|
Home > Archive > VPN > October 2005 > VPN over GPRS not working?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
VPN over GPRS not working?
|
|
| Kai Schaetzl 2005-09-28, 8:47 pm |
| I'm trying to establish a VPN tunnel from my laptop over GPRS to my office
LAN. VPN works fine from broadband or dialup, but GPRS fails.
Client is Windows XP, Server is pptpd/pppd on a Snapgear appliance, mobile
provider is O2 Germany.
It seems the GPRS connection works via NAT and that this may be the cause
of the problem. The log shows "LCP: timeout sending Config-Requests" which
might also indicate that my side couldn't answer because of NAT.
Is there anything I can do about that concerning the server configuration?
I do have good knowledge about Linux and partly about networking but
exactly none about pptpd/pppd, I just use the web interface provided by
the router. I can edit configuration files (pptpd.conf and options.pptp as
I understand) directly if necessary.
Other possible causes might be MTU or the GPRS gateway not allowing highly
encrypted authentication. I tried everything down to even no
authentication, nothing worked over GPRS. MTU seems to be at normal 1500.
So, I think both are not relevant here.
Kai
| |
| Mike Drechsler - SPAM PROTECTED EMAIL 2005-09-29, 5:53 pm |
| Kai Schaetzl wrote:
> I'm trying to establish a VPN tunnel from my laptop over GPRS to my office
> LAN. VPN works fine from broadband or dialup, but GPRS fails.
>
> Client is Windows XP, Server is pptpd/pppd on a Snapgear appliance, mobile
> provider is O2 Germany.
> It seems the GPRS connection works via NAT and that this may be the cause
> of the problem. The log shows "LCP: timeout sending Config-Requests" which
> might also indicate that my side couldn't answer because of NAT.
>
> Is there anything I can do about that concerning the server configuration?
> I do have good knowledge about Linux and partly about networking but
> exactly none about pptpd/pppd, I just use the web interface provided by
> the router. I can edit configuration files (pptpd.conf and options.pptp as
> I understand) directly if necessary.
>
> Other possible causes might be MTU or the GPRS gateway not allowing highly
> encrypted authentication. I tried everything down to even no
> authentication, nothing worked over GPRS. MTU seems to be at normal 1500.
> So, I think both are not relevant here.
>
> Kai
>
Nothing you can do but complain to the GPRS service provider.
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
| |
| Kai Schaetzl 2005-09-29, 5:53 pm |
| Mike Drechsler - SPAM PROTECTED EMAIL schrieb am Thu, 29 Sep 2005 19:29:00
GMT:
> Nothing you can do but complain to the GPRS service provider.
Figured that, thanks!
Kai
| |
| Martin Bodenstedt 2005-09-30, 2:46 am |
| Mike Drechsler - SPAM PROTECTED EMAIL schrieb:
> Kai Schaetzl wrote:
[vbcol=seagreen]
> Nothing you can do but complain to the GPRS service provider.
I don't think so.
NAT on the client side normally is no problem.
The long latency of the link could be a problem however - and that is
intrinsic to IP traffic over GSM (with/out GPRS)...
--
Martin Bodenstedt
www.maboko.de / www.die-bodenstedts.de
| |
| Konstantinos Agouros 2005-10-01, 5:47 pm |
| In <0gX_e.9959$1M7.8762@fe12.news.easynews.com> Mike Drechsler - SPAM PROTECTED EMAIL <mike-newsgroup@-DELETETHISPART-.upcraft.com> writes:
[vbcol=seagreen]
>Kai Schaetzl wrote:
Are You sure, that Your VPN-Software can cope with NAT-traversal?
Microsoft PPTP stuff uses GRE and this can not be natted.
Konstantin
--
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres
| |
| Mike Drechsler - SPAM PROTECTED EMAIL 2005-10-01, 5:47 pm |
| Konstantinos Agouros wrote:
> In <0gX_e.9959$1M7.8762@fe12.news.easynews.com> Mike Drechsler - SPAM PROTECTED EMAIL <mike-newsgroup@-DELETETHISPART-.upcraft.com> writes:
>
>
>
>
> Are You sure, that Your VPN-Software can cope with NAT-traversal?
> Microsoft PPTP stuff uses GRE and this can not be natted.
>
> Konstantin
Yes it can be "natted" if the device has an application layer gateway
for the pptp protocol. A great many consumer level routers using NAT
have supported an ALG for PPTP for many years. The hard part is
supporting multiple simultaneous sessions through the NAT gateway but
there have been implementations that seem to work with multiple PPTP
sessions active at the same time so it's not impossible.
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
|
|
|
|
|