Really weird VPN issues

HvRooyen

HvRooyen

Senior Member
Joined
Aug 14, 2006
Messages
590
Reaction score
96
Location
Bloemfontein
(Posting in this area because I suspect the problem may be due to changes on MTN network)

Over the last few months I have noticed that my VPN connection to home has gone flaky:
I would open an internet connection from my laptop over a tethered HTC Touch Pro (WinMo 6.1), then VPN to my home network. Internet browsing works fine, VPN connection to home network comes up fine, able to ping machines both ways, but then unable to browse machines on home network - it seems an initial connection is made (e.g. VNC would ask for a password, or title bar of web page will load), but then grinds to a halt after a few bytes / KB. All this while internet browsing and ping in both directions are still fine!

Everything works fine if I bypass the phone (connect via USB modem or via Vodacom network), but I am pretty certain this was not a problem earlier - only developed during the past few months. Did MTN change anything on the network that may cause this? Can this be due to "double NAT'ing"? If so, is there anything I can do about it?

The issue seems unrelated to:
Connection type - can be either via PPTP to router or OpenVPN to linux box on network (!)
MTN apn used - occurs with both "internet" and "mtnvpn"
OS on either side (Windows XP / 7 / Ubuntu)
Phone settings - problem persists in spite of reset to factory defaults.

Any ideas?

Thx
 
Last edited:
When you connect to the VPN are you on the same subnet?
If not you can look at your routing.
 
No. The IP given to me by MTN is different (also consider the VPN works with connections other than my tethered phone).
What leaves me stumped is why pinging (even repeatedly) works both ways, but other things like VNC grind to a halt after an initial connection is established.

Edit:
Re-reading your post, I understand you may mean am I on the home network subnet after connecting via VPN. In that case, yes.
 
Last edited:
And both connection either side have adequate throughput?
What if you ping your home but put a -l 2048 at the end of you ping command and see what happens...
D:\Documents and Settings\ryanc>ping exchange03 -l 2048

Pinging IP [192.168.196.46] with 2048 bytes of data:

Reply from 192.168.196.46: bytes=2048 time<1ms TTL=128
Reply from 192.168.196.46: bytes=2048 time<1ms TTL=128
Reply from 192.168.196.46: bytes=2048 time<1ms TTL=128
Reply from 192.168.196.46: bytes=2048 time<1ms TTL=128
 
ping 172.29.13.49 -s 2048
PING 172.29.13.49 (172.29.13.49) 2048(2076) bytes of data.
2056 bytes from 172.29.13.49: icmp_seq=1 ttl=64 time=369 ms
2056 bytes from 172.29.13.49: icmp_seq=2 ttl=64 time=368 ms
2056 bytes from 172.29.13.49: icmp_seq=3 ttl=64 time=367 ms
2056 bytes from 172.29.13.49: icmp_seq=4 ttl=64 time=377 ms
2056 bytes from 172.29.13.49: icmp_seq=5 ttl=64 time=388 ms
2056 bytes from 172.29.13.49: icmp_seq=6 ttl=64 time=376 ms
2056 bytes from 172.29.13.49: icmp_seq=7 ttl=64 time=358 ms
2056 bytes from 172.29.13.49: icmp_seq=8 ttl=64 time=386 ms
2056 bytes from 172.29.13.49: icmp_seq=9 ttl=64 time=339 ms
2056 bytes from 172.29.13.49: icmp_seq=10 ttl=64 time=386 ms
 
Had the same problem on my system and found that it was the firewall that did it. Try disabling the firewall on the machine that you are trying to VNC to and see if you get the desktop. The other issue that it could also be is that although you have made your vpn connection the router that you are connecting into might be blocking the data from reaching you. My cisco 877 router did that to me via the firewall. The moment i disabled the firewall my vpn traffic worked fine.
 
Have you setup your firewall with the relevant rules for you PPTP VPN to access port 5900 on your network.
 
Thanks guys.
Firewall on router not enabled.
One machine on network also has no firewall enabled, no difference.
Laptop (remote client) gives me no hassles if I connect via another wireless network.

The moment I take the SIM out of the phone and place it in a USB modem everything works 100%, so I believe the problem is not misconfiguration on my home network. If I don't bypass the MTN data proxy in my phone settings even internet browsing goes all flaky as soon as the VPN connects.

???
 
Im also not sure exactly how the MTN setup works but if you allow all ports on the firewall (disabled firewall) all the traffic will go through your home network via the VPN therfore making the connection slow because its doing a double loop.
Is this possible with your setup?
If unsure do a tracert to google or something.
 
Thanks Ry4n:
I am not convinced that this is my problem, but I am looking into it. At least traceroute has already has already shown me an issue with Ubuntu Netmanager's management of OpenVPN routes. Unfortunately I am in a low signal area till late, so that will probably be it for today.
 
HvRooyen said:
The moment I take the SIM out of the phone and place it in a USB modem everything works 100%, so I believe the problem is not misconfiguration on my home network. If I don't bypass the MTN data proxy in my phone settings even internet browsing goes all flaky as soon as the VPN connects.

???
Click to expand...

That's your answer then if it works inn a USB modem it means MTNs network is fine. Have you google to see if other people have problems with the model of phone?
 
Fair enough, but:
I managed to connect via this phone before - this seems to be a new issue.
I could find nothing regarding this issue on the net.

I thought a change in MTN's network / routing may have caused this. I have heard of issues like double NAT'ing and such which may cause similar symptoms (apparently the phone uses NAT for Internet Connection Sharing), but I do not know enough about routing / NAT to debug this alone. I was hoping someone with knowledge of MTN's network might point my nose in a useful direction.
 
Ry4n said:
Im also not sure exactly how the MTN setup works but if you allow all ports on the firewall (disabled firewall) all the traffic will go through your home network via the VPN therfore making the connection slow because its doing a double loop.
Is this possible with your setup?
If unsure do a tracert to google or something.
Click to expand...

Ry4n:
Managed to fix the routing issue (yes, at least in linux the routing was hijacked by the VPN in spite of my config files).
Did not fix the problem though....
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X