VPN getting dropped immediately.

matthewataylor1
matthewataylor1 used Ask the Experts™
on
I have two sites, certain users will vpn into the other office periodically to access some data files.  There is not a site to site vpn setup, they just connect directly from their desktop using pptp.  I can connect from site A to site B without any problems and can stay connected for days.  When connecting from site B to site A the connection is dropped immediately.  From what I have found this coule me an MTU size issue.  I performed the ping domain.com -f -l and found that 1472 is the largest size that does not get fragmented.

I want to change the mtu size at site A to see if this helps.  Do I need to make this change on all workstations at site A as well?  Do I need to change the mtu size that is going out at site B?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013

Commented:
MTU is usually changed on the PC making the connection and the router at it's site, if possible. The ping test is not ideal for a VPN as there is extra headroom required for the encryption. For a standard PPTP Windows VPN the maximum is Auto or 1430. The best test is just to make it much lower, such as 1260, and if it improves the situation, gradually increase. However as mentioned, you cannot exceed 1430 for a PPTP VPN. The easiest way to change the MTU on the client is using the DrTCP tool:
http://www.dslreports.com/drtcp

Author

Commented:
If I make this change to test, how great is the possibility that I screw up the connections for the rest of the computers?
Top Expert 2013

Commented:
:-)  The router, which would affect the other computers is very easy to reset, though it shouldn't make a difference.
The PC, which won't affect the other users, can be reset to the default of 1500, using the DrDTP tool. Only change the one PC for testing. In most cases folks seem to find the difference is just by changing the PC. You may not need to change the router.
If by some chance you had problems resetting the PC, after the first change, you can completely reset the TCP/IP stack (configuration) to it's original defaults by entering at a command line:
netsh  int  ip  reset  c:\reset.txt
This will reset all adapters on that PC, so if you have any custom network configurations such as wireless, you should make notes first.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Ok, another wrinkle.  I am able to establish a connection from two other locations that does not get dropped (or at least for up to an hour or two).  Any ideas why the one location cannot hold the connection for more than 30 seconds?

Author

Commented:
The one location that cannot hold the connection is using a full Qwest T-1 line.  The site that hosts the vpn server is on a shared dynamic voice/date T-1.
Top Expert 2013

Commented:
Have you had an opportunity to try lowering the MTU value? This is very often the problem with dropped or inconsistent connections. I usually recommend dropping to about 1260 initially, but a fellow in another post recently found he was loosing connections until he dropped to 950, though I must say that is very unusual.

Author

Commented:
I used the tool and changed the MTU value several times, but cannot get it to stay connected.  I am going to have to try and change in on the far end.  
Top Expert 2013
Commented:
Let us know how it goes.

For the record; are you aware many routers only support a single PPTP pass-through tunnel? When the second tries to connect 1 or the other will be immediately dropped.
Also if the VPN server/device does not support NAT-T (Network Address Translation - Traversal) you can only have one connection as it is trying to establish 2 connections to the same public IP.
A site-to-site VPN is the best solution with your scenario.
Top Expert 2013

Commented:
Thanks matthewataylor1.
Cheers !
--Rob

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial