dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1932
share rss forum feed


hrmmmmmm

@shawcable.net

[AB] How can a VPN completely knock out the internet?

When I use a UDP VPN on my vmware machine, it knocks out the entire shaw internet from all computers and makes the modem do a reset.

How is this possible? I looked for a UDP timeout setting in the cisco modem but I couldn't find anything. Anyone have any ideas on how this happens and how to prevent it from happening?

Modem is a DPC3825


HELLFIRE
Premium
join:2009-11-25
kudos:12

Dumb question, but is the DPC in bridge or routed mode?

Also, does it "knock out the internet" immediately after firing up the VPN, or it works for a bit then
crashes the DPC? If the latter, start timing how long it takes before your internet gets reset again.

Too thin on details, but methinks there's more to this than what you've let on so far OP.

My 00000010bits.

Regards



hrmmmm

@shawcable.net

It works for around half an hour and then knocks the internet out. I am running 4 instances of a low internet use program in my VM. I can run all 4 instances in TCP mode forever, and I've now discovered that I can run at least 1 instance in UDP mode forever.

If I run all 4 instances in UDP, it seems to last right around half an hour before the entire internet gets knocked out.



hrmmmm

@shawcable.net

also it's in the mode that comes default from shaw, not sure what that is but I know that I can't change the mac address on the modem.


HELLFIRE
Premium
join:2009-11-25
kudos:12
reply to hrmmmmmm

said by hrmmmm :

a low internet use program

Wanna share exactly what that is, just as a question?

I'm guessing it's a bogstandard VPN client over UDP500... but I'd like to get confirmation.

As for the mode of the DPC, do you get a 192.168.x.x address from it?

Regards


hrmmmmmm

@shawcable.net

It's a program that allows me to connect to a game with 4 separate clients. I can do this without a vpn just fine but the udp vpn allows me to use a US IP address that. I do get the 192.168.x.x IP from it.

the internet comes back as soon as the modem does its restart cycle.


tlhIngan

join:2002-07-08
Richmond, BC
kudos:1
reply to hrmmmmmm

Get a high end powerful router and call Shaw to put it in bridge mode. Get something like an Asus AC66U or AC68U - they cost a lot of money, but they're good.

UDP mode consumes a lot of resources and the DPC router hardware is not that great. What happens is each UDP packet creates a new "session" in the NAT table of the router. Eventually the NAT table fills up and any new sessions cannot be created until the old UDP sessions time out - which depending on settings can be anywhere from 5-10 minutes after the last packet was sent.

It only appears to knock out the internet because you cannot create new sessions in the NAT table.so the router simply drops the packet. I bet if you wait half an hour after you stop your VPN sessions then everything reverts back to normal.

A router that lets you time out UDP sessions really quickly (say in only a few seconds) would be ideal.


shawuser

join:2010-10-15
Vancouver, BC
reply to hrmmmmmm

Does your IP assigned by the VPN overlap with the internal subnet of the local lan?



Darhole
Premium
join:2005-06-14
Edmonton, AB
Reviews:
·TELUS
reply to tlhIngan

said by tlhIngan:

Get a high end powerful router and call Shaw to put it in bridge mode. Get something like an Asus AC66U or AC68U - they cost a lot of money, but they're good.

UDP mode consumes a lot of resources and the DPC router hardware is not that great. What happens is each UDP packet creates a new "session" in the NAT table of the router. Eventually the NAT table fills up and any new sessions cannot be created until the old UDP sessions time out - which depending on settings can be anywhere from 5-10 minutes after the last packet was sent.

It only appears to knock out the internet because you cannot create new sessions in the NAT table.so the router simply drops the packet. I bet if you wait half an hour after you stop your VPN sessions then everything reverts back to normal.

A router that lets you time out UDP sessions really quickly (say in only a few seconds) would be ideal.

I was thinking these lines as well. I used to overload shitty routers all the time and time things out. Bittorrent is bad for this too.

A better router can certainly help. Happens to me wayyy way less on a 56U

HELLFIRE
Premium
join:2009-11-25
kudos:12
reply to hrmmmmmm

said by hrmmmmmm :

It's a program that allows me to connect to a game

said by hrmmmmmm :

but the udp vpn allows me to use a US IP address that.

Again, what program and what VPN (service)? Vague and evasive tends to lead to problems not getting solved, OP.
The overloaded NAT / connection table is another possibility... but like I said, everything up to this point is
pure speculation.

said by hrmmmmmm :

I do get the 192.168.x.x IP from it.

Okay, so one question answered, you're not in bridge mode.

Secondly, you may want to check in the DPC settings pages for something along the lines of "flood detection."
One thing I recall before having my DPC in bridge mode was this "helpful" feature turned on, and every time
I (re)opened Mozilla with a bunch of tabs, all tabs would come up "Page cannot be displayed." Pings to
both 192.168.1.1 and the Shaw default gateway worked fine though.

This drove me crazy till I turned this setting off.

Regards

kevinds

join:2003-05-01
Calgary, AB
kudos:2

Agreed, turn off the extra 'helpful' security features, SPI, Flood Detection, and there is a 3rd one I think
--
Yes, I am not employed and looking for IT work. Have passport, will travel.

Expand your moderator at work


tmpchaos
Requiescat in pace
Co-Lead Mod
join:2000-04-28
Hoboken, NJ
reply to hrmmmmmm

Re: [AB] How can a VPN completely knock out the internet?



hrmmmmmmm

@shawcable.net

Here is an update in case anyone else runs into the same problem. I never did solve the UDP timeout problem but I worked around it using L2TP.

In the router settings under L2TP, I set it to client mode, set up the network options in windows and now the connection to the UDP VPN server is rock solid.