F
Frank
Hello everyone, I have FINALLY resolved an ongoing issue with our VPN
connections that we have been experiencing for over a year now. I will share
these findings with this forum in case others can benefit from our
situation. First let me explain the problem.
The Problem:
It can take up 6 retries for any remote user to successfully created a
remote PPTP connection to our servers. Whenever we try to connect it display
the following message:
Verifying username and password...
And it sit there displaying this message for about 30-40 seconds, then it
says: "error: 721 The remote computer did not respond."
Network Setup:
We have two netopia routers on our network. They both have their own
separate WAN connection (we use a lot of bandwidth, hence the need for two
WAN connections). One RAS server is configured to use one router as it's
gateway, and the other RAS server uses the second router as it's gateway.
When PPTP connections are made, the connection comes in and back out the
same router (this I made sure). We use a multi-NAT for routing service
request to internal servers. FTP, WWW, RDP, PCAnywhere, SSL, PPTP, MAIL,
etc...all these services are routed to internal servers/workstations. We
have approximately 32 public IP addresses, hence why we use Multi-NAT for
routing public services to internal servers. Everything works perfectly,
EXCEPT PPTP (VPN) connections. We have struggled with this for a year now.
For whatever reason, it struggles to make a successful connection to our RAS
servers. Like I said, it can take up to 6 retries to successfully connect to
our RAS servers (up to 30 retries if the remote user is behind a Linksys
router).
The Fix:
Today, I decided to try something different. I decided to use the router's
public IP address for PPTP requests, instead of one of the other public IP
addresses our ISP assigned us, and simply forward PPTP (TCP 1723 & IP 47)
requests to the internal servers. Therefore, the only difference is that I
am using a pingable IP address which happens to belong to the router instead
of using one of the public IP addresses I have NATed. For whatever reason,
this solved our problem with connecting to the RAS server. We no longer have
to retry up to 6 times to successfully connect.
Conclusion:
I have NO clue as to why I have to use the router's public IP address rather
than any of the other 31 public IP addresses our ISP assigned to us. This
was ONLY an issue with the PPTP service. All the other services work
perfectly with the router's Multi-NAT table. In the end I don't know whether
it's a router issue (ie, Netopia has problems routing PPTP requests), or a
protocol issue (PPTP has problems when NATed), or whatever. All I can tell
you is that our specific problem was resolved by using the router's public
IP address for PPTP requests and then forwarding that request to our RAS
servers rather than using NAT to forward PPTP requests on a specific public
IP assigned to us from our ISP.
If anyone cares to comment on why it works perfectly this way, and not when
using a NATed IP addresses, I'd be happy to read and learn. Can it be an ISP
related issue? The type of network they form with their clients is a Bridged
network. Can a Bridged network be the reason PPTP struggles when NATed to an
assigned IP rather than when using the router's IP? By the way, the router's
IP is the only pingable public IP, not that that should make any difference
at all. All comments welcomed.
~Frank
connections that we have been experiencing for over a year now. I will share
these findings with this forum in case others can benefit from our
situation. First let me explain the problem.
The Problem:
It can take up 6 retries for any remote user to successfully created a
remote PPTP connection to our servers. Whenever we try to connect it display
the following message:
Verifying username and password...
And it sit there displaying this message for about 30-40 seconds, then it
says: "error: 721 The remote computer did not respond."
Network Setup:
We have two netopia routers on our network. They both have their own
separate WAN connection (we use a lot of bandwidth, hence the need for two
WAN connections). One RAS server is configured to use one router as it's
gateway, and the other RAS server uses the second router as it's gateway.
When PPTP connections are made, the connection comes in and back out the
same router (this I made sure). We use a multi-NAT for routing service
request to internal servers. FTP, WWW, RDP, PCAnywhere, SSL, PPTP, MAIL,
etc...all these services are routed to internal servers/workstations. We
have approximately 32 public IP addresses, hence why we use Multi-NAT for
routing public services to internal servers. Everything works perfectly,
EXCEPT PPTP (VPN) connections. We have struggled with this for a year now.
For whatever reason, it struggles to make a successful connection to our RAS
servers. Like I said, it can take up to 6 retries to successfully connect to
our RAS servers (up to 30 retries if the remote user is behind a Linksys
router).
The Fix:
Today, I decided to try something different. I decided to use the router's
public IP address for PPTP requests, instead of one of the other public IP
addresses our ISP assigned us, and simply forward PPTP (TCP 1723 & IP 47)
requests to the internal servers. Therefore, the only difference is that I
am using a pingable IP address which happens to belong to the router instead
of using one of the public IP addresses I have NATed. For whatever reason,
this solved our problem with connecting to the RAS server. We no longer have
to retry up to 6 times to successfully connect.
Conclusion:
I have NO clue as to why I have to use the router's public IP address rather
than any of the other 31 public IP addresses our ISP assigned to us. This
was ONLY an issue with the PPTP service. All the other services work
perfectly with the router's Multi-NAT table. In the end I don't know whether
it's a router issue (ie, Netopia has problems routing PPTP requests), or a
protocol issue (PPTP has problems when NATed), or whatever. All I can tell
you is that our specific problem was resolved by using the router's public
IP address for PPTP requests and then forwarding that request to our RAS
servers rather than using NAT to forward PPTP requests on a specific public
IP assigned to us from our ISP.
If anyone cares to comment on why it works perfectly this way, and not when
using a NATed IP addresses, I'd be happy to read and learn. Can it be an ISP
related issue? The type of network they form with their clients is a Bridged
network. Can a Bridged network be the reason PPTP struggles when NATed to an
assigned IP rather than when using the router's IP? By the way, the router's
IP is the only pingable public IP, not that that should make any difference
at all. All comments welcomed.
~Frank
