4 ttl=64 time=0.327 ms

(type <control> + c to halt the stream of output)

A bad ping test looks like this example:

sikorski:~ dave$ ping goofy
ping: cannot resolve goofy: Unknown host


Typically a ping test to the server won't be blocked by a firewall.  You can test if the remote machine can contact the server AND if the port is open by running a Telnet command.  From a Terminal on a client (Windows machines have a telnet client you can enable) the command is 

telnet yourservername 4101

If the port is open and it successfully connects, then the terminal will display

Trying <yourservername's IP address>...
Connected to nemo.
Escape character is '^]'

or if there's a DNS involved, it could display

Trying <yourservername's IP address>...
Connected to <yourservername's fully-qualified domain name>.
Escape character is '^]'

Use <control>+ right bracket to get back to telnet prompt and use <control>+c to get back to the terminal prompt

If that works you can then repeat the test with the ISV port for the server.  Please check with your system administrator to find out if this has been assigned as detailed above.



If you are encountering problems checking out licenses through a VPN then please check with your network administrator.  Whilst we cannot troubleshoot networking setup issues we can confirm if the licenses are setup correctly if you open a Support Ticket and send us diagnostic files from the Foundry Licensing Utility (FLU) for BOTH the license server and the remote machine.  Instructions on how to generate the files can be found in Q100105: How to generate a License Diagnostic file

    We're sorry to hear that

    Please tell us why