*!@#%$?

Discussion in 'Tech Heads' started by Solayce, Aug 25, 2006.

  1. Solayce

    Solayce Would you like some making **** BERSERKER!!! Staff Member

    Post Count:
    21,660
    A home wireless router (Linksys) wouldn't block a VPN connection would it?

    I have a user that was definitely having problems yesterday. She is in our software dev team, so like all linux/unix users it is against her religion to reboot in XP and she winds up getting some of the weirdest problems because of that. Even though I have personally told her about 5 times in the past 1.5 months that she needs to, she doesn't do it. You would figure a software engineer would have some idea of what a fuckin' memory leakage is ffs. Anyway, sorry for the rant. We thought we had it figured out, with a simple VPN client reinstall yesterday. When it left my hands, it worked. Last night she sent an email to the help desk system from home saying no go again. She brought it back in, and as far as all our tests, we can not replicate the problem. Ideas? Other than a flavored .357 barrel...
     
  2. Quintain

    Quintain TZT Abuser

    Post Count:
    9,345
    VPN connections over wireless shouldn't be any different than normal wireless connections (I can do so quite readily from my work laptop).

    I'd look at her wireless network card and see if the drivers are up to date. There were some serious problems with wireless drivers and SP2 that needed redoing.
     
  3. Chemosh

    Chemosh TZT Addict

    Post Count:
    4,404
    Can you be a bit more specific? All I got out of this is possible a router is blocking a VPN connection? and that you can't reproduce this. How about what she is doing step by step, programs that are running and how the setup is. Do they have any firewalls? Are the ports open on the router?
     
  4. Solayce

    Solayce Would you like some making **** BERSERKER!!! Staff Member

    Post Count:
    21,660
    Unfortunately I don't know. It is only happening at her house.
     
  5. Chemosh

    Chemosh TZT Addict

    Post Count:
    4,404
    Well if she wants help on this, tell her to write down word for word what she's doing. How she has her firewall setup. Make sure all the ports are open. What programs she's using. Antivirus etc... That's like her going to a Mechanic and


    Her: My car is broke
    Them: What's broke
    Her: I dunno
    Them: Can we see it?
    Her: Nah, I need it still
    Them: WTF do you want me to do?
     
  6. Quintain

    Quintain TZT Abuser

    Post Count:
    9,345
    It's doubtful that outgoing ports are blocked.

    I'd ask her if she is able to make a wired vpn connection through her router, or if the problem is just wireless.
     
  7. Solayce

    Solayce Would you like some making **** BERSERKER!!! Staff Member

    Post Count:
    21,660
    Whoops thought I had updated that. Guess I got too busy today. Ya, I basically gave her some homework to go home and try to connect both wired and wirelessly; for the wired I told her to check both with and without the router. On a side note, we experienced this problem with another user today (eating up a lot of time) so that makes 3 in the last 1.5 months. For a 250ish person operation we are starting to think our CISCO software maybe the problem, so we are looking into that as well. Thanks for the guidance guys. Have a good weekend.
     
  8. Daliak

    Daliak TZT Regular

    Post Count:
    893
    NAT can definately mess with VPN. I've had troubles with my NAT rules not doing something correctly for some UDP portion of VPN. Unfortunately I don't remember what all I did to fix it, it was a bit of a hassle. Anyway if the dev is behind a router at home it could very well be the router not routing something correctly that comes from the server to the client for the VPN connection crap.

    http://www.tomsnetworking.com/2003/05/20/how_to_vpn_firewall/

    That has some useful info on various Firewall/Routing considerations in regards to VPN.
     
  9. Solayce

    Solayce Would you like some making **** BERSERKER!!! Staff Member

    Post Count:
    21,660
    Perfect Dal. I know she is using a Linksys, but not the model. If it turns out to be the router, I may send her that page.
     
  10. krullkar

    krullkar TZT Addict

    Post Count:
    3,987
    I didn't really read any of this post, so take what I say with a grain of salt.

    Jump on your border firewall, and dump for the users public IP. Generally, if they are having issues connecting, you won't see response packets for the UDP portion of the connection (I know, I know... I should know more about the different phases of IPSEC VPN communication). For us, it's the UDP/10000 traffic that I won't see come from users home networks.

    Look into NAT traversal - there should be an option on the router for that.

    Don't think it's an issue with your Cisco solution. We use Nortel, and experience the same woes.
     
  11. Jackpanel

    Jackpanel TZT Abuser

    Post Count:
    7,070
    I get the exact same problem with a guy from my old company, trying a VPN connection into one of those network appliance box thingies. A local computer store lost his laptop when he took it in for a touchpad replacement. The old laptop used to connect to the VPN with no problems, but now I cannot get the new one connecting again on the replacement laptop after 2+ months of trying.

    I've tried getting him to disable all XP firewalls, tried a direct connection to the net instead of through a router (even though same router as before), and nothing seems to work. It lets him connect, then as soon as he tries to do anything, it disconnects immediately. Its even more frustrating because he sucks at following instructions, so I can't trust that he's doing what I tell him to try, and he lives an hour away, so I can't try it directly from his home.
     
  12. Solayce

    Solayce Would you like some making **** BERSERKER!!! Staff Member

    Post Count:
    21,660
    Ya, I can't really trust my user either. After doing some research further on this, we talked to our NetSec guys and are considering a client/server software upgrade. We are still using like 4.6, but there is at least a 4.8 out there. We are leaning more to it being a client issue.