A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

VPN connection times out. DG834G or different ISPs?



 
 
Thread Tools Display Modes
  #1  
Old January 23rd 06, 01:28 AM posted to uk.comp.home-networking,uk.telecom.broadband
Stroller
external usenet poster
 
Posts: 80
Default VPN connection times out. DG834G or different ISPs?

Hi there,

I'm having a bit of a problem with an intermittent VPN connection
between two Netgear DG834G routers and was wondering if anyone in a
similar situation can share experiences.

Basically, when the connection works it does so great, allowing
computers on one LAN to see network shares & printers on the other. But
for many hours at a time the VPN doesn't work at all.

Looking at the logs of one of the routers I see:

Thu, 2006-01-19 18:06:45 - added connection description "WibbleCo"
Thu, 2006-01-19 18:06:45 - adding interface ipsec0/ppp0 123.123.123.123
Thu, 2006-01-19 18:06:55 - [WibbleCo] terminating SAs using this
connection
Thu, 2006-01-19 18:06:56 - [WibbleCo] initiating Main Mode
Thu, 2006-01-19 18:07:06 - [WibbleCo] STATE_MAIN_I1: retransmission;
will wait 20s for response
Thu, 2006-01-19 18:07:26 - [WibbleCo] STATE_MAIN_I1: retransmission;
will wait 40s for response
Thu, 2006-01-19 18:08:06 - [WibbleCo] max number of retransmissions
reached STATE_MAIN_I1. No acceptable response to our first IKE message
Thu, 2006-01-19 18:08:12 - [WibbleCo] terminating SAs using this
connection
Thu, 2006-01-19 18:08:13 - [WibbleCo] initiating Main Mode
Thu, 2006-01-19 18:08:23 - [WibbleCo] STATE_MAIN_I1: retransmission;
will wait 20s for response
Thu, 2006-01-19 18:08:43 - [WibbleCo] STATE_MAIN_I1: retransmission;
will wait 40s for response
Thu, 2006-01-19 18:09:23 - [WibbleCo] max number of retransmissions
reached STATE_MAIN_I1. No acceptable response to our first IKE message

This continues for several hours or for a day or two, until the VPN
decides to reconnect:

Thu, 2006-01-19 18:27:18 - added connection description "WibbleCo"
Thu, 2006-01-19 18:27:18 - adding interface ipsec0/ppp0 12.12.12.12
Thu, 2006-01-19 18:27:28 - [WibbleCo] terminating SAs using this
connection
Thu, 2006-01-19 18:27:29 - [WibbleCo] initiating Main Mode
Thu, 2006-01-19 18:27:39 - [WibbleCo] STATE_MAIN_I1: retransmission;
will wait 20s for response
Thu, 2006-01-19 18:27:59 - [WibbleCo] STATE_MAIN_I1: retransmission;
will wait 40s for response
Thu, 2006-01-19 18:28:39 - [WibbleCo] max number of retransmissions
reached STATE_MAIN_I1. No acceptable response to our first IKE message
Thu, 2006-01-19 18:28:45 - [WibbleCo] terminating SAs using this
connection
Thu, 2006-01-19 18:28:46 - [WibbleCo] initiating Main Mode
Thu, 2006-01-19 18:28:56 - [WibbleCo] STATE_MAIN_I1: retransmission;
will wait 20s for response
Thu, 2006-01-19 18:29:16 - [WibbleCo] STATE_MAIN_I1: retransmission;
will wait 40s for response
Thu, 2006-01-19 18:29:17 - [WibbleCo] responding to Main Mode
Thu, 2006-01-19 18:29:17 - [WibbleCo] sent MR3, ISAKMP SA established
Thu, 2006-01-19 18:29:17 - [WibbleCo] responding to Quick Mode
Thu, 2006-01-19 18:29:19 - [WibbleCo] IPsec SA established
Thu, 2006-01-19 18:29:56 - [WibbleCo] max number of retransmissions
reached STATE_MAIN_I1. No acceptable response to our first IKE message
Thu, 2006-01-19 18:37:58 - [WibbleCo] DPD: No response from peer -
declaring peer dead
Thu, 2006-01-19 18:38:10 - [WibbleCo] terminating SAs using this
connection
Thu, 2006-01-19 18:38:12 - [WibbleCo] initiating Main Mode
Thu, 2006-01-19 18:38:12 - [WibbleCo] ISAKMP SA established
Thu, 2006-01-19 18:38:13 - [WibbleCo] sent QI2, IPsec SA established
Thu, 2006-01-19 18:38:38 - [WibbleCo] received Delete SA payload:
deleting ISAKMP State #5
Thu, 2006-01-19 18:38:48 - [WibbleCo] IPsec SA expired
Thu, 2006-01-19 18:38:53 - [WibbleCo] terminating SAs using this
connection
Thu, 2006-01-19 18:38:54 - [WibbleCo] initiating Main Mode
Thu, 2006-01-19 18:38:54 - [WibbleCo] ISAKMP SA established
Thu, 2006-01-19 18:38:55 - [WibbleCo] sent QI2, IPsec SA established

Now I believe this is a simple internet-conjestion / latency / time-out
sort of issue, but I've never installed a VPN before, so I'd really like
feedback from others in a similar situation.

