VPN connection - Windows 7 Pro to Windows 7 Pro

This is a follow-up to a previous post.  I've set up a VPN server on a Windows 7 Pro machine and am trying to connect to it over a WAN from another Windows 7 Pro machine.  I've sweat blood over this problem, read endless posts and still have the same problem which is that the connecting machine connects successfully every time but the shared folders are only accessible intermittently.

The VPN server machine has a second network card installed with an ip address of, the primary adapter IP range is 192.168.1.x with the default gateway at so the remote machine accesses the VPN folders via \\

I've tried every fix I can think of - disabled firewalls, deselected all the IP V6 check boxes etc, all to no avail.

The VPN security is PPTP and port 1723 is forwarded to the VPN server machine.
Who is Participating?
Rob WilliamsConnect With a Mentor Commented:
That is a lot of data, but Microsoft announced last week 1TB for $12/month per user.  still hardtop beat free with a VPN :-)  and there are arguments for and agaist cloud storage ignoring size.  

Try Hamachi, you might find it more trouble free.  Also make sure you configure power management so the PC doesn't 'go to sleep'.
Sam SawalhiIT ConsultantCommented:

Have you try this?

Fixing Problem With Windows 7 Shared Files and Mapped Drives Unavailable Over VPN

Posted on November 18, 2010 9:53 PM

One of our IT consulting customers using a Windows 7 laptop was experiencing a problem with access mapped drives while connected to their company using VPN.

Doing some research I found that Windows 7 and Vista both have what’s called “slow link mode”.  The behavior is that if the latency of the network connection exceeds 80 milliseconds (ms), the system will transition the files to “offline mode”.  The 80 ms value is configurable using a local group policy edit.

    Open Group policy (start -> run -> gpedit.msc)
    Expand “Computer Configuration”
    Expand “Administrative Templates”
    Expand “Network”
    Click on “Offline Files”
    Locate “Configure slow-link mode”
    This policy can either be disabled or set to a higher value for slower connections.

Note – The “Configure Slow link speed” value is for Windows XP Professional.

Additionally, there is a registry value that can be added that can force auto reconnection...

When a server has been unavailable (offline mode) and then becomes available again for connection, Offline Files Client Side Caching tries to transition that server to online mode if all the following conditions are true:

    There are no offline changes for that server on the local computer.
    There are no open file handles for that server on the local computer.
    The server is accessed over a “fast” link.

You can adjust the definition of “slow” and “fast” by using the SlowLinkSpeed Offline Files policy. With this, you can configure Offline Files Client Side Caching to ignore these conditions and transition the server to online mode regardless of whether these conditions exist. To do this, follow these steps:

    Click Start, click Run, type REGEDIT, and then click OK.
    Locate and click the following registry subkey:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\NetCache
    Click Edit, point to New, and then click DWORD Value.
    Type SilentForcedAutoReconnect, and then press ENTER to name the value.
    Double-click SilentForcedAutoReconnect.
    In the Value data box, type 1, and then click OK.

Finally, here is a link to a Microsoft TechNet article explaining how Vista/7 handles offline files.  At the bottom of the article is a procedure for disabling offline files completely using a Group Policy Object.  http://technet.microsoft.com/en-us/library/cc749449%28WS.10%29.aspx
Rob WilliamsCommented:
If using a Windows PC for a VPN server I would recommend you do not use 2 NICs.  PC's do not perform internal routing in a default configuration.  You can enable this in the registry but it adds complications and adds no security.

Also based on your IP choices the connecting client cannot use 192.168.1.x or 192.168.2.x for their local subnet.  If they do the VPN will connect but resources will not be accessible.  All subnets in any network segment between client and host must be different for routing to take place.

The third issue that can come into play, though less common that the two issues mentioned above is MTU size.
From an earlier post of mine:
Dropped connections, or inability to access resources can often be caused by too high an MTU (Maximum Transmission Unit) size, especially if it is a lower than normal performance connection. It is recommended you change this on the connecting/client computer and when possible, it's local router. The easiest way to change the MTU on the client is using the DrTCP tool:
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1300, and if it improves the situation, gradually increase it.
A couple of related links:

One other possibility sometimes suggested by PeteLong in similar situations, is to enable Black Hole Detection server/computer. To so see the following registry addition:
1. Start Registry Editor (Regedit.exe).
2. Locate the following key in the registry:
3. On the Edit menu, click Add Value, and then add the following registry value:
Value Name: EnablePMTUBHDetect
Data Type: REG_DWORD
Value: 1  
4. Quit Registry Editor, and then restart the computer.
from: http://support.microsoft.com/kb/314825
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

frasierphilipsAuthor Commented:
Thanks for your info - to be honest, I'm not sure this is the problem.  I've noticed that this problem only starts to rear its ugly head if you dial the server then hang up then dial again immediately.  To clarify, when I booted up the computer this morning, the first time I tried to connect to the VPN it worked flawlessly.  I then disconnected the connection and dialled again a lo and behold, it would connect but I couldn't access any of the shares as above.  I've just tried it again, after spending a few minutes typing this paragraph and once again it worked perfectly - is it possible that the server isn't realising immediately that the session has ended and thus a conflict arises between instances of the same user attempting to access the shares?  Initially, when I first started trying to deal with this issue, it seemed that the system only worked on alternate connects.

