dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2382

Koil
Premium Member
join:2002-09-10
Irmo, SC

Koil

Premium Member

Those who work remotely : How often does your VPN go down?

I work from home and we use a Juniper VPN solution of some sort to connect to our in-house network.

I swear to God...this thing goes down once or twice a day. It's a massive pain in the ass, as I'm almost always connected to a customer system and in mid-keystroke when it decides to bomb out, causing me to lose me session(s) and leave me sometimes with a queezy feeling if I was in the middle of a delicate operation when it drops.

Just curious if this is par for the course, or if we have a shitty solution or shitty techs.

Whatever the reason, it causes headaches to multiple teams within our org.

donoreo
Premium Member
join:2002-05-30
North York, ON

donoreo

Premium Member

Re: How often does your VPN or office network go down?

We have a Nortel (?!?!) VPN, which are now Juniper VPNs I believe. Ours goes down if I am on for a long time (more than 4 hours). Sometimes I have to reboot my laptop to get a re-connection.

You may have the newer version of our system.

However, it could be your internet at home that causes the drop.

Koil
Premium Member
join:2002-09-10
Irmo, SC

Koil

Premium Member

Yeah, it's not my end, most times anyway. That's the first thing I check, as I have a personal laptop across the desk from me.

Since my company is based out of Cali, and I'm in SC, I sometimes wonder if they just preemptively reboot or restart some process in the morning before everyone heads in to the main office. This would be incredibly dumb, as we have people who use this connection all over the world, but it does always seem to happen before 11am east coast...and those left coasters stroll in around 9am their time.
Koil

Koil

Premium Member

Also, there is always a flurry of "Is it fucking down again?" email activity within our team when it happens.

donoreo
Premium Member
join:2002-05-30
North York, ON

donoreo

Premium Member

said by Koil:

Also, there is always a flurry of "Is it fucking down again?" email activity within our team when it happens.

Well that eliminates your end

Koil
Premium Member
join:2002-09-10
Irmo, SC

Koil

Premium Member

I pick up on those subtle clues...

donoreo
Premium Member
join:2002-05-30
North York, ON

donoreo

Premium Member

Well you did not mention the other team members dropping in your OP.

Koil
Premium Member
join:2002-09-10
Irmo, SC

Koil

Premium Member

True, true....just a failed attempt at humor.
ke4pym
Premium Member
join:2004-07-24
Charlotte, NC

ke4pym to Koil

Premium Member

to Koil

Re: Those who work remotely : How often does your VPN go down?

We use Juniper SSL VPN appliances.

They never go down. My VPN connection is as solid as that at my desk.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Koil

MVM

to Koil
Which make / model of Juniper VPN solution are you using?

I used to do support work on the SA6000 series with SSL connection, both Java-based "thin" client and Windows executeable "thick" client.
While we had our share of, as you so eloquently put it, "is it fscking down again?" complaints, here was our SOP to troubleshoot from the
software client and appliance perspective.

- record exact date / timestamp of "disconnect"

- record whether user was interrupted in any other network connectivity, esp. on their home internet -- "sorry, but if your home internet is down, it's not a problem on our end."

- record what apps user was using, which ones were tunneled, and whether some or all of the tunneled apps were affected - you'd be suprised the number of times something borked on the app end rather than it being a "VPN down" problem.

- have user gather their client logs for review by us and Juniper.

- if needed, set up wireshark on user's computer

- gather user session / logging data from the VPN appliance -- our were set to debugging / log all, but it gave us ALOT of details

- determine whether all users or some users on said appliance had a problem at the recorded date / timestamp
corollary : make D**N sure someone who knew what they were doing gave said appliance a once over for any obvious issues -- reboot, crash, hardware / device state, etc.

- confirm network connectivity from ISP to VPN appliance accordingly

- confirm network connectivity from VPN appliance to accessed apps

- run simultaneous packet captures on user computer and VPN appliance... was it a missed keepalive? is the packets passing through the appliance?

- b*tch out supporters of said apps to check their s**t as well -- oh, the PTSD nightmares I had over THIS!

- send above to Juniper to review and confirm

Alot of times we had to give the "no problems found" but at least we could say "due diligence was done per best practices SOP above." Don't know
and don't get me started about the other support teams though.

My 00000010bits

Regards

Koil
Premium Member
join:2002-09-10
Irmo, SC

Koil

Premium Member

Thanks for the insight!

Yeah, I looked over the logs that I could find within "Network Connect" and I can see where the disconnect starts I think, but it gives reason codes that I can't google-fu my way through, and honestly, I *know* at this point its on their end...it's just frustrating that it keeps happening. I think they're having bigger problems today, though, as it's gone down 4 times total.

To answer some of your questions, it looks like we're using (from the Network Connect Info), Juniper SSL v. 7, and I guess it's the thick client, as it is app based, no java. Not sure about the HW behind it...not privy to that.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Koil

MVM

to Koil
...the client logs I SWEAR need a rosetta stone hidden on the 9th level down of some dark corner in some obscure Juniper facility
to read, and Juniper NEVER gives it out, even to their own techs. But still, standard troubleshooting from Juniper called for
them to be supplied.

The logs on the SA appliances are MUCH more human readable, after you apply grep to them. I loved it when I could use them to follow
through a user session of RDP or Citrix, including source and destination IP addresses, session start time, byte count, packet count,
session end time. Now why the app guys didn't have a similar feature in their logs, I'll never understand.
said by Koil:

I guess it's the thick client

How I usually tell the difference :

- thick client had a little blue telephone in the system tray

- thin client had a popup browser window with 'diamond' indicators and session statistics

Regards

tommy13v
Premium Member
join:2002-02-15
Niskayuna NY

tommy13v to Koil

Premium Member

to Koil
Cisco shop here and rarely lose a connection to the VPN. Happened once last month but that was due to a network admin config issue.

Koil
Premium Member
join:2002-09-10
Irmo, SC

Koil to HELLFIRE

Premium Member

to HELLFIRE
said by HELLFIRE:

How I usually tell the difference :

- thick client had a little blue telephone in the system tray

- thin client had a popup browser window with 'diamond' indicators and session statistics

Regards

Hmmm....I don't see either of those. The tray icon looks like an orange lock with a cable running through it, and two dots over the top which flash (sometimes) during network traffic..or at least I think thats why they flash.

The pop-up window (with advanced mode chosen) has 5 tabs on it:
Session
Logs
Information
Diagnostic
Performance
Koil

Koil to tommy13v

Premium Member

to tommy13v
said by tommy13v:

due to a network admin config issue.

Something tells me that's the problem we have, too.

Wily_One
Premium Member
join:2002-11-24
San Jose, CA

Wily_One to Koil

Premium Member

to Koil
We use Cisco VPN (AnyConnect) and only very rarely do I get an unexpected disconnect. We have a 24-hr connection time limit on ours, and a couple of times I've forgotten to log out.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet to Koil

MVM

to Koil
said by Koil:

How often does your VPN go down?

never -- unless my laptop goes to sleep.

i use a mixture of ipsec and ssl vpn terminated on cisco asa. has been rock solid for me.

although -- more often than not -- i just use my virtual desktop session to perform remote work. i hop from computer to computer a lot (or to my ipad) -- so i like to have ubiquitous connectivity and not have to restart my work/sessions.

q.

milnoc
join:2001-03-05
Ottawa

milnoc to Koil

Member

to Koil
Linux machines loaded with OpenVPN. It's a royal pain to configure the first time because the help available on-line is often more cryptic than OpenVPN's SSL layer. But once it's set up, it stays up.

LazMan
Premium Member
join:2003-03-26
Beverly Hills, CA

LazMan to Koil

Premium Member

to Koil
We use a Cisco solution to support about 10k VPN users...

Clustered, geo-diverse servers.

I won't say it never hiccups - but rarely. And if it does drop, it reconnects right away.

Realistically, I'd say maybe once every couple of months, I'll get booted, and have to reconnect? And because I'm connecting over cellular modem sometimes; there's a very real possibility the issue is at my end, more often then not.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano to Koil

MVM

to Koil
I work from home a lot and the VPN is very stable. I've used Nortel, Cisco, Native Windows 7 client (L2TP/IPSec/SSL) ... all stable.

On occasion I had a disconnect when on wireless at home, rarely/never when on cable.

OldCableGuy3
@207.191.193.x

OldCableGuy3 to Koil

Anon

to Koil
Global company with Cisco VPN concentrators at 3 POP on our network (Africa, North America, and Europe), with 15k to 20k employees online at one time, I don't believe we've had an outage.... well... ever, that I can remember.

