Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: VPN reliability
« previous next »
Pages: [1]   Go Down

VPN reliability

  • 7 Replies
  • 960 Views

Kevin Manderson

VPN reliability
« on: May 22, 2002, 08:58:30 AM »
I have been experimenting with VPN as a means to connect form a remote office.

Have two SME gateways, one with ADSL *main site) ohne with dialup (remote site). three w2k boxs behind the remote gateway and a larger network at the adsl end, with a SCO/unix server for a major business application. I have written some dynamic dns updating software to give both machines a permanent domain name and this is working fine. When the first remote site is sorted out we will extend to several other branch offices.

I configured the W2k (remote PC) to VPN into gateway and then connect to the server with a telnet utillity. Works well, although I have yet to browse the network (can ping and map drives via \IP address\share but no browse). Speed is reasonable. Biggest problem is the VPN link drops about every 10 minutes or so. Today in 50 minutes it randomly dropped about 10 times and finally it would not reconnet due to 'incompatible encryption'. No obvious reason just drops. The modem lines stays up for days at a time and the the adsl is also generally days.

I would prefer to tunnel the two gateway machines, then the client connection would survive a tunnel drop/restart since the connection would be independent of the tunnel. Was forced to give up on this idea as I couldnt get it working. IPsec is out since they are both dynamic IP addresses.

What sort of VPN reliability can I expect?? What sort of reliability are others getting. Is IPsec more reliable - if so I could look at permanent IP adsl.

Help appreciated.

Regards
kevin
Logged

Filippo Carletti

Re: VPN reliability
« Reply #1 on: May 22, 2002, 05:53:49 PM »
PPTP VPN is reliable for me, as is ipsec.
Do you see strange log messages ?
Logged

Kevin Manderson

Re: VPN reliability
« Reply #2 on: May 26, 2002, 10:08:54 AM »
Hunting through the logs. I can see where the link drops.
 Reasons are

Modem hangup        (several of)
LCP terminated by peer (^HH-^QQS^@No response to 2 echo-requests   (several of)

there are several variations for the LCP terminated line - not sure what that represents - noise?

I am currently connected from an alternate location to test. This one uses a 4.1.2 machine rather than the 5.1.2 at the end that is causing the problem.

Problem is W2k->5.1.2->dialup->internet->adsl->5.1.2.

Ok testing on W2k->4.1.2->dialup->internet->adsl->5.1.2.

I think the problem with the failing to reconnect is due to a lack of free connection slots. I can see a mesasge for that in the log. It may be they are getting impatient and reconnecting before the connection failure.

Still unsure why the connection is failing.

Anyone else have any ideas?

Regards
kevin
Logged

Fred HORCHOLLE

Re: VPN reliability
« Reply #3 on: May 27, 2002, 02:11:59 AM »
I've got the same pb W2k->5.1.2->ADSL->internet->5.1.2. after the last ligne of this log i lost all connection.

On the W2K side The log says :
ip_masq_pptp_tcp(): OUT_CALL_REQUEST 192.168.1.65 -> xx.yy.zz.dd CID=C000 MCID=EEA8
May 26 23:05:35 eserver kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY 192.168.1.65 -> xx.yy.zz.dd CID=C000 MCID=EEA8
May 26 21:07:03 eserver named[1671]: Malformed response from [193.252.19.3].53 (out of data in final pass)

193.252.19.3 is my isp dns server.

Any idea ?

Regards

Fred
Logged

Fred HORCHOLLE

Re: VPN reliability
« Reply #4 on: May 27, 2002, 02:12:07 AM »
I've got the same pb W2k->5.1.2->ADSL->internet->5.1.2. after the last ligne of this log i lost all connection.

On the W2K side The log says :
ip_masq_pptp_tcp(): OUT_CALL_REQUEST 192.168.1.65 -> xx.yy.zz.dd CID=C000 MCID=EEA8
May 26 23:05:35 eserver kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY 192.168.1.65 -> xx.yy.zz.dd CID=C000 MCID=EEA8
May 26 21:07:03 eserver named[1671]: Malformed response from [193.252.19.3].53 (out of data in final pass)

193.252.19.3 is my isp dns server.

Any idea ?

Regards

Fred
Logged

mrrus

Re: VPN reliability
« Reply #5 on: May 27, 2002, 01:07:12 PM »
Hi Kevin

I've been experiencing a problem getting multiple Win2k VPN clients to connect via a remote 5.1.2 gateway to the head office 5.0 gateway server.  A single client works fine.
eg Win2k -> 5.1.2 -> T1-> Internet->T1 -> 5.0  

Where you ever able to get more than 1 concurrent VPN connection with the 5.1.2 gateway at the remote site ?

If so, any tricks, or was it using just standard WIn2k PPTP VPN ?

Thx
Logged

Franck

Re: VPN reliability
« Reply #6 on: May 27, 2002, 01:38:11 PM »
mrrus wrote:
 
> I've been experiencing a problem getting multiple Win2k VPN
> clients to connect via a remote 5.1.2 gateway to the head
> office 5.0 gateway server.  A single client works fine.
> eg Win2k -> 5.1.2 -> T1-> Internet->T1 -> 5.0  
Connecting multiple PPTP clients to the same PPTP server when clients are behind a masquerading box (SME or most other routers) is IMPOSSIBLE... This is not a Linux problem, but a PPTP protocol (GRE protocol in fact) problem.

The best solution for you is to establish an IPSEC Tunnel between the 5.1.2 box and the 5.0 (I think FreeSWan is also built into 5.0). Your clients will then be able to reach the head office network transparently.
Logged

Filippo Carletti

Re: VPN reliability
« Reply #7 on: May 27, 2002, 03:32:05 PM »
This scenario has already been discussed. See:
http://forums.contribs.org/index.php?topic=13750.msg52328#msg52328
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: VPN reliability