As an aside, I've noticed that when the access to shared folders fails, a red cross appears on the Windows 7 Network Sharing Centre Basic map between the central 'multiple networks' icon and the 'Internet' icon on the right hand side.  This is usually followed by the appearance of a yellow triangle with an exclamation mark on the connection between the icon representing the computer I'm using (on the left hand side of the map) and the central 'multiple networks' icon.
Rob WilliamsCommented:
It's very possible it can take several minutes to disconnect and thus allow reconnection.  Keep in mind a VPN to a PC is almost considered a hack, not a proper VPN service so performance may not be as good as using a server or better yet a VPN router.  A server O/S manages this much better allowing you to connect to a different PPTP port if one is busy.

Is it possible for you to see the host machine when you disconnect the VPN?  If so locate the ion under network connections, it should show connected.  From the client machine disconnect the VPN and see ho long it takes for the icon to change status to disconnected.  I think it will automatically refresh, but if not press the F5 key to refresh frequently.

As for the icon, to which you are referring I am not certain I understand, but on the connecting client the default configuration disables "split-tunneling".  This is a security feature that blocks access to the local network and internet.  If you connect to a web page while the VPN is connected it actually goes through the tunnel and uses its Internet.  This may be why the icon changes.  That feature can be disabled by editing the properties of the connection on the client under networking | IPv4 | advanced | IP settings | uncheck use remote default gateway.
frasierphilipsAuthor Commented:
Are all these problems par for the course then?  Will it ever operate as smoothly as to a server or should we just bit the bullet and get a VPN enabled router?
frasierphilipsAuthor Commented:
Re your other question, when you hang up the client machine, the server immediately registers it.
Rob WilliamsCommented:
They do tend to be a bit problematic, especially if you have multiple users connecting.  I have had better luck on PC's using a service like LogMeIn's Hamachi.  It used to be free but it's still very reasonable, $30/ year for up to 32 users/sites.  It works differently it maintains a connection at all times unless you click the "power" button in the application.  Even when working the Windows PC often does not automatically reconnect when the connection is broken.  That is something that happens fairly frequently.  You don't notice when browsing as the connection is only lost for a second or so causing a page load delay, but 1 second with a VPN and the connection can go down.  Hamachi does a good job of maintaining the connection.

May I ask why you want a VPN, types of files accessed, and how many users?
VPN's have one major security risk, a wide open tunnel between host and a client over which you have no control.  The connecting client could have a virus which spreads over a network and could affect one or more computers.  VPN's also do not work with database files, and they tend to be slow.  The Windows PPTP VPN is not considered to be very secure.
Rob WilliamsCommented:
Sorry I didn't see your last comment before.  Interesting that it shows an immediate disconnect, still it wouldn't surprise me if there was a delay of at least 90 seconds.  That has been a common comment on EE regarding PPTP VPN's, even on servers though they handle it better.  A lot of information can be cached by the PC and even router/switches that may need to clear.   I wonder if a connection from a different client right after the disconnect would be faster.
frasierphilipsAuthor Commented:
It's a small firm of Estate Agents - a couple of the partners want to be able to access the documents folder on the file sharing computer so they can work from home when required.  They're not particularly tech-savvy so the ability to just click folders (as they do when they're using their computers at work) is pretty vital.  I considered using something like Radmin but then you're in to them negotiating around unfamiliar GUIs etc.
Rob WilliamsCommented:
Yes a VPN is a good option for that purpose, assuming no database files like QuickBooks.

Have you considered an online service a hosted service like Microsoft Office 365?  Files can easily be accessed there using OneDrive or SharePoint.  That would be accessible from anywhere, anytime, no VPN needed, and probably more secure.
frasierphilipsAuthor Commented:
They have 145GB of documents - I think online-storage is a no go - I considered Dropbox but ruled it out for that reason.
frasierphilipsAuthor Commented:
I installed Hamachi and it worked like a dream - thanks
Rob WilliamsCommented:
Glad to hear.
Thanks frasierphilips.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.