#297812 - 02/05/2007 22:34
VPN Help Anyone?
|
old hand
Registered: 17/01/2003
Posts: 998
|
I'm located in the US and use Huges Net two way satellite connection for my broadband internet connection. It’s the only option I have other than dial-up.
I recently upgraded graded to their DW7000 receiver and now I can not connect up to work via VPN. I now just upgraded to a static IP and still cannot connect.
I’m about to give up.
Any suggestion on getting this to work with VPN?
|
Top
|
|
|
|
#297813 - 03/05/2007 00:44
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
|
Aren't latency times over satellite too high to allow a VPN to be useful anyway?
That said, we'll need more information about what sort of VPN you're using and the equipment on either end.
_________________________
~ John
|
Top
|
|
|
|
#297814 - 03/05/2007 10:29
Re: VPN Help Anyone?
[Re: JBjorgen]
|
old hand
Registered: 17/01/2003
Posts: 998
|
Quote: Aren't latency times over satellite too high to allow a VPN to be useful anyway?
That said, we'll need more information about what sort of VPN you're using and the equipment on either end.
Thanks, I have a DW7000 satellite modem, box, whatever you call it. I connect to this devise via 100 Mbps Ethernet. It then connects me to the internet and I now should have a static ID.
I’ve tried connecting to two different VPN networks…
Cicso systems VPN Client version 4.8.0.00.0440
…and the other is…
Nortel Contivity VPN Client v04_65.09
Both work OK when I connect to a dial-up ISP.
Maybe my issue is that I now connect to the DW7000 satellite modem thing through Ethernet and then I get sent to the web???? Maybe this intermediate network step is causing VPN not to work???
The old satellite modem work at one time (before Huges did “something”) and I connected directly to that via USB.
thanks for your help
|
Top
|
|
|
|
#297815 - 03/05/2007 12:31
Re: VPN Help Anyone?
[Re: Redrum]
|
addict
Registered: 11/01/2002
Posts: 612
Loc: Reading, UK
|
What you say you want to do is 100% do-able. Latency is not an issue. However That doesn't mean that you can do it - it is possible (but unlikely) that some of the components are crippled (most probably the satellite connection may be filtered). It's also possible that this isn't a true satellite modem. One approach to satellite is a true bi-directional ground-space connection - the other is to have a 'slow' ground to ground connection for data flowing from you to the internet (ie page GETs) and then a clever bit of s/w on the PC that looks for HTTP responses on the asynchronous satellite connection (ever seen web connections served by DVB-S satellites?). Assuming it's a bidirectional connection. the most obvious first: you need to look at your PC firewall to ensure the vpn client can penetrate it. You need to make sure your VPN is trying to connect via ethernet. Can you ping your VPN (far) endpoint?
_________________________
LittleBlueThing
Running twin 30's
|
Top
|
|
|
|
#297816 - 03/05/2007 13:03
Re: VPN Help Anyone?
[Re: LittleBlueThing]
|
old hand
Registered: 17/01/2003
Posts: 998
|
Quote: What you say you want to do is 100% do-able. Latency is not an issue.
However
That doesn't mean that you can do it - it is possible (but unlikely) that some of the components are crippled (most probably the satellite connection may be filtered).
It's also possible that this isn't a true satellite modem. One approach to satellite is a true bi-directional ground-space connection - the other is to have a 'slow' ground to ground connection for data flowing from you to the internet (ie page GETs) and then a clever bit of s/w on the PC that looks for HTTP responses on the asynchronous satellite connection (ever seen web connections served by DVB-S satellites?).
Assuming it's a bidirectional connection. the most obvious first: you need to look at your PC firewall to ensure the vpn client can penetrate it. You need to make sure your VPN is trying to connect via ethernet. Can you ping your VPN (far) endpoint?
Thanks, yes it is bidirectional and the newest modem with the faster service. I just got a static IP hoping that would fix the issue.
I just turned off all the firewalls and still no luck.
I can get to the signon screen for both VPN's. With Cisco it just says connection (forever) and with Nortel I get a Banner Text can not be displayed. Somebody said one time it has something to do with NAT or something. I have my home network bridged so other PC's at home can connect to the web.
I have no control over the end-pionts and I'm sure they won't make any changes for just me.
thanks
|
Top
|
|
|
|
#297817 - 03/05/2007 13:13
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31604
Loc: Seattle, WA
|
Have you tried calling the satellite company and saying that you're having trouble with VPN connections after the upgrade?
|
Top
|
|
|
|
#297818 - 03/05/2007 13:22
Re: VPN Help Anyone?