The problem is that the customer asked me to set up her new office
network for her (having set up her home previously), told me she'd
already ordered AOL ADSL and *then* told me she'd like to access from
the office files on her network share at home. She's on BT broadband at
home.

My gut instinct is that if both routers were on the same ISP -
preferably a good quality ISP like Eclipse or A&A - then the VPN would
work great all the time, but I don't want to be in a position in which I
recommend this, she spends big money to buy out of her 12-month contract
with AOL and then it doesn't work.

So is anyone using VPN between two DG834Gs successfully, please?
Has anyone had problems with a VPN between routers on different ISPs?
(and did you resolve this by changing ISP?)
Is anyone with an ISP who will stand up & say "hey, we support VPNs?"
(Ha! Yeah, right!)

The two routers are set up with one shifted onto a different subnet from
the default, as described in the manual, then as "mirrors" of each other
using the VPN wizard. They use dyndns accounts to give resolvable
hostnames & often one can ping the other site when the VPN is down.
Because the VPN works (about) half the time I can't see a configuration
issue.

Thanks for any advice,

Stroller.
  #2  
Old January 23rd 06, 06:58 AM posted to uk.comp.home-networking,uk.telecom.broadband
Grumps
external usenet poster
 
Posts: 107
Default VPN connection times out. DG834G or different ISPs?

Stroller wrote:
Hi there,

I'm having a bit of a problem with an intermittent VPN connection
between two Netgear DG834G routers and was wondering if anyone in a
similar situation can share experiences.

Basically, when the connection works it does so great, allowing
computers on one LAN to see network shares & printers on the other.
But for many hours at a time the VPN doesn't work at all.

detail snipped

Whilst I can't comment directly upon your situation, I had a DG814 router
(firmware 4.11) which I never had much luck when making two VPN connections.
They would never both stay connected, and even one would not last that long.
I then tried a very cheap router from Addon. This has been working (and
connected) for the last 9 days.
No other hardware or software was changed at this time.


  #3  
Old January 23rd 06, 12:07 PM posted to uk.comp.home-networking,uk.telecom.broadband
Stroller
external usenet poster
 
Posts: 80
Default VPN connection times out. DG834G or different ISPs?

In article ,
"Grumps" wrote:

Stroller wrote:
Hi there,

I'm having a bit of a problem with an intermittent VPN connection
...
Basically, when the connection works it does so great, allowing
computers on one LAN to see network shares & printers on the other.
But for many hours at a time the VPN doesn't work at all.

detail snipped

Whilst I can't comment directly upon your situation, I had a DG814 router
(firmware 4.11) which I never had much luck when making two VPN connections.
They would never both stay connected, and even one would not last that long.


Hi,

Thanks for your reply. You experienced this problem using two DG814s,
both connected to the same ISP?

I then tried a very cheap router from Addon. This has been working (and
connected) for the last 9 days.


That wouldn't be this one, would it? http://tinyurl.com/88px2
From the photo it looks distinctly like the Conexant one also sold by
Sweex and other "brands". I've found these a real PITA to set up in the
past (and swore I'd never touch one again, but I might have to withdraw
that if they'd fix my problem!!)

Stroller.
  #4  
Old January 23rd 06, 03:27 PM posted to uk.comp.home-networking,uk.telecom.broadband
Grumps
external usenet poster
 
Posts: 107
Default VPN connection times out. DG834G or different ISPs?

Stroller wrote:
In article ,
"Grumps" wrote:

Stroller wrote:
Hi there,

I'm having a bit of a problem with an intermittent VPN connection
...
Basically, when the connection works it does so great, allowing
computers on one LAN to see network shares & printers on the other.
But for many hours at a time the VPN doesn't work at all.

detail snipped

Whilst I can't comment directly upon your situation, I had a DG814
router (firmware 4.11) which I never had much luck when making two
VPN connections. They would never both stay connected, and even one
would not last that long.


Hi,

Thanks for your reply. You experienced this problem using two DG814s,
both connected to the same ISP?


No. I was using a DG814, the other end was using a BT provided box. The ISPs
are different too.

