• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 952
  • Last Modified:

Why VPN over wireless conection drops?

I have PPTP VPN access to my network.

My clients that are connecting over wire internet have no problem and can keep VPN up for hours, no problem.
My clients that are connecting over wireless Internet connection are dropping it ones or twice an hour?

All other things kept equal why wireless VPN would drop?
The funny thing is that wireless icon on the client appears to be up all the time even as PPTP goes down.
0
howei
Asked:
howei
  • 5
  • 3
  • 2
  • +1
3 Solutions
 
Rob WilliamsCommented:
Seems sometimes the WEP encryption on top of the VPN encryption can cause "overload" for the router, on some home systems. Is it possible to disable the wireless encryption for a while just to test if that might be the case. Also wireless connections are far less stable and provide less through put. There is a much greater chance of a brief interruption of service which when browsing would appear only as a slow link, but the VPN may disconnect in that time.
0
 
scrathcyboyCommented:
This is absolutly NORMAL for wireless.  You are doing better than most to get 1-2 hours.  VPN is not really reliable or secure yet over wireless -- the 802.11 "N" specs is supposed to fix that, but it is not generally out yet, so you can go through all kinds of gyrations and tests and not improve it, until new specs emerge for the wireless protocols.
0
 
scrathcyboyCommented:
Also, if you have the option, try IPSec -- it has stronger encryption, is a little slower, but there is more of a "retry" factor involved.  You might just find that the IPSec stays up fine.  Dont pick an encryption key longer than 8 chars, it will slow down the VPN, and also maybe cause more drops.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
howeiAuthor Commented:
Great remarks guys!

Here is another interesting thing that I discovered in the firewall logs, that is letting this VPN connections go through or not.

I would se: “Malformed or unhandled IP packet dropped” alert in the firewall log.

The source of this packet is typically and exclusively wireless VPN client.
The destination is VPN authentication server on the inside network.
The protocol is: “IP Protocol 47”

Whenever this happened, the client experiences mentioned VPN disconnect.

So, it looks like that for some reason either:
a)  firewall wrongly discharges PPTP incoming packet (I think less likely)  or
b)  packet somehow gets wrongly altered on the source and as such is refused by the firewall  

What it sounds like to you?


0
 
Rob WilliamsCommented:
IP Protocol 47, is the GRE protocol, which is the encrypted part of the PPTP packet. Further pointing to an encryption problem/conflict. Try dropping the wireless encryption and see if it stops the malformed GRE packets.
0
 
howeiAuthor Commented:
Rob,
unfortunately, we are talking sensitive data here. I don't think they will let me drop the wireless encryption.
0
 
Rob WilliamsCommented:
I can understand that, however in favor of that argument why are you using wireless at all. :-)

Except for traveling sales staff who only have a wireless option sometimes, I would never recommend connecting with a VPN over wireless;
a)security is obviously an issue if you have taken the steps to use a VPN, so don't take any risks with wireless
b)there is lost performance with a VPN due to encryption and un-encryption, you don't need to add to that with wireless
c)there seem to be issues with wireless and VPN's, I believe due to 2 forms of encryption. This only seems to be with some routers, others seem OK.
0
 
howeiAuthor Commented:
In our case wireless is the only option. Think of moving vehicles in need for Internet connection.
0
 
Rob WilliamsCommented:
Mmmmmm, restricts your options a bit. It seems some routers support wireless VPN connections better than others. If you get a chance to try a laptop at various locations you could try to see which perform better. I find commercial routers perform better.
What are the VPN users connecting to ? If you are getting 1-2 hours, some VPN servers/routers have idle time out options you can configure. Is it possible that is enabled?
Then, especially if you have a situation of "moving vehicles", it may have nothing to do with the VPN. Wireless is flaky enough, if you have users in vehicles, moving, or around equipment, you could easily loose the wireless connection for a few seconds. To a person browsing the web it appears as a slow link but to the VPN it is enough to drop the connection.
0
 
EksteenCommented:
Another interesting option would be to opt for HP VLAN technology linked with Identity driven Manager that profiles a user/computer/updates option trhough RADIUS.  this way you can take any computer that attaches to your WIF and at layer two chnage trafic routing.  so even without encrypting the connection wit the wifi router the connections of people other than your employees are redirected to a honey pot or just dropped or off on a quaranteen network.  Gives you maximum throughput with the least amout of overhead and still keeps WIFI more secure than wep incryption.
0
 
Rob WilliamsCommented:
Thanks howei,
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now