Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Why VPN over wireless conection drops?

Posted on 2006-05-14
11
Medium Priority
?
944 Views
Last Modified: 2008-01-09
I have PPTP VPN access to my network.

My clients that are connecting over wire internet have no problem and can keep VPN up for hours, no problem.
My clients that are connecting over wireless Internet connection are dropping it ones or twice an hour?

All other things kept equal why wireless VPN would drop?
The funny thing is that wireless icon on the client appears to be up all the time even as PPTP goes down.
0
Comment
Question by:howei
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16677696
Seems sometimes the WEP encryption on top of the VPN encryption can cause "overload" for the router, on some home systems. Is it possible to disable the wireless encryption for a while just to test if that might be the case. Also wireless connections are far less stable and provide less through put. There is a much greater chance of a brief interruption of service which when browsing would appear only as a slow link, but the VPN may disconnect in that time.
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16679104
This is absolutly NORMAL for wireless.  You are doing better than most to get 1-2 hours.  VPN is not really reliable or secure yet over wireless -- the 802.11 "N" specs is supposed to fix that, but it is not generally out yet, so you can go through all kinds of gyrations and tests and not improve it, until new specs emerge for the wireless protocols.
0
 
LVL 44

Assisted Solution

by:scrathcyboy
scrathcyboy earned 400 total points
ID: 16679109
Also, if you have the option, try IPSec -- it has stronger encryption, is a little slower, but there is more of a "retry" factor involved.  You might just find that the IPSec stays up fine.  Dont pick an encryption key longer than 8 chars, it will slow down the VPN, and also maybe cause more drops.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:howei
ID: 16679404
Great remarks guys!

Here is another interesting thing that I discovered in the firewall logs, that is letting this VPN connections go through or not.

I would se: “Malformed or unhandled IP packet dropped” alert in the firewall log.

The source of this packet is typically and exclusively wireless VPN client.
The destination is VPN authentication server on the inside network.
The protocol is: “IP Protocol 47”

Whenever this happened, the client experiences mentioned VPN disconnect.

So, it looks like that for some reason either:
a)  firewall wrongly discharges PPTP incoming packet (I think less likely)  or
b)  packet somehow gets wrongly altered on the source and as such is refused by the firewall  

What it sounds like to you?


0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16679423
IP Protocol 47, is the GRE protocol, which is the encrypted part of the PPTP packet. Further pointing to an encryption problem/conflict. Try dropping the wireless encryption and see if it stops the malformed GRE packets.
0
 

Author Comment

by:howei
ID: 16679574
Rob,
unfortunately, we are talking sensitive data here. I don't think they will let me drop the wireless encryption.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 1200 total points
ID: 16679642
I can understand that, however in favor of that argument why are you using wireless at all. :-)

Except for traveling sales staff who only have a wireless option sometimes, I would never recommend connecting with a VPN over wireless;
a)security is obviously an issue if you have taken the steps to use a VPN, so don't take any risks with wireless
b)there is lost performance with a VPN due to encryption and un-encryption, you don't need to add to that with wireless
c)there seem to be issues with wireless and VPN's, I believe due to 2 forms of encryption. This only seems to be with some routers, others seem OK.
0
 

Author Comment

by:howei
ID: 16683328
In our case wireless is the only option. Think of moving vehicles in need for Internet connection.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16687300
Mmmmmm, restricts your options a bit. It seems some routers support wireless VPN connections better than others. If you get a chance to try a laptop at various locations you could try to see which perform better. I find commercial routers perform better.
What are the VPN users connecting to ? If you are getting 1-2 hours, some VPN servers/routers have idle time out options you can configure. Is it possible that is enabled?
Then, especially if you have a situation of "moving vehicles", it may have nothing to do with the VPN. Wireless is flaky enough, if you have users in vehicles, moving, or around equipment, you could easily loose the wireless connection for a few seconds. To a person browsing the web it appears as a slow link but to the VPN it is enough to drop the connection.
0
 
LVL 2

Assisted Solution

by:Eksteen
Eksteen earned 400 total points
ID: 16688553
Another interesting option would be to opt for HP VLAN technology linked with Identity driven Manager that profiles a user/computer/updates option trhough RADIUS.  this way you can take any computer that attaches to your WIF and at layer two chnage trafic routing.  so even without encrypting the connection wit the wifi router the connections of people other than your employees are redirected to a honey pot or just dropped or off on a quaranteen network.  Gives you maximum throughput with the least amout of overhead and still keeps WIFI more secure than wep incryption.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16771195
Thanks howei,
--Rob
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question