|
hrmmmmmm
Anon
2013-Dec-1 6:17 pm
[AB] How can a VPN completely knock out the internet?When I use a UDP VPN on my vmware machine, it knocks out the entire shaw internet from all computers and makes the modem do a reset.
How is this possible? I looked for a UDP timeout setting in the cisco modem but I couldn't find anything. Anyone have any ideas on how this happens and how to prevent it from happening?
Modem is a DPC3825 |
|
|
Dumb question, but is the DPC in bridge or routed mode?
Also, does it "knock out the internet" immediately after firing up the VPN, or it works for a bit then crashes the DPC? If the latter, start timing how long it takes before your internet gets reset again.
Too thin on details, but methinks there's more to this than what you've let on so far OP.
My 00000010bits.
Regards |
|
|
hrmmmm
Anon
2013-Dec-1 7:08 pm
It works for around half an hour and then knocks the internet out. I am running 4 instances of a low internet use program in my VM. I can run all 4 instances in TCP mode forever, and I've now discovered that I can run at least 1 instance in UDP mode forever.
If I run all 4 instances in UDP, it seems to last right around half an hour before the entire internet gets knocked out. |
|
hrmmmm |
hrmmmm
Anon
2013-Dec-1 7:10 pm
also it's in the mode that comes default from shaw, not sure what that is but I know that I can't change the mac address on the modem. |
|
|
to hrmmmmmm
said by hrmmmm :a low internet use program Wanna share exactly what that is, just as a question? I'm guessing it's a bogstandard VPN client over UDP500... but I'd like to get confirmation. As for the mode of the DPC, do you get a 192.168.x.x address from it? Regards |
|
|
hrmmmmmm
Anon
2013-Dec-2 4:10 pm
It's a program that allows me to connect to a game with 4 separate clients. I can do this without a vpn just fine but the udp vpn allows me to use a US IP address that. I do get the 192.168.x.x IP from it.
the internet comes back as soon as the modem does its restart cycle. |
|
|
to hrmmmmmm
Get a high end powerful router and call Shaw to put it in bridge mode. Get something like an Asus AC66U or AC68U - they cost a lot of money, but they're good.
UDP mode consumes a lot of resources and the DPC router hardware is not that great. What happens is each UDP packet creates a new "session" in the NAT table of the router. Eventually the NAT table fills up and any new sessions cannot be created until the old UDP sessions time out - which depending on settings can be anywhere from 5-10 minutes after the last packet was sent.
It only appears to knock out the internet because you cannot create new sessions in the NAT table.so the router simply drops the packet. I bet if you wait half an hour after you stop your VPN sessions then everything reverts back to normal.
A router that lets you time out UDP sessions really quickly (say in only a few seconds) would be ideal. |
|
|
to hrmmmmmm
Does your IP assigned by the VPN overlap with the internal subnet of the local lan? |
|
Darhole Premium Member join:2005-06-14 Edmonton, AB Ubiquiti EdgeRouter Lite Asus RT-AC87 Actiontec T3200M
|
to tlhIngan
said by tlhIngan:Get a high end powerful router and call Shaw to put it in bridge mode. Get something like an Asus AC66U or AC68U - they cost a lot of money, but they're good.
UDP mode consumes a lot of resources and the DPC router hardware is not that great. What happens is each UDP packet creates a new "session" in the NAT table of the router. Eventually the NAT table fills up and any new sessions cannot be created until the old UDP sessions time out - which depending on settings can be anywhere from 5-10 minutes after the last packet was sent.
It only appears to knock out the internet because you cannot create new sessions in the NAT table.so the router simply drops the packet. I bet if you wait half an hour after you stop your VPN sessions then everything reverts back to normal.
A router that lets you time out UDP sessions really quickly (say in only a few seconds) would be ideal. I was thinking these lines as well. I used to overload shitty routers all the time and time things out. Bittorrent is bad for this too. A better router can certainly help. Happens to me wayyy way less on a 56U |
|
|
to hrmmmmmm
said by hrmmmmmm :It's a program that allows me to connect to a game said by hrmmmmmm :but the udp vpn allows me to use a US IP address that. Again, what program and what VPN (service)? Vague and evasive tends to lead to problems not getting solved, OP. The overloaded NAT / connection table is another possibility... but like I said, everything up to this point is pure speculation. said by hrmmmmmm :I do get the 192.168.x.x IP from it. Okay, so one question answered, you're not in bridge mode. Secondly, you may want to check in the DPC settings pages for something along the lines of "flood detection." One thing I recall before having my DPC in bridge mode was this "helpful" feature turned on, and every time I (re)opened Mozilla with a bunch of tabs, all tabs would come up "Page cannot be displayed." Pings to both 192.168.1.1 and the Shaw default gateway worked fine though. This drove me crazy till I turned this setting off. Regards |
|
kevinds Premium Member join:2003-05-01 Calgary, AB |
kevinds
Premium Member
2013-Dec-3 11:28 pm
Agreed, turn off the extra 'helpful' security features, SPI, Flood Detection, and there is a 3rd one I think |
|
|
your moderator at work
hidden :
|
tmpchaosRequiescat in pace Numquam oblitus join:2000-04-28 Hoboken, NJ |
to hrmmmmmm
Re: [AB] How can a VPN completely knock out the internet? |
|
|
hrmmmmmmm
Anon
2014-Jan-13 7:32 am
Here is an update in case anyone else runs into the same problem. I never did solve the UDP timeout problem but I worked around it using L2TP.
In the router settings under L2TP, I set it to client mode, set up the network options in windows and now the connection to the UDP VPN server is rock solid. |
|