|
Home | Reviews | Speed Test | Tools | News | Forums | Info | About | Join |
2.8 Virtual Private Network (VPNs) Info
There are usually two common problems associated with VPN connectivity: You can't not connect to the VPN server at all. -If you can not connect to your VPN server at all and have a router (Westell or other) the VPN application may require you to either open certain ports, assign an IP to a specific computer, or use a separate PPPoE client directly on the computer. For more information please click here. You can connect and authenticate to the VPN server but nothing else happens and applications stall, time out, or fail to load. -If you can connect and authenticate but applications stall, time out, or fail to load your MTU (Maximum Transfer Unit) may be incorrect. The following FAQ section is designed to help you find the proper MTU size for your VPN. To determine the correct MTU size for your VPN please click here.
Andy Houtz DSL by Andy Houtz edited by FAQFixer If you can connect and authenticate but applications stall, time out, or fail to load your MTU (Maximum Transfer Unit) may be incorrect. If you are unable to connect to the VPN at all, please click here. Troubleshooting Tip: If broadband users are having troubles with the VPN have them try to connect via dial up (if possible). If users can access the VPN correctly using dial up it is probably an MTU issue. Dial connections use a default MTU of 768 bytes. The standard Ping Test is not the best way to determine your optimum MTU when using a VPN client. Although tedious, manually adjusting the MTU by trial and error testing is the best method. You will change the MTU and test the VPN for connectivity then adjust the MTU to the largest size possible that works. Important Note: You must lower the MTU on all client PCs as well as the VPN Server(s). Many client side applications automatically adjust the MTU automatically when it is installed on the end users PC, however the VPN server is commonly overlooked. Please reference the MTU troubleshooting article for a brief overview of the problem. The MTU size of a network adapter can be changed in one of two ways:
2) Use a third party application (such as DrTCP) with a GUI interface. Since there are so many variables with editing the registry this FAQ provides a step by step procedure using DrTCP. Adjusting the MTU for a VPN using DrTCP Step 1 Download DrTCP and open the application. Select the proper VPN network adapter from the pull down menu and change the MTU to 1400 bytes. Important Note: There may be more than one network adapter showing in the pull down menu for your PC. You must make sure you change the MTU on the correct network adapter associated with your VPN client. If there is any doubt as to which adapter is the correct one change the MTU on all adapters. Restart your PC. The changes will not be set unless your completely restarted your PC. Picture by Andy Houtz Step 2 After the PC has restarted, open a VPN session and test your connectivity to the server as well as any applications.
Repeat Steps 1 and 2 but increase your MTU to 1420 bytes. Continue to repeat Steps 1 and 2 (increasing your MTU by 20 bytes each time) until your VPN does not function correctly and back the MTU down to the last known fully functional MTU size. Remember you must restart the PC after every MTU change. If your VPN does not work correctly at 1400 bytes Repeat Steps 1 and 2 but decrease your MTU to 1380 bytes. Continue to repeat Steps 1 and 2 (dropping your MTU by 20 bytes each time) until your VPN functions correctly. Remember you must restart the PC after every MTU change. Important Notes Andy Houtz DSL Feedback received on this FAQ entry:
by Andy Houtz edited by FAQFixer Yes, most definitely! Clients and servers that are set to an MTU of 1500 may experience latency, fragmentation, or may not work at all when used in conjunction with PPPoE DSL. The MTU MUST be lowered on the all client PCs and the server network adapter(s). Many client side applications automatically adjust the MTU automatically when it is installed on the end users PC, however the VPN server is commonly overlooked. Please reference the MTU troubleshooting article from Cisco for a brief overview of the problem. Important Note: You must lower the MTU on all client PCs as well as the VPN Server(s). DrTCP can be used to lower the MTU on almost any client or server available and a step by step guide is shown below. Step 1 Download DrTCP to all VPN enabled PCs/Servers and open the application. Select the proper VPN network adapter from the pull down menu and change the MTU to 1400 bytes. Important Note: There may be more than one network adapter showing in the pull down menu. You must make sure you change the MTU on the correct network adapter associated with your VPN. If there is any doubt as to which adapter is the correct one change the MTU on all adapters. Restart the PC or Server. The changes will not be set unless your completely restarted your PC. Picture by Andy Houtz Step 2 After the PC has restarted, open a VPN session and test your connectivity to the server as well as any applications.
Repeat Steps 1 and 2 but increase your MTU to 1420 bytes. Continue to repeat Steps 1 and 2 (increasing your MTU by 20 bytes each time) until your VPN does not function correctly and back the MTU down to the last known fully functional MTU size. Remember you must restart the PC/Server after every MTU change. If your VPN does not work correctly at 1400 bytes Repeat Steps 1 and 2 but decrease your MTU to 1380 bytes. Continue to repeat Steps 1 and 2 (decreasing your MTU by 20 bytes each time) until your VPN functions correctly. Remember you must restart the PC/Server after every MTU change. Important Notes Andy Houtz DSL by Andy Houtz edited by FAQFixer The Westell is actually a router and by default blocks ports using NAT so some popular VPN applications may not work correctly. Other VPNs require a specific IP address be assigned to the computer. Therefore changes must be made to the Westell to either open certain ports, assign a WAN IP to a specific computer, or use a separate PPPoE client directly on the computer. To enable port forwarding and open ports on the Westell please click here. For port forwarding with a Linksys router, see this: Linksys Knowledge Base To enable IP Passthrough and assign a WAN IP to a specific computer please click here. Install a third party PPPoE client (such as the BellSouth Connection Agent, Enternet 300, RasPPPoE, or the native PPPoE client on Windows XP) on the computer and enable bridged mode on the Westell as shown here. Important note: Opening ports, using IP Passthrough, or a PPPoE client on the computer exposes your computer directly to the Internet. A firewall of some type is highly recommended. If you are having other connection or timeout problems with your VPN please click here. Andy Houtz DSL by Andy Houtz edited by FAQFixer |