Re: VPN problems
- From: "Graham J" <graham@xxxxxxxxxxxxxxxx>
- Date: Wed, 9 Sep 2009 15:50:16 +0100
"Justin C" <justin.0908@xxxxxxxxxxxxxx> wrote in message
news:695a.4aa78f1f.49023@xxxxxx
On 2009-09-09, Graham J <graham@xxxxxxxxxxxxxxxx> wrote:
"Chris Ridd" <chrisridd@xxxxxxx> wrote in message
news:7gpb73F2qgmslU1@xxxxxxxxxxxxxxxxxxxxx
On 2009-09-09 10:01:07 +0100, Justin C said:
OK, not Mac specific, I apologise for that. The reason I'm asking here
is for the combined intelligence and experience, I hope you don't mind.
We are both using Macs both home and at work (The Boss doesn't like
computers at the best of times, but he's much, *much* happier with his
Mac than he was with his Windows box). Anyway...
Work has a Netgear firewall. The firewall handles six VPN connections
to
various locations. Two of those connections are to the homes of The
Boss and myself. Over the last few months our VPN connections have been
getting less and less reliable. It's reached the point now where I
cannot access my home network from work, and The Boss cannot work from
home. Accessing work from home is something I do very rarely but I am
still able to ssh in. The Boss never connects to home from work,
there's
no machine one while he's at work.
There have been no changes to the setup, and the other VPN connections
work without problem.
What sort of VPN are you using? There's basically 2 popular kinds - PPTP
and IPSEC.
The Boss and I are both with ISPs that have been taken over by Tiscali
(Nildram and Pipex), according to web-searches "VPN is an un-supported
service". Is it possible that Tiscali are somehow blocking VPN traffic
to encourage users to up-grade to business accounts?
It does look a bit suspicious doesn't it? It seems odd that Tiscali
would
need to run any kind of "service" to support passing your VPN
connections
through.
Currently we're considering moving from our respective ISPs, we just
need more reason than "maybe it's tiscali" that our VPN isn't working.
My experience is that PPTP connections are very sensitive to delays, so
that
they don't work with a domestic grade ISP during busy times. Generally
ok
midnight to 6 am ...!
My recommendation:
1) At head office get a professional grade ISP (Andrews & Arnold, or Zen)
who gives you a static IP address. Install a Vigor router.
We currently have a Demon business package which we're reasonably happy
with - certainly not unhappy enough to make a change. (Static IP).
2) If possible at all of the "home" locations - but especially The Boss -
again use a professional ISP and get a static IP address. At all these
locations also install a Vigor router.
My home does have a static IP. All routers are Netgear FVS318. Like I
said, this all used to work, and still does for four out of six.
3) Configure all the "home" Vigor routers for IPSEC LAN-to-LAN VPN
connections. That way the client machines need know nothing whatever
about
establishing the VPN connections, everything is done by the routers.
Users
will have to know the IP address(es) of the machine(s) they wish to
communicate with on the remote network(s). This will need planning.
That's what I've done, and that's what worked.
Do these routers support syslog output? If so, capture the log traffic and
identify the failures - you should get some useful information that you can
post here.
That said, are the VPNs actually failing? Is there some other
unreliability? Get two spare computers, (PC or Mac or anything, doesn't
matter) one at head office, the other at your home, and leave both running
ping across the VPN to the other. Does either of them ever fail?
--
Graham J
.
- Follow-Ups:
- Re: VPN problems
- From: Justin C
- Re: VPN problems
- References:
- VPN problems
- From: Justin C
- Re: VPN problems
- From: Chris Ridd
- Re: VPN problems
- From: Graham J
- Re: VPN problems
- From: Justin C
- VPN problems
- Prev by Date: Re: 10.6.1 suggestions
- Next by Date: Re: Software that doesn't play nicely with SL
- Previous by thread: Re: VPN problems
- Next by thread: Re: VPN problems
- Index(es):
Relevant Pages
|