[Re: tfabris]
|
old hand
Registered: 17/01/2003
Posts: 998
|
Quote: Have you tried calling the satellite company and saying that you're having trouble with VPN connections after the upgrade?
Yes, I called India. They and thier web site says - "While VPN may work we do not suport or recommend you use VPN with Huhges." Have a nice day.
The support for Direcway is way over bad. It took me three calls and was down for 8 hours just to get a staic IP.
|
Top
|
|
|
|
#297819 - 03/05/2007 13:25
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Quote: I have my home network bridged so other PC's at home can connect to the web.
The way you put it, it sounds like you're using the Windows Connection Sharing thing. If so, which computer are you trying to connect from? The one that's connected directly to the modem or one that's connected to the sharing computer?
_________________________
Bitt Faulk
|
Top
|
|
|
|
#297820 - 03/05/2007 13:43
Re: VPN Help Anyone?
[Re: wfaulk]
|
old hand
Registered: 17/01/2003
Posts: 998
|
Quote:
Quote: I have my home network bridged so other PC's at home can connect to the web.
The way you put it, it sounds like you're using the Windows Connection Sharing thing. If so, which computer are you trying to connect from? The one that's connected directly to the modem or one that's connected to the sharing computer?
I'm using the one that is connected directly to the modem via ethernet. I didn't try the other ones because I thought the bridged network would even be less likely to work. I'm thinking since I'm using ethernet to connect directly to the modem that may be causing the issue.
Even though it's directly connected it's still an internal network. Maybe I'm wrong. I've got no idea and have been at this for days.
|
Top
|
|
|
|
#297821 - 03/05/2007 14:54
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Sorry if you've covered this before:
You said it used to work. Was that with the same computer hooked up to the old satellite system, or just via dialup?
Is your computer's IP address in one the ranges 10.0.0.0 through 10.255.255.255, 192.168.0.0 through 192.168.255.255, or 172.16.0.0 through 172.31.255.255? A simple "yes, it's in one of those ranges" or "no, it's not in those ranges" will do. No reason to tell us your actual IP address if you don't want to.
When you say your VPN client gets to the "signon screen", do you mean it gets to the point where it asks for a username and password?
On the Cisco VPN (I happen to have that one readily available to me), click on your "Connection Entry", then click the "Modify" button. There will be a hostname or IP address in the "Host" field. (This might actually be shown in the main window.) Open a command prompt and see if you can ping that computer.
Let's start with that and see where we end up.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#297822 - 03/05/2007 15:30
Re: VPN Help Anyone?
[Re: wfaulk]
|
old hand
Registered: 17/01/2003
Posts: 998
|
Thanks for your help.
Q) Was that with the same computer hooked up to the old satellite system, or just via dialup?
A) It worked intermittently when I had an old satellite modem. This modem connected to my PC via a USB connection. Not Ethernet like now. I upgraded so that I could take advantage of a faster upload speed. VPN was using the lower upload speed as the max two-way connection speed. This slowed me down a lot.
Q) What is the IP address you use to connect to the Satellite modem
A) Here’s my ipconfig for that connection. The PC also has a Token Ring card connected to another old PC and another Ethernet port not used at the moment. I also have another PC on the below Ethernet network. That’s why its bridged.
Ethernet adapter Network Bridge (Network Bridge) 3:
Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.0.4 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1
Q) When you say your VPN client gets to the "signon screen", do you mean it gets to the point where it asks for a username and password?
A) Yes, I get to the sign on screen and enter my ID and password. Then I get no farther.
Q) There will be a hostname or IP address in the "Host" field. (This might actually be shown in the main window.) Open a command prompt and see if you can ping that computer
a) Yes, pings fine
|
Top
|
|
|
|
#297823 - 03/05/2007 15:52
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Quote: Here’s my ipconfig for that connection. The PC also has a Token Ring card connected to another old PC and another Ethernet port not used at the moment. I also have another PC on the below Ethernet network. That’s why its bridged.
Okay, now I'm really confused.
How are your computers and networking equipment connected to each other physically? What I'm getting right now is that you have the modem connected to an ethernet switch, into which you also have two computers connected, including this one. Then you also have another computer connected to this one via token ring. (Out of curiosity, why token ring? Is that some computer that you cannot put an ethernet interface in for some reason?)
