News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  VPN
linktree Topic: Intermittent VPN problem (DNS?)
Pages: [1]
Topic: Intermittent VPN problem (DNS?)  (Read 1898 times)
« on: June 14, 2007, 15:54:20 »
linuxamp
Guest
M0n0wall 1.231 Generic PC image
Fiber PPPoE WAN
PPTP VPN
dyndns WAN setup
XPSP2 clients

Some users are having an intermittent problem accessing the VPN from their homes but others seem to be able to access it just fine.  VPN use in our office is low so it is possible that those who say it always works just haven't had the problem yet.

When users are unable to connect, the VPN connection status does not even reach the "verifying username..." dialog, it simply times out and retries.  The XP VPN connection on remote clients is set to use the dyndns address.  When this fails users ping the dyndns name to get the IP address then change their VPN settings to use the IP instead of the domain name.  It sometimes takes a few attempts but eventually connects.  Subsequent connections using either the IP or domain name also seem to work.

My first guess was a DNS problem but if the name resolves correctly with ping then why would it not work with the first VPN attempt.   Is it possible that the M0n0 VPN is somehow sleeping untill directly accessed by IP?

Any suggestions???
« Reply #1 on: June 16, 2007, 03:38:30 »
cmb *****
Posts: 851
Quote from: linuxamp on June 14, 2007, 15:54:20
When users are unable to connect, the VPN connection status does not even reach the "verifying username..." dialog, it simply times out and retries. 

What is the error code it gives?

Quote from: linuxamp on June 14, 2007, 15:54:20
My first guess was a DNS problem but if the name resolves correctly with ping then why would it not work with the first VPN attempt.   Is it possible that the M0n0 VPN is somehow sleeping untill directly accessed by IP?

Connections work exactly the same whether you connect via DNS or IP. The only difference is on the client, it resolves the DNS hostname to an IP and then connects to that IP. There's no way for m0n0wall to even know whether they're connecting using DNS or IP.

My first guess based on your description is some people are behind stupid/broken/flaky NAT boxes. PPTP uses the GRE protocol which is notorious for having issues with NAT. The people it always works for probably either connect directly with a public IP (no NAT) or use a NAT device that doesn't screw up GRE.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines