Solved

VPN connection - Windows 7 Pro to Windows 7 Pro

Posted on 2014-04-28
14
889 Views
Last Modified: 2014-04-29
This is a follow-up to a previous post.  I've set up a VPN server on a Windows 7 Pro machine and am trying to connect to it over a WAN from another Windows 7 Pro machine.  I've sweat blood over this problem, read endless posts and still have the same problem which is that the connecting machine connects successfully every time but the shared folders are only accessible intermittently.

The VPN server machine has a second network card installed with an ip address of 192.168.2.252, the primary adapter IP range is 192.168.1.x with the default gateway at 192.168.1.1 so the remote machine accesses the VPN folders via \\192.168.2.252

I've tried every fix I can think of - disabled firewalls, deselected all the IP V6 check boxes etc, all to no avail.

The VPN security is PPTP and port 1723 is forwarded to the VPN server machine.
0
Comment
Question by:frasierphilips
  • 7
  • 6
14 Comments
 
LVL 4

Expert Comment

by:wsawalhi
ID: 40028253
Hi,

Have you try this?


Fixing Problem With Windows 7 Shared Files and Mapped Drives Unavailable Over VPN

Posted on November 18, 2010 9:53 PM

One of our IT consulting customers using a Windows 7 laptop was experiencing a problem with access mapped drives while connected to their company using VPN.

Doing some research I found that Windows 7 and Vista both have what’s called “slow link mode”.  The behavior is that if the latency of the network connection exceeds 80 milliseconds (ms), the system will transition the files to “offline mode”.  The 80 ms value is configurable using a local group policy edit.

    Open Group policy (start -> run -> gpedit.msc)
    Expand “Computer Configuration”
    Expand “Administrative Templates”
    Expand “Network”
    Click on “Offline Files”
    Locate “Configure slow-link mode”
    This policy can either be disabled or set to a higher value for slower connections.

Note – The “Configure Slow link speed” value is for Windows XP Professional.

Additionally, there is a registry value that can be added that can force auto reconnection...

When a server has been unavailable (offline mode) and then becomes available again for connection, Offline Files Client Side Caching tries to transition that server to online mode if all the following conditions are true:

    There are no offline changes for that server on the local computer.
    There are no open file handles for that server on the local computer.
    The server is accessed over a “fast” link.

You can adjust the definition of “slow” and “fast” by using the SlowLinkSpeed Offline Files policy. With this, you can configure Offline Files Client Side Caching to ignore these conditions and transition the server to online mode regardless of whether these conditions exist. To do this, follow these steps:

    Click Start, click Run, type REGEDIT, and then click OK.
    Locate and click the following registry subkey:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\NetCache
    Click Edit, point to New, and then click DWORD Value.
    Type SilentForcedAutoReconnect, and then press ENTER to name the value.
    Double-click SilentForcedAutoReconnect.
    In the Value data box, type 1, and then click OK.

Finally, here is a link to a Microsoft TechNet article explaining how Vista/7 handles offline files.  At the bottom of the article is a procedure for disabling offline files completely using a Group Policy Object.  http://technet.microsoft.com/en-us/library/cc749449%28WS.10%29.aspx
Capture.PNG
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40028483
If using a Windows PC for a VPN server I would recommend you do not use 2 NICs.  PC's do not perform internal routing in a default configuration.  You can enable this in the registry but it adds complications and adds no security.

Also based on your IP choices the connecting client cannot use 192.168.1.x or 192.168.2.x for their local subnet.  If they do the VPN will connect but resources will not be accessible.  All subnets in any network segment between client and host must be different for routing to take place.

The third issue that can come into play, though less common that the two issues mentioned above is MTU size.
From an earlier post of mine:
Dropped connections, or inability to access resources can often be caused by too high an MTU (Maximum Transmission Unit) size, especially if it is a lower than normal performance connection. It is recommended you change this on the connecting/client computer and when possible, it's local router. The easiest way to change the MTU on the client is using the DrTCP tool:
http://www.dslreports.com/drtcp
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
http://www.dslreports.com/faq/5793
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1300, and if it improves the situation, gradually increase it.
A couple of related links:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnissues/vpndorp1.htm

One other possibility sometimes suggested by PeteLong in similar situations, is to enable Black Hole Detection server/computer. To so see the following registry addition:
1. Start Registry Editor (Regedit.exe).
2. Locate the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip\parameters
3. On the Edit menu, click Add Value, and then add the following registry value:
Value Name: EnablePMTUBHDetect
Data Type: REG_DWORD
Value: 1  
4. Quit Registry Editor, and then restart the computer.
from: http://support.microsoft.com/kb/314825
0
 

Author Comment

by:frasierphilips
ID: 40028901
Thanks for your info - to be honest, I'm not sure this is the problem.  I've noticed that this problem only starts to rear its ugly head if you dial the server then hang up then dial again immediately.  To clarify, when I booted up the computer this morning, the first time I tried to connect to the VPN it worked flawlessly.  I then disconnected the connection and dialled again a lo and behold, it would connect but I couldn't access any of the shares as above.  I've just tried it again, after spending a few minutes typing this paragraph and once again it worked perfectly - is it possible that the server isn't realising immediately that the session has ended and thus a conflict arises between instances of the same user attempting to access the shares?  Initially, when I first started trying to deal with this issue, it seemed that the system only worked on alternate connects.

As an aside, I've noticed that when the access to shared folders fails, a red cross appears on the Windows 7 Network Sharing Centre Basic map between the central 'multiple networks' icon and the 'Internet' icon on the right hand side.  This is usually followed by the appearance of a yellow triangle with an exclamation mark on the connection between the icon representing the computer I'm using (on the left hand side of the map) and the central 'multiple networks' icon.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40029517
It's very possible it can take several minutes to disconnect and thus allow reconnection.  Keep in mind a VPN to a PC is almost considered a hack, not a proper VPN service so performance may not be as good as using a server or better yet a VPN router.  A server O/S manages this much better allowing you to connect to a different PPTP port if one is busy.

Is it possible for you to see the host machine when you disconnect the VPN?  If so locate the ion under network connections, it should show connected.  From the client machine disconnect the VPN and see ho long it takes for the icon to change status to disconnected.  I think it will automatically refresh, but if not press the F5 key to refresh frequently.

As for the icon, to which you are referring I am not certain I understand, but on the connecting client the default configuration disables "split-tunneling".  This is a security feature that blocks access to the local network and internet.  If you connect to a web page while the VPN is connected it actually goes through the tunnel and uses its Internet.  This may be why the icon changes.  That feature can be disabled by editing the properties of the connection on the client under networking | IPv4 | advanced | IP settings | uncheck use remote default gateway.
0
 

Author Comment

by:frasierphilips
ID: 40029727
Are all these problems par for the course then?  Will it ever operate as smoothly as to a server or should we just bit the bullet and get a VPN enabled router?
0
 

Author Comment

by:frasierphilips
ID: 40029798
Re your other question, when you hang up the client machine, the server immediately registers it.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40029803
They do tend to be a bit problematic, especially if you have multiple users connecting.  I have had better luck on PC's using a service like LogMeIn's Hamachi.  It used to be free but it's still very reasonable, $30/ year for up to 32 users/sites.  It works differently it maintains a connection at all times unless you click the "power" button in the application.  Even when working the Windows PC often does not automatically reconnect when the connection is broken.  That is something that happens fairly frequently.  You don't notice when browsing as the connection is only lost for a second or so causing a page load delay, but 1 second with a VPN and the connection can go down.  Hamachi does a good job of maintaining the connection.
https://secure.logmein.com

May I ask why you want a VPN, types of files accessed, and how many users?
 
VPN's have one major security risk, a wide open tunnel between host and a client over which you have no control.  The connecting client could have a virus which spreads over a network and could affect one or more computers.  VPN's also do not work with database files, and they tend to be slow.  The Windows PPTP VPN is not considered to be very secure.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 40029872
Sorry I didn't see your last comment before.  Interesting that it shows an immediate disconnect, still it wouldn't surprise me if there was a delay of at least 90 seconds.  That has been a common comment on EE regarding PPTP VPN's, even on servers though they handle it better.  A lot of information can be cached by the PC and even router/switches that may need to clear.   I wonder if a connection from a different client right after the disconnect would be faster.
0
 

Author Comment

by:frasierphilips
ID: 40029951
It's a small firm of Estate Agents - a couple of the partners want to be able to access the documents folder on the file sharing computer so they can work from home when required.  They're not particularly tech-savvy so the ability to just click folders (as they do when they're using their computers at work) is pretty vital.  I considered using something like Radmin but then you're in to them negotiating around unfamiliar GUIs etc.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40029983
Yes a VPN is a good option for that purpose, assuming no database files like QuickBooks.

Have you considered an online service a hosted service like Microsoft Office 365?  Files can easily be accessed there using OneDrive or SharePoint.  That would be accessible from anywhere, anytime, no VPN needed, and probably more secure.
0
 

Author Comment

by:frasierphilips
ID: 40030336
They have 145GB of documents - I think online-storage is a no go - I considered Dropbox but ruled it out for that reason.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 40030592
That is a lot of data, but Microsoft announced last week 1TB for $12/month per user.  still hardtop beat free with a VPN :-)  and there are arguments for and agaist cloud storage ignoring size.  

Try Hamachi, you might find it more trouble free.  Also make sure you configure power management so the PC doesn't 'go to sleep'.
0
 

Author Closing Comment

by:frasierphilips
ID: 40030635
I installed Hamachi and it worked like a dream - thanks
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40030646
Glad to hear.
Thanks frasierphilips.
Cheers!
--Rob
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

So many times I have seen the words written in a question "if only I could show you" or " I know how hard it is for you since you can't see it" in any zone. That has inspired me to write about this tool in windows 7 called "Problem Steps Recorder…
One of the features I've come to appreciate about Windows 7 and Windows Server 2008 R2 is the ability to pin applications to the task bar. As useful a feature as I've found this, it does have some quirks.  For example, have you ever tried pinning an…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now