If that's correct, how is this computer getting its IP address? Via DHCP? Is 192.168.0.1 your wireless modem? The other computer that's on the same network, is its default route also 192.168.0.1? Can you try setting up the VPN client on that machine so that we can take the connection sharing stuff out of the equation?
_________________________
Bitt Faulk
|
Top
|
|
|
|
#297824 - 03/05/2007 16:08
Re: VPN Help Anyone?
[Re: wfaulk]
|
old hand
Registered: 17/01/2003
Posts: 998
|
I know it is a mess but it connected all the PC’s and I didn’t have to spend any $ .
I pulled the wires on the entire house networking stuff. Now it’s just one PC connected to the modem, still no VPN
If you still think the home stuff might interfere I’ll explain more here, if not just disregard. The master PC is connected to the sat. modem via one ethernet card. This PC is also connected to a second PC via Ethernet and a twisted cable (no switch). This “networked is bridged to the master-modem network so the second PC can connect to the web. The third PC is connect to a TR switch and the master PC is connected to this TR switch as well. This connection is not bridged to the web and is only used to connect the master PC to the third PC so I can take control of the master PC remotely via the third PC. If your not totally confused now I am amazed 
|
Top
|
|
|
|
#297825 - 03/05/2007 16:26
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Okay, so your master PC has three distinct network cables running from it, right?
I assume that when you unplugged everything, you just unplugged all the cables except for the one that runs from the master PC to the modem.
Unfortunately, that doesn't really take the "Network Connection Sharing" out of the picture.
Would it be feasible to plug the second PC directly into the modem (configuring its network so that it is able to access the internet that way, obviously) and install the VPN client software on it? If so, do that. If it still doesn't work, it's likely that something in your ISP's network is preventing the VPN from working. If it does work from there, we can assume that there's a configuration problem with the "Network Connection Sharing".
Actually, one thing you might check first is this: open your Cisco VPN client, modify the appropriate configuration entry, click on the "Transport" tab, and see if "Enable Transparent Tunneling" is checked. If not, check it and try again, if it is, try changing the protocol to the other one. Basically, try every possible option: transparent-disabled, transparent-udp, and transparent-tcp.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#297826 - 03/05/2007 16:28
Re: VPN Help Anyone?
[Re: Redrum]
|
pooh-bah
Registered: 25/08/2000
Posts: 2413
Loc: NH USA
|
I suggest you simplify things until you get your VPN up and running.
Remove the second ethernet card from the master PC, leaving only the one connected to the modem. Multi-homed machine troubleshooting (i.e. a machine bridging networks) is a bear.
Try to get the VPN client working in this configuration. If you can, then you'll know the issue is in the routing.
-Zeke
_________________________
WWFSMD?
|
Top
|
|
|
|
#297827 - 03/05/2007 16:34
Re: VPN Help Anyone?
[Re: wfaulk]
|
old hand
Registered: 17/01/2003
Posts: 998
|
I'll try the second PC however it is in another part of the house and I'll need to move it to the modem.
One thing I'd like to make clear is when I use a dialup ISP both VPN's work fine.
I can't change the settings (at least easily) on the Cisco VPN they have them locked down somehow.
|
Top
|
|
|
|
#297828 - 03/05/2007 16:35
Re: VPN Help Anyone?
[Re: Ezekiel]
|
old hand
Registered: 17/01/2003
Posts: 998
|
Quote: I suggest you simplify things until you get your VPN up and running.
Remove the second ethernet card from the master PC, leaving only the one connected to the modem. Multi-homed machine troubleshooting (i.e. a machine bridging networks) is a bear.
Try to get the VPN client working in this configuration. If you can, then you'll know the issue is in the routing.
-Zeke
Yea I removed all the other cables. I know setting them up was a pain.
|
Top
|
|
|
|
#297829 - 03/05/2007 16:42
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
|
It sounds like your satellite modem is also acting as a router. Can you log into the modem/router through a web interface? If so, see if it has a VPN passthrough function that you can enable. Also, more info: HughesNet VPN FAQ
Edited by JBjorgen (03/05/2007 16:51)
|
Top
|
|
|
|
#297830 - 03/05/2007 16:43
Re: VPN Help Anyone?
