VPN issues

[eggy]

Realise this isn't to do with daoc, but there seems to be a lot of knowledgable technies on here.

Our small business server here used to have an ADSL connection. VPN into the server from outside worked with no problems whatsoever.

We recently changed ISP/connection to SDSL. So we have a new IP.

Purchasing a second router, we set this up. The connection works fine, no problems there. However, VPNing in to the system on the new IP just sticks on "Verifying username and password" then comes up with error 721.

We have the old ADSL connection still active - if I change back to that, VPN works fine. I've tried several routers on the SDSL connection but still no luck. In fact, we have equivalent Netgear routers with the same settings (as far as I can see) for both ADSL and SDSL, but SDSL VPN still won't work.

Was thinking it might be a setting under SBS I've missed.

Any bright ideas?

 

[Bahumat]

Realise this isn't to do with daoc, but there seems to be a lot of knowledgable technies on here.

Our small business server here used to have an ADSL connection. VPN into the server from outside worked with no problems whatsoever.

We recently changed ISP/connection to SDSL. So we have a new IP.

Purchasing a second router, we set this up. The connection works fine, no problems there. However, VPNing in to the system on the new IP just sticks on "Verifying username and password" then comes up with error 721.

We have the old ADSL connection still active - if I change back to that, VPN works fine. I've tried several routers on the SDSL connection but still no luck. In fact, we have equivalent Netgear routers with the same settings (as far as I can see) for both ADSL and SDSL, but SDSL VPN still won't work.

Was thinking it might be a setting under SBS I've missed.

Any bright ideas?

VPN is something i have to support at work, but its a fucking knightmare. I remember you previously posted this and had not much luck.

goto a VPN forum if there is one, its such a pedantic program i always find you have so many things to check to fix a problem which soon fixes itself.

 

[xxManiacxx]

Working at solving VPN problem at work myself atm.

I really hate it all.

 

[Gahn]

Uhm could be routing issues maybe?

 

[Daedalus]

Check the certificates as well.

 

[Gahn]

Also where your firewall lies?

 

[Killswitch]

This is a common problem that we used to have with many of our clients when we used the Windows-bases PPTP VPN system. PPTP uses a protocol called GRE (IP protocal 47 iirc) to pass traffic. This is supposed to protect the connection against routing changes. What we found was that various systems 'remember' the paths that they use for GRE so we'd find that if we had 2 ADSL lines going into a network we could VPN in via one and not the other one, but they'd swap around at random (which was very annoying).

Only thing I can suggest is to reboot EVERYTHING between the client and the server including any routers/cablemodems/switches at the remote end of the connection (and the client and server machines of course).

You will also have problems if you have two people trying to connect from the same IP address (ie a hotel or satellite office) for the same reason as above.

Long term (if you can) I would seriously recommend a move to OpenVPN. This doesn't use GRE and doesn't suffer from problems with persistent routes. It's also quicker and more secure.

EDIT: Oh yeah...if you need to use a new router for the SDSL then see if it has options to allow traffic by protocol. If it does, make sure IP protocol 47 is allowed. Obviously if the same router works on the ADSL and not the SDSL then ignore this.

 

[Mojo]

Like gahn said it sounds like a routing issue. are your VPN ports open and forwarding to your vpn server?

I had an other issue or 3 when setting up a vpn for some friends. I will try to explain on that trips people up.

I was trying to set up a vpn for 3 mates, all 3 had linksys routers. Due to the fact that they were all the same make router they were giving out all the same network info, IE all router had the ip of 192.168.1.1 and were all giving out 192.168.1.x network adresses to their clients.

The upshot of this was that each client had its own ip adress of 192.168.1.x and the vpn connection was giving the vpn connection of 192.168.1.x

So where to route the packets???? your network or your mates, wel the network got confused and fell over.

I resolved this by changing the routers so that they were on different subnets by simply changing the default netwrok address and subsequesntly the subnet mask.

I left 1 of the routers on the default 192.168.1.x and put the other 2 on 192.168.2.x and 192.168.3.x (and changed the subnet masks to refelct the different netwrok adress) The linksys router calculated the mask for me as they were funky and had new firmware)

did that make sense?