?
Solved

LAN to LAN VPN Connections

Posted on 2003-03-16
12
Medium Priority
?
929 Views
Last Modified: 2010-04-12
Our company has small lan with 6 clients (all w2k) behind a Netgear FSV318 Router.  We have one static ip address for the router and all of the clients are DHCP private addresses assigned by the router.  We connect to our ISP via an ADSL modem at 1024Kb/348Kb up - Pretty standard setup.

Two of our users need to access our lan from home so we decided a VPN might be just the thing.  Already having one of the FVS318 routers, we purchased two more of these (one for each user)  The users both have the same ADSL as described above only with a dynamic ip address instead.  All of the users use the same local ISP.  We successfully configured the IPsec VPN, but we are having performance issues.  Our accounting program (Peachtree) can be used across the VPN Tunnel but very slowly - times out.  

We use a Wk2 Server for our file server which contants the share we need access to.  It has a private IP behind our router also.  

I need some hard advice about how to address this problem.  If I need different hardware or software so be it.  I am willing to try anything.  We need to be able to access this information.  I have been all over the web looking for answers I am going to have to ask for help.

Thanks,

Brian
0
Comment
Question by:darvexwomp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3
12 Comments
 
LVL 4

Expert Comment

by:ferg-o
ID: 8150213
You need to find out what is going wrong with the Peachtree app. The best way to do this is to get a sniffer and look at the traffic that is not going through. Also Peachtree will have some ideas on ways to get the app working well over a VPN.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8151943
Check the local LAN addresses at each of the 3 sites. If the routers are used right out of the box, they may all have the same subnet on the LAN side. Not a good thing.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8151946
Additionally, it could just be a netbios name resolution issue that you can solve with an LMHOSTS file on the remote PC's..
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:darvexwomp
ID: 8155546
Thanks for the information so far about my problem.  I did check the subnets and they are all different for each lan.  I am connecting to the server using a \\server ip\share so I am not sure that the netbios is the problem.  I am starting to think that this isn't possible to do with two dsl lines at a rate that is acceptable.  Can anyone tell me if I am on the right track with the speed issue?

Thanks

Brian
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8155571
If you are connecting by ip address, but can't connect by name, it is a netbios name resolution issue, and I'll be that the Peachtree app is netbios dependent.
Setting up a WINS server at the main site might help, or setup lmhosts files on clients.
You can't go wrong by testing one host at one site:

------------------------------------------------------
LMHOSTS
http://support.microsoft.com/default.aspx?scid=kb;en-us;314884
http://www.realcomputerguy.com/lmhosts.htm
http://www.labmice.net/networking/lmhosts.htm
0
 

Author Comment

by:darvexwomp
ID: 8156422
I took your advise about the LMHOSTS file and added an entry for our server on the client machine.  I was able to map the drive with the //servername/share instead of the ip address of the server.  We tried the peachtree accounting software again but didn't have any luck with it.  Still way to slow to be usable -

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8156449
Some recommendations:

TIP#1:

Speed up your browsing of Windows 2000 & XP machines AND Speed up viewing shared files across a network

Here's a great tip to speed up your browsing of Windows 2000 & XP machines.
Its actually a fix to a bug installed as default in Windows 2000 that scans shared files for Scheduled Tasks.
And it turns out that you can experience a delay as long as 30 seconds when you try to view shared files across a network because
Windows 2000 is using the extra time to search the remote computer for any Scheduled Tasks.
Note that though the fix is originally intended for only those affected, Windows 2000 users will experience
that the actual browsing speed of both the Internet & Windows Explorers improve significantly after applying it
since it doesn't search for Scheduled Tasks anymore.
Here's how :

Open up the Registry and go to :

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/RemoteComputer/NameSpace

Under that branch, select the key :{D6277990-4C6A-11CF-8D87-00AA0060F5BF} and delete it.

This is key that instructs Windows to search for Scheduled Tasks.
If you like you may want to export the exact branch so that you can restore the key if necessary.

This fix is so effective that it doesn't require a reboot and you can almost immediately determine yourself how much it speeds up your browsing processes.

