Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to VPN through DirecWay DW7000 (HN7000) Satellite connection to Windows 2003 RRAS PPTP or L2TP VPN

Posted on 2006-11-22
5
Medium Priority
?
459 Views
Last Modified: 2008-02-01
The title says it all. We're connecting to the vpn host, but not getting beyond authentication. Has anybody successfully done this? Must I enable PAP authentication on the RRAS server?
0
Comment
Question by:jhafer2802
  • 2
5 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17999278
Often times a VPN is not possible over a satellite connection for 2 reasons.
1) The basic design of satellite networks causes significant end to end propagation delays that results in ping replies which are often between 300 and 500ms which  drastically degrades performance (should be no more than 125ms)  
2) the satellite connection will often not support various encryption protocols such as PPTP and IPSec
A couple of articles explaining some of these difficulties:
http://compnetworking.about.com/od/vpn/f/vpnandsatellite.htm
http://www.agristar.com/satellite_vpn.shtml
http://forum.ecoustics.com/bbs/messages/34579/127542.html
0
 

Author Comment

by:jhafer2802
ID: 18000711
According to the DirecWay/HughesNet support pages, it is possible to make a VPN connection to a Windows RRAS VPN, although performance can be expected to be reduced by aproximately 50%. They do not however provide specific documentation of the configuration required to make said connection. I am able to make an initial connection to the RRAS server, which prompts for authentication, but the authentication fails with an error 721.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 300 total points
ID: 18000733
The 721 error almost certainly indicates that the GRE protocol is being blocked at some point. Check that all routers have PPTP pass-through enabled, if possible. Since you mention " DirecWay/HughesNet support pages, it is possible to make a VPN connection to a Windows RRAS VPN" they seem to support PPTP/GRE. However with 50% loss in performance it may be difficult to maintain the connection.

There are a couple of tests you can do to check if port forwarding for PPTP is configured correctly and that GRE is allowed to pass.

To verify PPTP, port 1723, is forwarded; from the VPN server go to the following site and test for port 1723:
http://www.canyouseeme.org

Assuming that is working correctly, Microsoft has a pair of test tools pptpsrv and pptpclnt, to test for GRE pass-through, which are available as part of the Windows resource kit or from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/

Log onto the client or VPN server machine and connect to the other with remote desktop, or a similar remote management tool. At a command line on the client machine, run pptpclnt and on the server run pptpsrv. The client machine will send a set of GRE packets to the server and it should show as received if GRE is able to pass. The server is then supposed to respond and the client indicate received, but I have never had that part work. The one direction client to server is usually enough to test.

Following links outline the use of the test tools:
http://www.howtonetworking.com/Tools/testgre.htm
See VPN traffic:
http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question