VPN file transfer problems - "network name no longer available".

there is a VPN (default) on windows server 2008, connected on LAN with LAN IP address. There a router with port forwards (47, 1701, 1723) to that server.

XP PC connects from internet to the server just fine, can't browse microsoft network (does not show LAN pc's), but I can easily access LAN's PC by entering IP or name and see the contents of sharing.

The problem is when I try to download something from that shared folder. I CAN download files smaller than ~1KB, but that's about it. Trying to copy larger files, gives errors:

"Cannot copy STHG: The specified network name is no longer available",
 and error about being not able to read files. ("cant open file...")

The problem is with VPN, because sharing on he same LAN works just fine. VPN connection made by administrator account.

Any ideas how to fix this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sounds almost like an MTU issue.

Try ping'ing the computer with the following command:

   ping a.b.c.d -f -l 1472

where a.b.c.d is the IP address of the computer with the share.  Then start lowering the 1472 by two until it works.  By default (assuming you are using Windows VPN client) you should get down to 1372 before it works.

Then do the same thing from the computer with the share to the computer you are trying to copy down to.
PovilasAuthor Commented:
On LAN I can ping with 1472, but on the VPN, I can ping max 1372. So changing this option on Internet router should solve my problem?
No, those numbers are correct.  The packets for the VPN flow inside the "normal LAN" packets, so they must be smaller than the normal LAN packets.  By default Windows uses a MTU of 1400 for the VPN packets so that it will easly fit within the LAN packets (MTU of 1500 or 1492 typically).

You only get 1372 because IP has a 20 byte header and ICMP (ping) has a 8 byte header.  So 1372+20+8=1400.

In my experience when copying files larger than the MTU fails it has always been an issue with mismatch of MTU sizes.

Do you see any errors or unusual events in any of the event logs?
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

PovilasAuthor Commented:
No I don't. No logs after failed copy over VPN.

  1   50 4294967295  connected    Loopback Pseudo-Interface 1
 19   35   1372  connected    RAS (Dial In) Interface
 10   20   1500  connected    LAN

I have changed MTU on server using this tutorial:

Another thing you can do on the Windows Server 2008 side is this:

In the console enter the following commands to change the MTU:
netsh interface ipv4 show interfaces

Take note of the id number of the wireless interface (as you will need it below), then do:
netsh interface ipv4 set subinterface id mtu=1492 store=persistent

But if I change MTU to 1372 and try to connect over the VPN, netsh interface ipv4 show interfaces Shows MTU reset to 1400.

So the question is - where should I change MTU, because internet is provided over DSL lines and it takes some time to change router's configuration. Is it possible simply to change MTU on client and server?
For now I would leave the MTU alone.  What are you using as your VPN server?
PovilasAuthor Commented:
Windows 2008 Server, integrated VPN server. same with XP - standart integrated VPN client.
Is this server the same server that the share is on?
PovilasAuthor Commented:
The server is on the LAN and has an internal IP. It has users for simple connections to access shares, that are on that server. So this server is simple PC on the LAN with VPN ports forwarded from main router.
O.K., it sounds like you are using a single server for both the file shares and the VPN server.  So when you do the packet capture you need to run it on the network connection representing the VPN on the server side too.
PovilasAuthor Commented:
I have connected local router and tryied VPN on it - same thing :-( looks like the problem is windows 2008 server software :-( The big question now is - what's that problem.
I would then do the packet capture to see which side the problem is occurring on (server or client).
PovilasAuthor Commented:
Looks like I have found a solution, but not the roots of the problem. And a solution was deleting VPN role on the server and installing it back again without any additional configuration. At least it worked with temporary local router on the LAN. Still have no idea, why this helped, but it actually solved the problem for now.

By the way - thanks for the help.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.