If you like you may want to export the exact branch so that you can restore the key if necessary.
This fix is so effective that it doesn't require a reboot and you can almost immediately determine
yourself how much it speeds up your browsing processes.


-----------------------------------------------------
BONUS TIP#2

Windows XP automatically searches the network for shares and printers upon connecting to the network. This is probably useful in a SOHO or home network but not the enterprise. To disable XP automatic discovery:
In Explorer, click Tools
Click Folder Options
Click the View tab,
Uncheck Automatically Search for Network Folders and Printers in Advanced settings list.
 
It is important to disable this setting in Windows XP because it is the basis of a seriouse security flaw in XP. When you click My Network Places, your logon password may be transmitted automatically to numerous unspecified computers on the LAN. Windows XP tries to acquire the shared resources list of all computers on the LAN. At that time, the users local logon password is used when the password for the shared resource is not known. Your PC transmits the LMhash version of you password.

If there are NT4.0 or any other pre-Windows 2000 PCs on the LAN, XP will transmit your password to the pre-Windows 2000 PCs during its share and print search. It transmits the LM hash which is significantly weaker than XP or Windows 2000 hashes. In order to protect the LM hash, XP has a registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoLMHash which if set to 1 will prevent XP or Windows 2000 from generating the LM hash. pwdump will not be able to acquire the LM hash, which is a good thing.


http://is-it-true.org/nt/xp/atips/atips23.shtml
-----------------------------------------------------
Network troubleshooting

BONUS TIP #3
============
Hidden in Windows XP's System Information utility is a very good tool for getting a lot more information about what's going on. Go to Start | All Programs | Accessories | System Tools | System Information. Then choose Net Diagnostics from the Tools menu. The program will ping your DNS servers, gateways, SMTP and POP3 mail servers, and proxies; test your modem and network adapters; and supply very detailed reports about your settings, as well as which tests passed and which failed.
============
0
 

Expert Comment

by:EdwardD
ID: 8163189
Hi Brian,

I guess that when you PING, all looks well ;-)

Reading that you are running an IPsec tunnel over ADSL may result in trouble regarding delivery of packets.
You need to reduce the MTU of your packets. The reason for your delays and time outs is because of the fact that packets are dropped being to big. The default is 1500. Reduce this to 1460 and every packet will fit in to it's IPsec tunnel.

Good Luck,
Eddie
0
 

Accepted Solution

by:
Vwrinn earned 300 total points
ID: 8163768
Hi Brian,

The problem you are having is not with your network. It is what you are trying to do with your network. Even in today's world of broadband connections the act of running a program on a local machine and accessing the backend over the Internet is tolerable at best. The amount of data is simply too much to transfer at an acceptable speed. I would reccommend keeping your vpn and installing terminal services on your server. The clients will be able to access the terminal server via netbios or a private ip address since the vpn is established. Since the program will actually be running on the server and accessing the data in the same physical location, the only thing being transferred over the internet is the visual images of what is going on. I have set this up before and it works great even from a dial up connection, but it works extremely well via broadband. Hope this helps.
0
 
LVL 4

Expert Comment

by:ferg-o
ID: 8163815
I agree with Vwrinn - being Aussie I can only refer to localised accounting apps but every one I have seen is rubbish programming in terms of low bandwidth connections. Throw a sniffer on them and you get loads of packets full of zeros.

These apps were designed for LANs.

In any case I'd call these Peachtree people and find out what they advise. And if they can't/won't help throw in terminal services - it works.
0
 

Author Comment

by:darvexwomp
ID: 8166309
This was the answer I was expecting but not wanting to hear.  I will have to look at the terminal services and see if that is something I can do.  I am glad to hear that we can still use the VPN connections with the terminal services.  I want to thank everyone who help me out with this.  Now I am closer to making it work.

Thanks,

Brian

0
 
LVL 1

Expert Comment

by:stevegw62
ID: 14724252
Brian

I have the same problem, did you end up find an alternative to remote software, or was Terminal Services or something similar your outcome.

Steve
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question