[Re: wfaulk]
|
old hand
Registered: 17/01/2003
Posts: 998
|
What I'm confused about is the static IP I got. Does this IP go from -> my PC through the modem to the end-piont? If ao that is not working because my PC is known to the modem as 193.168.0.4 and then on the web when I find my web I{P its different.
When I use dialup I'm one IP from the ISP to the VPN end point and then the ISP converts that to the dialup connection and passes the info to me. Maybe since I'm using one IP to coinnect to the modem and another IP to connect to VPN that's the issue????
|
Top
|
|
|
|
#297831 - 03/05/2007 16:48
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Basically, your modem has a static IP. Your PC has a "private" IP address that is translated to that static IP by your router. This is probably where your problem is. Can you at least see the options in your VPN client? Which is it set to?
Edited by wfaulk (03/05/2007 16:50)
_________________________
Bitt Faulk
|
Top
|
|
|
|
#297832 - 03/05/2007 16:49
Re: VPN Help Anyone?
[Re: JBjorgen]
|
old hand
Registered: 17/01/2003
Posts: 998
|
The only thing I can find to change is stuff like this
Attachments
298638-Screen.bmp (124 downloads)
|
Top
|
|
|
|
#297833 - 03/05/2007 17:02
Re: VPN Help Anyone?
[Re: wfaulk]
|
old hand
Registered: 17/01/2003
Posts: 998
|
Quote: Basically, your modem has a static IP. Your PC has a "private" IP address that is translated to that static IP by your router. This is probably where your problem is. Can you at least see the options in your VPN client? Which is it set to?
I've thought that was the problem but I don't know what to do about it. This new modem has no other connections, just ethernet
I can see Cisco settings .....
Enable Transport Tunneling - is checked
IPSec over TCP – is selected
TCP Port is 1000
I can see
|
Top
|
|
|
|
#297834 - 03/05/2007 17:04
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Weird. That should be the absolutely most stable option.
You say they won't change anything for you, but will they help you troubleshoot at all? It might be helpful to see if they're getting any errors on their side.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#297835 - 03/05/2007 17:18
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 29/08/2000
Posts: 14497
Loc: Canada
|
[deadpan] It would probably help a lot if you could set up VPN access so that Bitt could tunnel in and play with the settings [/deadpan].
|
Top
|
|
|
|
#297836 - 03/05/2007 17:32
Re: VPN Help Anyone?
[Re: wfaulk]
|
old hand
Registered: 17/01/2003
Posts: 998
|
Quote: Weird. That should be the absolutely most stable option.
You say they won't change anything for you, but will they help you troubleshoot at all? It might be helpful to see if they're getting any errors on their side.
Yea those setting work great with dialup via an ISP (Netzero).
I'll try but most of those people hide and even a TR doesn't find them. They'll just say "It works for everyone else. Move somewhere in town and get DSL."
|
Top
|
|
|
|
#297837 - 03/05/2007 17:32
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
|
_________________________
~ John
|
Top
|
|
|
|
#297838 - 03/05/2007 17:36
Re: VPN Help Anyone?
[Re: mlord]
|
old hand
Registered: 17/01/2003
Posts: 998
|
Quote: [deadpan] It would probably help a lot if you could set up VPN access so that Bitt could tunnel in and play with the settings [/deadpan].
I'm sure getting into my PC will be much easier than me getting out.
|
Top
|
|
|
|
#297839 - 03/05/2007 17:48
Re: VPN Help Anyone?
[Re: mlord]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Quote: [deadpan] It would probably help a lot if you could set up VPN access so that Bitt could tunnel in and play with the settings [/deadpan].
|
Top
|
|
|
|
#297840 - 03/05/2007 18:01
Re: VPN Help Anyone?
[Re: JBjorgen]
|
old hand
Registered: 17/01/2003
Posts: 998
|
Quote: More info
Thanks. That is the best document I've seen so far. It mentions I need a router.
I'll buy a router if that fixes the issue. What is your confidence level that a router will fix me up?
I'm now paying an addition $10 a month for the static IP and that did nothing. unless they set it up wrong,
|
Top
|
|
|
|
#297841 - 03/05/2007 18:16
Re: VPN Help Anyone?
[Re: Redrum]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Your main computer is functioning as a router. That's what "Internet Connection Sharing" does.
Can you run through their steps and find if you fall under "Static IP and DHCP disabled" or "Static IP and DHCP enabled", please?
_________________________
Bitt Faulk
|
Top
|
|
|
|
|
|