Something on my home network is interfering with my VPN connection to my office
Hi,
i am having an annoying problem.
For many years i have been connecting to my work Win 2003 R2 server via a VPN connection without a problem.
i have recently moved home and have started to have problems.
i am able to connect the VPN connection (PPTP) but after a few minutes all traffic over the connection stops. the VPN connection is not dropped on the client or the server but no data will pass over it.
the people i live with have apple mac's/iphones/ipads that connect to my Draytek 2800 router and they have asked me to enable uPNP. i dont know if this could affect things.
i have disabled all VPN services on teh Draytek router so its not that that is causing the problem.
as i say i have been connecting to the VPN fine for years.. its just recently (sinced i homed home) i have been having problems.
any ideas?
thanks
jack
i am having an annoying problem.
For many years i have been connecting to my work Win 2003 R2 server via a VPN connection without a problem.
i have recently moved home and have started to have problems.
i am able to connect the VPN connection (PPTP) but after a few minutes all traffic over the connection stops. the VPN connection is not dropped on the client or the server but no data will pass over it.
the people i live with have apple mac's/iphones/ipads that connect to my Draytek 2800 router and they have asked me to enable uPNP. i dont know if this could affect things.
i have disabled all VPN services on teh Draytek router so its not that that is causing the problem.
as i say i have been connecting to the VPN fine for years.. its just recently (sinced i homed home) i have been having problems.
any ideas?
thanks
jack
Did you use the same router before?
UPnP should not interfere with your PPTP connection. From your description I conclude it is either a MTU issue with the new location, or a GRE issue. GRE is protocol 47, and used for routing and encapsulating your PPTP traffic from and to the server. Usually a setting called "PPTP Passthru" or "VPN Passthru" on your router applies some fixes, which might help.
To test for MTU issues, use mturoute -t (www.elifulkerson.com/projects/mturoute.php) with both your public and private VPN server IP.
UPnP should not interfere with your PPTP connection. From your description I conclude it is either a MTU issue with the new location, or a GRE issue. GRE is protocol 47, and used for routing and encapsulating your PPTP traffic from and to the server. Usually a setting called "PPTP Passthru" or "VPN Passthru" on your router applies some fixes, which might help.
To test for MTU issues, use mturoute -t (www.elifulkerson.com/projects/mturoute.php) with both your public and private VPN server IP.
Dropped connections can often be caused by too high an MTU (Maximum Transmission Unit) size, especially if it is a lower than normal performance connection. It is recommended you change this on the connecting/client computer and when possible, it's local router. The easiest way to change the MTU on the client is using the DrTCP tool:
http://www.dslreports.com/drtcp
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
http://www.dslreports.com/faq/5793
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1300, and if it improves the situation, gradually increase it.
A couple of related links:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnissues/vpndorp1.htm
http://www.dslreports.com/drtcp
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
http://www.dslreports.com/faq/5793
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1300, and if it improves the situation, gradually increase it.
A couple of related links:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnissues/vpndorp1.htm
As far as I know uPNP is mailnly usefull for torrenting and other p2p as it allows a node thats normally behind the firewall to be visible outside it. On my home network torrenting (moslty old time radioi shows) has a sever impact on VPN traffic. Why not turn off uPNP and see if that cures it?
UPnP (Universal Plug and Play) allows the operating system to control the router. Thus, if you have a program that needs ports open it can do so automatically. If you have a virus that wants to control your router, it can also do so. Enabling UPnP can have major security risks. See Steve Gibson's article below, however it should have no impact on your VPN, unless Malware has taken control of the router.
http://www.grc.com/unpnp/unpnp.htm
http://www.grc.com/unpnp/unpnp.htm
ASKER
i have disabled uPNP and it seems to have fixed the problem.
my flatmates use the upnp to connect their various apple products... it allows them to simply share conent on their verious devices.
if we were to connect another wifi router into one of the network ports on my draytek router, and that had a different IP range... and they enabled upnp on that.. would it isolate the upnp from the draytek adsl router?
thanks
jack
my flatmates use the upnp to connect their various apple products... it allows them to simply share conent on their verious devices.
if we were to connect another wifi router into one of the network ports on my draytek router, and that had a different IP range... and they enabled upnp on that.. would it isolate the upnp from the draytek adsl router?
thanks
jack
I personally doubt it. I think its likeley the uPNP is being used to provide some kind of external access by enabling router ports. I see this issue at work from time to time when parents who are fellow workers loose their VPN or Citrix (which is really a type of VPN) and insist their children had a good connection. The problem is that when using P2P on ADSl (or uk cable) the uplink, which has much lower bandwidth , gets saturated with the uploads to other users. This means that the acknowledgment packets for the VPN connection are deleyed enough to cause the connection to break/hang. Its cheap enough to try though. Something like this:-
http://www.microdirect.co.uk/Home/Product/40557/TP-Link-300M-Wireless-N-Cable---DSL-Router
plugged into a port on your router. Assuming your network is the usual 192.168.1.0 , set this one to 192.168.2.0. and all should be ok.
Right back to sorting out the mayhem here because my uPNP is turned off, my wive is VPNing and the kids can't stream from the BBC, because th VPN is winning. Time for an upgrade to fibre?
ASKER
thanks.. ill give it a go.. i have a spare router at the office.
if i use a different type of VPN protocol e.g. LT2P would that make any difference?
thnaks
jack
if i use a different type of VPN protocol e.g. LT2P would that make any difference?
thnaks
jack
L2TP or PPTP or IPSec or SSL does not matter. It would matter if the router would send out such packets with a higher priority then other traffic.
Your main issue probably is the saturation, as described in the previous post.
Your main issue probably is the saturation, as described in the previous post.
Adding a router will not eliminate the network saturation either.
And you only need uPNP on on the router for external access. Stuff on the LAN doesn't need it so its some kind of external streaming, not uPNP that kills your VPN...
ASKER
we have the spare router - now just need to find time to set it up.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i still have problems with the vpn with mac's connected to the adsl router
Try a vpn connection when there is no one else using the router to see if it is one of the other devices causing your problems