[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1885
  • Last Modified:

How can we stop VPN disconnects in SBS 2008

Hi,

We have a situation where a remote user is being disconnected when connecting to his office server via a Windows RAS VPN.

The server is an HP Proliant ML110 running SBS2008. The client is an HP laptop running Windows 7. There are Netgear routers at both sites.

There doesn’t seem to be any pattern to the disconnects. We tried constantly pinging the server to keep the connection open and while this has reduced the number of disconnects significantly and extended the time in between them it, the problem continues.

At the time of disconnection the RAS log shows:
[6052] 04-26 20:01:26:947: WorkerThread: Disconnect event signaled on port: VPN2-4
[6052] 04-26 20:01:26:947: OVEVT_DEV_STATECHANGE. pOverlapped = 0x3a79880
[6052] 04-26 20:01:26:947: d:\longhorn\net\rras\ras\rasman\rasman\worker.c, 2020: Disconnecting port 0, connection 0x0, reason 1
[6052] 04-26 20:01:26:947: Disconnecting Port 0xVPN2-4, reason 1
[6052] 04-26 20:01:26:947: DisconnectPort: Saving Bundle stats for port VPN2-4

(There is a lot more information in the log – I have only included the first 5 lines).

What is causing the disconnects? How can we stop them?
0
solplus
Asked:
solplus
  • 4
  • 3
  • 2
2 Solutions
 
Cris HannaCommented:
What kind of netgear routers are these the 49.00 routers you can get at Best Buy or are they Netgear Business Grade routers

What is the bandwidth / type of internet service

Max number of simultaneous VPN connections and number of internet users at the SBS location?
0
 
solplusAuthor Commented:
One end has "business grade", the other is cheap & cheerfull. Both ends are ADSL broadband, however, the laptop end of the VPN can/does connect from various locations who's broadband cannot be controlled. There is only one VPN connection and 2-3 users at the SBS location. Your questions imply that the performance of the connection might be related. I would have thought that it might affect the performance over the VPN but not that it would cause a disconnect?
0
 
Cris HannaCommented:
What is the bandwidth available at the SBS end (up and down) to the internet?

I have business class internet connection here at my house 16mb down/2 up and still have dropped VPN from time to time with my enterprise class employer, it is over a cable connection not dsl.
But remember you're creating a pipe that that runs in the "tunnels" of the internet.   Any hiccup anywhere along the route can disconnect your VPN.

One thing you might play with on the router on the SBS side is the MTU setting.  DSL seems to be pickier about this.  Most likely the setting currently is 1500, try taking it to 1450 for a week or so and see what happens.

My other suggestion would be setup a workstation in the office for this one remote user and let him connect via RWW.  They will probably love the experience vs VPN
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
Rob WilliamsCommented:
I assume you are using the SBS VPN service and not the Netgear VPN router and client?
If using the SBS VPN I agree with Cris, MTU can often be the cause on dropped connections, however if not using the default "automatic" a PPTP VPN requires the MTU be 1430 or lower. See notes below. You also mention a continuous ping improves the stability of the connection. Do either of the sites use a PPPoA/PPPoE DSL connection? If so you will need to enable "keep Alive" which affectively does the same as the ping. Otherwise the VPN connection will most certainly be dropped after a specific idle period.

Dropped connections can often be caused by too high an MTU (Maximum Transmission Unit) size, especially if it is a lower than normal performance connection. It is recommended you change this on the connecting/client computer and when possible, it's local router. The easiest way to change the MTU on the client is using the DrTCP tool:
http://www.dslreports.com/drtcp
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
http://www.dslreports.com/faq/5793
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1200, and if it improves the situation, gradually increase it.
A couple of related links:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnissues/vpndorp1.htm
0
 
solplusAuthor Commented:
I am fairly sure that the MTU setting is the answer, but the VPN user is out of the country until next week so I cannot check this out. I will post a comment/solution next week.
0
 
Rob WilliamsCommented:
Sounds good, let us know how you make out.
--Rob
0
 
solplusAuthor Commented:
Still unable to test yet - cutomer returns from his travels in 2 weeks time
0
 
solplusAuthor Commented:
Sorry, I forgot to update this. Decreasing the MTU improved the situation greatly and disconnects are now much less. Before I close, Robwill also mentioned "...you will need to enable "keep Alive" which affectively does the same as the ping. Otherwise the VPN connection will most certainly be dropped after a specific idle period". Where and how can this be done? I have looked in "Routing and Remote Access", but cannot see an option for this?
Thanks
Alan
0
 
Rob WilliamsCommented:
Hi solplus. Glad to hear you have some improvement. The keep alive option is not in RRAS but rather in the modem configuration and/or in your router configuration. On the router config it is usually on the WAN interface configuration page, but generally only exists with PPPoE and PPPoA connections. This can also be at the client end, probably out of your control.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now