[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 870
  • Last Modified:

VPN file transfer problems - "network name no longer available".

there is a VPN (default) on windows server 2008, connected on LAN with LAN IP address. There a router with port forwards (47, 1701, 1723) to that server.

XP PC connects from internet to the server just fine, can't browse microsoft network (does not show LAN pc's), but I can easily access LAN's PC by entering IP or name and see the contents of sharing.

The problem is when I try to download something from that shared folder. I CAN download files smaller than ~1KB, but that's about it. Trying to copy larger files, gives errors:

"Cannot copy STHG: The specified network name is no longer available",
 and error about being not able to read files. ("cant open file...")

The problem is with VPN, because sharing on he same LAN works just fine. VPN connection made by administrator account.

Any ideas how to fix this?
0
Povilas
Asked:
Povilas
  • 6
  • 6
2 Solutions
 
giltjrCommented:
Sounds almost like an MTU issue.

Try ping'ing the computer with the following command:

   ping a.b.c.d -f -l 1472

where a.b.c.d is the IP address of the computer with the share.  Then start lowering the 1472 by two until it works.  By default (assuming you are using Windows VPN client) you should get down to 1372 before it works.

Then do the same thing from the computer with the share to the computer you are trying to copy down to.
0
 
PovilasAuthor Commented:
On LAN I can ping with 1472, but on the VPN, I can ping max 1372. So changing this option on Internet router should solve my problem?
0
 
giltjrCommented:
No, those numbers are correct.  The packets for the VPN flow inside the "normal LAN" packets, so they must be smaller than the normal LAN packets.  By default Windows uses a MTU of 1400 for the VPN packets so that it will easly fit within the LAN packets (MTU of 1500 or 1492 typically).

You only get 1372 because IP has a 20 byte header and ICMP (ping) has a 8 byte header.  So 1372+20+8=1400.

In my experience when copying files larger than the MTU fails it has always been an issue with mismatch of MTU sizes.

Do you see any errors or unusual events in any of the event logs?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
PovilasAuthor Commented:
No I don't. No logs after failed copy over VPN.

  1   50 4294967295  connected    Loopback Pseudo-Interface 1
 19   35   1372  connected    RAS (Dial In) Interface
 10   20   1500  connected    LAN

I have changed MTU on server using this tutorial:

mwecomputers:
Another thing you can do on the Windows Server 2008 side is this:

In the console enter the following commands to change the MTU:
netsh interface ipv4 show interfaces

Take note of the id number of the wireless interface (as you will need it below), then do:
netsh interface ipv4 set subinterface id mtu=1492 store=persistent


But if I change MTU to 1372 and try to connect over the VPN, netsh interface ipv4 show interfaces Shows MTU reset to 1400.

So the question is - where should I change MTU, because internet is provided over DSL lines and it takes some time to change router's configuration. Is it possible simply to change MTU on client and server?
0
 
giltjrCommented:
For now I would leave the MTU alone.  What are you using as your VPN server?
0
 
PovilasAuthor Commented:
Windows 2008 Server, integrated VPN server. same with XP - standart integrated VPN client.
0
 
giltjrCommented:
Is this server the same server that the share is on?
0
 
PovilasAuthor Commented:
The server is on the LAN and has an internal IP. It has users for simple connections to access shares, that are on that server. So this server is simple PC on the LAN with VPN ports forwarded from main router.
0
 
giltjrCommented:
O.K., it sounds like you are using a single server for both the file shares and the VPN server.  So when you do the packet capture you need to run it on the network connection representing the VPN on the server side too.
0
 
PovilasAuthor Commented:
I have connected local router and tryied VPN on it - same thing :-( looks like the problem is windows 2008 server software :-( The big question now is - what's that problem.
0
 
giltjrCommented:
I would then do the packet capture to see which side the problem is occurring on (server or client).
0
 
PovilasAuthor Commented:
Looks like I have found a solution, but not the roots of the problem. And a solution was deleting VPN role on the server and installing it back again without any additional configuration. At least it worked with temporary local router on the LAN. Still have no idea, why this helped, but it actually solved the problem for now.

By the way - thanks for the help.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now