dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2665

hrmmmmmm
@shawcable.net

hrmmmmmm

Anon

[AB] How can a VPN completely knock out the internet?

When I use a UDP VPN on my vmware machine, it knocks out the entire shaw internet from all computers and makes the modem do a reset.

How is this possible? I looked for a UDP timeout setting in the cisco modem but I couldn't find anything. Anyone have any ideas on how this happens and how to prevent it from happening?

Modem is a DPC3825
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

Dumb question, but is the DPC in bridge or routed mode?

Also, does it "knock out the internet" immediately after firing up the VPN, or it works for a bit then
crashes the DPC? If the latter, start timing how long it takes before your internet gets reset again.

Too thin on details, but methinks there's more to this than what you've let on so far OP.

My 00000010bits.

Regards

hrmmmm
@shawcable.net

hrmmmm

Anon

It works for around half an hour and then knocks the internet out. I am running 4 instances of a low internet use program in my VM. I can run all 4 instances in TCP mode forever, and I've now discovered that I can run at least 1 instance in UDP mode forever.

If I run all 4 instances in UDP, it seems to last right around half an hour before the entire internet gets knocked out.
hrmmmm

hrmmmm

Anon

also it's in the mode that comes default from shaw, not sure what that is but I know that I can't change the mac address on the modem.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to hrmmmmmm

MVM

to hrmmmmmm
said by hrmmmm :

a low internet use program

Wanna share exactly what that is, just as a question?

I'm guessing it's a bogstandard VPN client over UDP500... but I'd like to get confirmation.

As for the mode of the DPC, do you get a 192.168.x.x address from it?

Regards

hrmmmmmm
@shawcable.net

hrmmmmmm

Anon

It's a program that allows me to connect to a game with 4 separate clients. I can do this without a vpn just fine but the udp vpn allows me to use a US IP address that. I do get the 192.168.x.x IP from it.

the internet comes back as soon as the modem does its restart cycle.
tlhIngan
join:2002-07-08
Richmond, BC

tlhIngan to hrmmmmmm

Member

to hrmmmmmm
Get a high end powerful router and call Shaw to put it in bridge mode. Get something like an Asus AC66U or AC68U - they cost a lot of money, but they're good.

UDP mode consumes a lot of resources and the DPC router hardware is not that great. What happens is each UDP packet creates a new "session" in the NAT table of the router. Eventually the NAT table fills up and any new sessions cannot be created until the old UDP sessions time out - which depending on settings can be anywhere from 5-10 minutes after the last packet was sent.

It only appears to knock out the internet because you cannot create new sessions in the NAT table.so the router simply drops the packet. I bet if you wait half an hour after you stop your VPN sessions then everything reverts back to normal.

A router that lets you time out UDP sessions really quickly (say in only a few seconds) would be ideal.
shawuser3
join:2010-10-15
Vancouver, BC

shawuser3 to hrmmmmmm

Member

to hrmmmmmm
Does your IP assigned by the VPN overlap with the internal subnet of the local lan?

Darhole
Premium Member
join:2005-06-14
Edmonton, AB
Ubiquiti EdgeRouter Lite
Asus RT-AC87
Actiontec T3200M

Darhole to tlhIngan

Premium Member

to tlhIngan
said by tlhIngan:

Get a high end powerful router and call Shaw to put it in bridge mode. Get something like an Asus AC66U or AC68U - they cost a lot of money, but they're good.

UDP mode consumes a lot of resources and the DPC router hardware is not that great. What happens is each UDP packet creates a new "session" in the NAT table of the router. Eventually the NAT table fills up and any new sessions cannot be created until the old UDP sessions time out - which depending on settings can be anywhere from 5-10 minutes after the last packet was sent.

It only appears to knock out the internet because you cannot create new sessions in the NAT table.so the router simply drops the packet. I bet if you wait half an hour after you stop your VPN sessions then everything reverts back to normal.

A router that lets you time out UDP sessions really quickly (say in only a few seconds) would be ideal.

I was thinking these lines as well. I used to overload shitty routers all the time and time things out. Bittorrent is bad for this too.

A better router can certainly help. Happens to me wayyy way less on a 56U
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to hrmmmmmm

MVM

to hrmmmmmm
said by hrmmmmmm :

It's a program that allows me to connect to a game

said by hrmmmmmm :

but the udp vpn allows me to use a US IP address that.

Again, what program and what VPN (service)? Vague and evasive tends to lead to problems not getting solved, OP.
The overloaded NAT / connection table is another possibility... but like I said, everything up to this point is
pure speculation.
said by hrmmmmmm :

I do get the 192.168.x.x IP from it.

Okay, so one question answered, you're not in bridge mode.

Secondly, you may want to check in the DPC settings pages for something along the lines of "flood detection."
One thing I recall before having my DPC in bridge mode was this "helpful" feature turned on, and every time
I (re)opened Mozilla with a bunch of tabs, all tabs would come up "Page cannot be displayed." Pings to
both 192.168.1.1 and the Shaw default gateway worked fine though.

This drove me crazy till I turned this setting off.

Regards

kevinds
Premium Member
join:2003-05-01
Calgary, AB

kevinds

Premium Member

Agreed, turn off the extra 'helpful' security features, SPI, Flood Detection, and there is a 3rd one I think
Expand your moderator at work

tmpchaos
Requiescat in pace
Numquam oblitus
join:2000-04-28
Hoboken, NJ

tmpchaos to hrmmmmmm

Numquam oblitus

to hrmmmmmm

Re: [AB] How can a VPN completely knock out the internet?


hrmmmmmmm
@shawcable.net

hrmmmmmmm

Anon

Here is an update in case anyone else runs into the same problem. I never did solve the UDP timeout problem but I worked around it using L2TP.

In the router settings under L2TP, I set it to client mode, set up the network options in windows and now the connection to the UDP VPN server is rock solid.