Hi there,
I'll set a little background first, to help explain the issue; we have a main office in the UK and a satellite office in Australia. The UK office operates on an AD-managed network using windows server 2003, the Australian office currently operates on individual laptops running XP Pro, the users log on to a local account on the laptop and manually connect to the VPN using PPTP over a broadband connection using credentials from the AD network, the VPN connections go directly to the AD machine (where you go to my network places -> "set up new connection" and select "Allow incoming VPN connections" - yeah I know this is really bad practice, this is just a temporary solution). All Australian users have an IP subnet of 192.168.1.x, the UK office has an IP subnet of 192.168.0.x .
This solution, albeit far from the end solution, works well; they can access all local resources on the VPN without any issues, access the main information portal (SharePoint) and generally function as a satellite office. Myself and another manager often dial in to the VPN from our home connections and can use it without a problem (they use it for the Intranet, I primarily use Remote Desktop to check up on the various internal machines).
There is one persistent problem, however; every hour, at 30 seconds past the hour, the VPN hangs and they have to disconnect from it and reconnect. It doesn't matter what is happening at the time; for the Australian guys they're often using the Intranet, I'm often using remote desktop at the time and it just cuts out. It also doesn't matter when you connect; if you connect at 5 past the hour, 5 to the hour, 22 minutes part the hour, etc, it will still hang bang on 30 seconds after the following hour (note: the 30 seconds past the hour is based on my PC clock, the point is no matter what clock you use it will hang at exactly the same time every hour).
If I explain what I have investigated so far hopefully you'll be able to find a hole in my investigation and propose a solution, as I'm now at a stage where I'm completely stumped (as well as at the extent of my knowledge as a developer who's had a network admin role thrust upon him for the last 5 years). I want to move to a site-to-site VPN solution but until I can solve this problem I don't want to invest the time into setting it up.
1) The first route was to check firewalls to make sure all traffic was getting through - the fact they could connect for an hour at a time made me think this not the case but I wanted to eliminate this issue - the modem/router (a 2wire 1800HG) was allowing port 1723 through, and although there appeared to be no way to allow protocol 47 (GRE) through I confirmed that was working by downloading the PPTPsrv and PPTPclnt support tools and running various tests.
2) Next I looked at MTU size. I've "tweaked" the MTU size on a number of occasions, which is now settled on 1372, which has had no effect on the connection - note, the MTU size is only set on the router/modems at both offices via an option on both modems ("force upstream MTU"), I haven't modified any registry settings.
3) I checked the network policy to make sure there weren't any obvious remote access timeout policies set. I couldn't find any.
4) I have set up a VPN gateway machine using RRAS on a spare static IP route in to the office - I actually use this to access the VPN from home and eventually will replace the current setup (which should be as simple as just switching over the cables). On this machine I still experience the same issue. Interestingly when I lose my connection to the VPN and have to disconnect / reconnect the logs record the exact moment I select disconnect, which suggests to me there is still some activity going on.
5) Finally, I've got a server at home. I replicated the AD setup and allowed incoming VPN connections. Interestingly when I'm in the office and I initiate a VPN connection to my home server I can stay connected all day, which to me has eliminated any odd network policies as I've effectively mirrored the office setup.
6) I've also updated the home server to run a site to site VPN between my house and the office and again the connection still hangs bang on the hour.
One other thing to note is that at all times I've set up the VPN to reconnect on disconnection, but it never does, so again that makes me think there is still some activity, it's just the main bulk of activity seems to stop.
The only other thing which I can think of (which came from reading a forum post from page 13 of a google search...) is that someone mentioned the broadband speeds of the various networks may have something to do with it; the UK office is currently capped at 1Mbps downstream due to poor quality of the lines in the area, whereas my house line and the Australian office line is an "up to 8Mbps" connection (I think I average 7Mbps and the Australian office gets about 6.5Mbps).
I'm pretty-much at an odds-end on this one - this is my last step before I have to call in a consultant (who the MD refuses to hire as he seems to think because I work in IT I know how to do everything, when truth be told I'm just a programmer who's just had to pick this all up as he went along!)
Also, apologies for the long question - I'm hoping by putting enough detail in I won't waste too much of your time on stuff I've already looked at.
