VPN connection problems when more than one client on home ..

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I have a home network of 3 PCs connected to the internet via an ADSL router.
I can connect to several different VPN servers from any one of these PCs with
no problems. However, if an attempt is made to connect to a VPN server that
is already connected to a different PC on my network (even with different
user IDs), the connection stalls at the 'verifying user ID and password
stage' before eventually failing saying that the remote computer has dropped
the connect.
I would greatly appreciate any suggestions. TIA

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

"pantechnicon" <pantechnicon @discussions.microsoft.com> wrote in message
news:1D75FABC-A8EE-4DD7-AD0B-EF81BE12E9F6@microsoft.com...
> I have a home network of 3 PCs connected to the internet via an ADSL
> router.
> I can connect to several different VPN servers from any one of these PCs
> with
> no problems. However, if an attempt is made to connect to a VPN server
> that
> is already connected to a different PC on my network (even with different
> user IDs), the connection stalls at the 'verifying user ID and password
> stage' before eventually failing saying that the remote computer has
> dropped
> the connect.

This is pretty much a limitation of the NAT technology in home routers, and
the VPN network protocols, in which it is not possible to distinguish more
than one VPN client per VPN server/client IP address pair.

For instance, with PPTP, the GRE IP protocol does not have the concept of
source and destination port numbers, so it cannot distinguish which LAN
client any incoming GRE packet should be routed to. GRE packets with
identical source and destination IP addresses cannot be distinguished in a
NAT router. When NAT routers do PPTP-passthrough the best that they can do
is associate a single remote IP address with a single LAN client.

The simple answer might be that you cannot easily do what you are trying to
do, with PPTP.

I don't know (yet) whether L2TP with NAT-traversal suffers from the same
problems, but I intend to find out.

--
Robin Walker
rdhw@cam.ac.uk

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Thanks Robin, my router supports L2TP so I see if I have any joy using that.
I presume the VPN servers will need configuring to use this instead of PPTP?

"Robin Walker" wrote:

> "pantechnicon" <pantechnicon @discussions.microsoft.com> wrote in message
> news:1D75FABC-A8EE-4DD7-AD0B-EF81BE12E9F6@microsoft.com...
> > I have a home network of 3 PCs connected to the internet via an ADSL
> > router.
> > I can connect to several different VPN servers from any one of these PCs
> > with
> > no problems. However, if an attempt is made to connect to a VPN server
> > that
> > is already connected to a different PC on my network (even with different
> > user IDs), the connection stalls at the 'verifying user ID and password
> > stage' before eventually failing saying that the remote computer has
> > dropped
> > the connect.
>
> This is pretty much a limitation of the NAT technology in home routers, and
> the VPN network protocols, in which it is not possible to distinguish more
> than one VPN client per VPN server/client IP address pair.
>
> For instance, with PPTP, the GRE IP protocol does not have the concept of
> source and destination port numbers, so it cannot distinguish which LAN
> client any incoming GRE packet should be routed to. GRE packets with
> identical source and destination IP addresses cannot be distinguished in a
> NAT router. When NAT routers do PPTP-passthrough the best that they can do
> is associate a single remote IP address with a single LAN client.
>
> The simple answer might be that you cannot easily do what you are trying to
> do, with PPTP.
>
> I don't know (yet) whether L2TP with NAT-traversal suffers from the same
> problems, but I intend to find out.
>
> --
> Robin Walker
> rdhw@cam.ac.uk
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Did you test it with L2TP and NAT-T?

It would be interesting for me if it has the same behaviour.

"pantechnicon" wrote:

> Thanks Robin, my router supports L2TP so I see if I have any joy using that.
> I presume the VPN servers will need configuring to use this instead of PPTP?
>
> "Robin Walker" wrote:
>
> > "pantechnicon" <pantechnicon @discussions.microsoft.com> wrote in message
> > news:1D75FABC-A8EE-4DD7-AD0B-EF81BE12E9F6@microsoft.com...
> > > I have a home network of 3 PCs connected to the internet via an ADSL
> > > router.
> > > I can connect to several different VPN servers from any one of these PCs
> > > with
> > > no problems. However, if an attempt is made to connect to a VPN server
> > > that
> > > is already connected to a different PC on my network (even with different
> > > user IDs), the connection stalls at the 'verifying user ID and password
> > > stage' before eventually failing saying that the remote computer has
> > > dropped
> > > the connect.
> >
> > This is pretty much a limitation of the NAT technology in home routers, and
> > the VPN network protocols, in which it is not possible to distinguish more
> > than one VPN client per VPN server/client IP address pair.
> >
> > For instance, with PPTP, the GRE IP protocol does not have the concept of
> > source and destination port numbers, so it cannot distinguish which LAN
> > client any incoming GRE packet should be routed to. GRE packets with
> > identical source and destination IP addresses cannot be distinguished in a
> > NAT router. When NAT routers do PPTP-passthrough the best that they can do
> > is associate a single remote IP address with a single LAN client.
> >
> > The simple answer might be that you cannot easily do what you are trying to
> > do, with PPTP.
> >
> > I don't know (yet) whether L2TP with NAT-traversal suffers from the same
> > problems, but I intend to find out.
> >
> > --
> > Robin Walker
> > rdhw@cam.ac.uk
> >
> >
> >