Nightfall
My Goal Is To Deny Yours
MVM
join:2001-08-03
Grand Rapids, MI

Nightfall to Wily_One

MVM

to Wily_One
said by Wily_One:

We use Cisco VPN (AnyConnect) and only very rarely do I get an unexpected disconnect. We have a 24-hr connection time limit on ours, and a couple of times I've forgotten to log out.

Same here. Our connection point is also 50mb fiber which is very nice. Love the Cisco Anyconnect client too.

Koil
Premium Member
join:2002-09-10
Irmo, SC

Koil

Premium Member

You guys are really depressing me.

Chubbzie
join:2014-02-11
Greenville, NC

Chubbzie to Koil

Member

to Koil
0% downtime or disconnects in the last 7 years (except for patches or IOS updates)... its treated us rather well.

Nightfall
My Goal Is To Deny Yours
MVM
join:2001-08-03
Grand Rapids, MI

Nightfall to Koil

MVM

to Koil
said by Koil:

You guys are really depressing me.

Well, do you have other users who are experiencing the problem on the VPN or is it just you?

Koil
Premium Member
join:2002-09-10
Irmo, SC

Koil

Premium Member

Yeah, I mentioned above how when it happens, there is always a lot of email from my team asking if it's gone down again, etc...not sure what the deal is, but its really a massive PITA. As I mentioned, I can be dialed in to a customer box with 3-4 SSH sessions open, various ODBC connections, each performing some type of script or task and to lose the connection in the middle of that is no bueno. And even if I'm not running anything thats critical or delicate, having to go back and reconnect all those sucks as well.

I know they're aware of it...help tickets are opened regularly.

I don't know what they problem is, but I wish they would get it figured out or get someone in there who does. As the replies to this thread seem to indicate, when it's done correctly, it should be able to stay up for more than 12 hours without a drop.

Nightfall
My Goal Is To Deny Yours
MVM
join:2001-08-03
Grand Rapids, MI

Nightfall

MVM

said by Koil:

I don't know what they problem is, but I wish they would get it figured out or get someone in there who does. As the replies to this thread seem to indicate, when it's done correctly, it should be able to stay up for more than 12 hours without a drop.

I apologize, I really just skimmed the thread. Sounds like you have things in progress.

BlueMist
join:2011-01-24
Cookeville, TN

BlueMist to Koil

Member

to Koil
I have run into a similar situation where everyone blamed the host VPN configuration and or management at the host.

Ultimate problem was identified to be a ISP router a hop or two away from the VPN host site that had a router set to reboot daily by mistake. Apparently the problem router was supposed to reboot once to force all users to reconnect and activate an upgrade of some kind or other but it was mistakenly configured for a daily boot.

Most likely the problem is at the host site but sometimes host sites get blamed for more than they have physical control over.

houkouonchi
join:2002-07-22
Ontario, CA

houkouonchi to Koil

Member

to Koil
VPN almost never goes down but its openvpn and I manage it so not surprising there

It does kick everyone off every now and then when more than 1 user is added or removed in a single commit to our VPN git repo but that isn't too common.

Koil
Premium Member
join:2002-09-10
Irmo, SC

Koil to BlueMist

Premium Member

to BlueMist
said by BlueMist:

I have run into a similar situation where everyone blamed the host VPN configuration and or management at the host.

Ultimate problem was identified to be a ISP router a hop or two away from the VPN host site that had a router set to reboot daily by mistake. Apparently the problem router was supposed to reboot once to force all users to reconnect and activate an upgrade of some kind or other but it was mistakenly configured for a daily boot.

Most likely the problem is at the host site but sometimes host sites get blamed for more than they have physical control over.

said by BlueMist:

I have run into a similar situation where everyone blamed the host VPN configuration and or management at the host.

Ultimate problem was identified to be a ISP router a hop or two away from the VPN host site that had a router set to reboot daily by mistake. Apparently the problem router was supposed to reboot once to force all users to reconnect and activate an upgrade of some kind or other but it was mistakenly configured for a daily boot.

Most likely the problem is at the host site but sometimes host sites get blamed for more than they have physical control over.

That's a good point. I guess it could be something in the middle or something in the backbone causing the issue. Still, though, with as many issues as we have, I would have figured someone would have sniffed out stuff like that by now....but who knows.