Solved

How to VPN through DirecWay DW7000 (HN7000) Satellite connection to Windows 2003 RRAS PPTP or L2TP VPN

Posted on 2006-11-22
5
425 Views
Last Modified: 2008-02-01
The title says it all. We're connecting to the vpn host, but not getting beyond authentication. Has anybody successfully done this? Must I enable PAP authentication on the RRAS server?
0
Comment
Question by:jhafer2802
  • 2
5 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17999278
Often times a VPN is not possible over a satellite connection for 2 reasons.
1) The basic design of satellite networks causes significant end to end propagation delays that results in ping replies which are often between 300 and 500ms which  drastically degrades performance (should be no more than 125ms)  
2) the satellite connection will often not support various encryption protocols such as PPTP and IPSec
A couple of articles explaining some of these difficulties:
http://compnetworking.about.com/od/vpn/f/vpnandsatellite.htm
http://www.agristar.com/satellite_vpn.shtml
http://forum.ecoustics.com/bbs/messages/34579/127542.html
0
 

Author Comment

by:jhafer2802
ID: 18000711
According to the DirecWay/HughesNet support pages, it is possible to make a VPN connection to a Windows RRAS VPN, although performance can be expected to be reduced by aproximately 50%. They do not however provide specific documentation of the configuration required to make said connection. I am able to make an initial connection to the RRAS server, which prompts for authentication, but the authentication fails with an error 721.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 75 total points
ID: 18000733
The 721 error almost certainly indicates that the GRE protocol is being blocked at some point. Check that all routers have PPTP pass-through enabled, if possible. Since you mention " DirecWay/HughesNet support pages, it is possible to make a VPN connection to a Windows RRAS VPN" they seem to support PPTP/GRE. However with 50% loss in performance it may be difficult to maintain the connection.

There are a couple of tests you can do to check if port forwarding for PPTP is configured correctly and that GRE is allowed to pass.

To verify PPTP, port 1723, is forwarded; from the VPN server go to the following site and test for port 1723:
http://www.canyouseeme.org

Assuming that is working correctly, Microsoft has a pair of test tools pptpsrv and pptpclnt, to test for GRE pass-through, which are available as part of the Windows resource kit or from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/

Log onto the client or VPN server machine and connect to the other with remote desktop, or a similar remote management tool. At a command line on the client machine, run pptpclnt and on the server run pptpsrv. The client machine will send a set of GRE packets to the server and it should show as received if GRE is able to pass. The server is then supposed to respond and the client indicate received, but I have never had that part work. The one direction client to server is usually enough to test.

Following links outline the use of the test tools:
http://www.howtonetworking.com/Tools/testgre.htm
See VPN traffic:
http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now