Solved

How to VPN through DirecWay DW7000 (HN7000) Satellite connection to Windows 2003 RRAS PPTP or L2TP VPN

Posted on 2006-11-22
5
435 Views
Last Modified: 2008-02-01
The title says it all. We're connecting to the vpn host, but not getting beyond authentication. Has anybody successfully done this? Must I enable PAP authentication on the RRAS server?
0
Comment
Question by:jhafer2802
  • 2
5 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17999278
Often times a VPN is not possible over a satellite connection for 2 reasons.
1) The basic design of satellite networks causes significant end to end propagation delays that results in ping replies which are often between 300 and 500ms which  drastically degrades performance (should be no more than 125ms)  
2) the satellite connection will often not support various encryption protocols such as PPTP and IPSec
A couple of articles explaining some of these difficulties:
http://compnetworking.about.com/od/vpn/f/vpnandsatellite.htm
http://www.agristar.com/satellite_vpn.shtml
http://forum.ecoustics.com/bbs/messages/34579/127542.html
0
 

Author Comment

by:jhafer2802
ID: 18000711
According to the DirecWay/HughesNet support pages, it is possible to make a VPN connection to a Windows RRAS VPN, although performance can be expected to be reduced by aproximately 50%. They do not however provide specific documentation of the configuration required to make said connection. I am able to make an initial connection to the RRAS server, which prompts for authentication, but the authentication fails with an error 721.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 75 total points
ID: 18000733
The 721 error almost certainly indicates that the GRE protocol is being blocked at some point. Check that all routers have PPTP pass-through enabled, if possible. Since you mention " DirecWay/HughesNet support pages, it is possible to make a VPN connection to a Windows RRAS VPN" they seem to support PPTP/GRE. However with 50% loss in performance it may be difficult to maintain the connection.

There are a couple of tests you can do to check if port forwarding for PPTP is configured correctly and that GRE is allowed to pass.

To verify PPTP, port 1723, is forwarded; from the VPN server go to the following site and test for port 1723:
http://www.canyouseeme.org

Assuming that is working correctly, Microsoft has a pair of test tools pptpsrv and pptpclnt, to test for GRE pass-through, which are available as part of the Windows resource kit or from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/

Log onto the client or VPN server machine and connect to the other with remote desktop, or a similar remote management tool. At a command line on the client machine, run pptpclnt and on the server run pptpsrv. The client machine will send a set of GRE packets to the server and it should show as received if GRE is able to pass. The server is then supposed to respond and the client indicate received, but I have never had that part work. The one direction client to server is usually enough to test.

Following links outline the use of the test tools:
http://www.howtonetworking.com/Tools/testgre.htm
See VPN traffic:
http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Comparing Internet speeds via throughput 3 33
SOFS cluser offline 3 39
Public DNS? 10 50
Cisco RV 130 - No internet on wired connections, wireless clients ok 32 20
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now