I then tried a very cheap router from Addon. This has been working
(and connected) for the last 9 days.


That wouldn't be this one, would it? http://tinyurl.com/88px2


No. My box is black with the number Addon ARM8100. I haven't seen it online
recently. It was given to me by my IT manager for use at home.

From the photo it looks distinctly like the Conexant one also sold by
Sweex and other "brands". I've found these a real PITA to set up in
the past (and swore I'd never touch one again, but I might have to
withdraw that if they'd fix my problem!!)




  #5  
Old January 23rd 06, 04:35 PM posted to uk.comp.home-networking,uk.telecom.broadband
K. A. Nuttall
external usenet poster
 
Posts: 8
Default VPN connection times out. DG834G or different ISPs?

Grumps wrote in article :

I had a DG814 router
(firmware 4.11)


4.11? Where did you get that from, please? The latest on the support
site has been 4.10 for years.

--
K. A. Nuttall
www.yammer.co.uk
Re-type the e-mail address how it sounds, remove .invalid
  #6  
Old January 23rd 06, 06:56 PM posted to uk.comp.home-networking,uk.telecom.broadband
Grumps
external usenet poster
 
Posts: 107
Default VPN connection times out. DG834G or different ISPs?

K. A. Nuttall wrote:
Grumps wrote in article :

I had a DG814 router
(firmware 4.11)


4.11? Where did you get that from, please? The latest on the support
site has been 4.10 for years.


Oops! My bad. 4.10 is what I was running. Funny thing is that I even checked
to see what version it had before I posted. I still got it wrong!


  #7  
Old January 23rd 06, 08:32 PM posted to uk.comp.home-networking,uk.telecom.broadband
alexd
external usenet poster
 
Posts: 1,765
Default VPN connection times out. DG834G or different ISPs?

Stroller wrote:

Is anyone with an ISP who will stand up & say "hey, we support VPNs?"
(Ha! Yeah, right!)


There are ISPs out there who will support VPNs - but usually only if you buy
VPN routers, circuits and a maintenance contract from them. How much is
this VPN worth to your customer?

--
http://ale.cx/ (AIM:troffasky) )
20:31:17 up 8 days, 46 min, 4 users, load average: 0.11, 0.11, 0.09
This is my BOOOOOOOOOOOOOOOOOOOOOMSTICK

  #8  
Old January 24th 06, 01:54 AM posted to uk.comp.home-networking,uk.telecom.broadband
Stroller
external usenet poster
 
Posts: 80
Default VPN connection times out. DG834G or different ISPs?

In article , alexd
wrote:

Stroller wrote:

Is anyone with an ISP who will stand up & say "hey, we support VPNs?"


There are ISPs out there who will support VPNs - but usually only if you buy
VPN routers, circuits and a maintenance contract from them. How much is
this VPN worth to your customer?


Good question. Any such ISPs that spring to mind? I'd be glad to do some
homework & present the choice to my customer.

Stroller
  #9  
Old January 24th 06, 07:01 AM posted to uk.comp.home-networking,uk.telecom.broadband
Grumps
external usenet poster
 
Posts: 107
Default VPN connection times out. DG834G or different ISPs?

Stroller wrote:
In article , alexd
wrote:

Stroller wrote:

Is anyone with an ISP who will stand up & say "hey, we support
VPNs?"


There are ISPs out there who will support VPNs - but usually only if
you buy VPN routers, circuits and a maintenance contract from them.
How much is this VPN worth to your customer?


Good question. Any such ISPs that spring to mind? I'd be glad to do
some homework & present the choice to my customer.


When I first had my issues with dropping VPN connections I asked my ISP,
Nildram, and they said there was nothing at their end that was causing the
problem. The other end of my VPN is through Mistral; and they have
definitely confirmed that they support VPN.


  #10  
Old January 24th 06, 09:59 AM posted to uk.comp.home-networking,uk.telecom.broadband
Adam Piggott
external usenet poster
 
Posts: 49
Default VPN connection times out. DG834G or different ISPs?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stroller wrote:
Hi there,

I'm having a bit of a problem with an intermittent VPN connection
between two Netgear DG834G routers and was wondering if anyone in a
similar situation can share experiences.

snip
The problem is that the customer asked me to set up her new office
network for her (having set up her home previously), told me she'd
already ordered AOL ADSL and *then* told me she'd like to access from
the office files on her network share at home. She's on BT broadband at
home.


Sometimes the customers that say "I just want you to sort out everything"
make you glad...especially when others go and (con)sign themselves to AOL
for a year!


My gut instinct is that if both routers were on the same ISP -
preferably a good quality ISP like Eclipse or A&A - then the VPN would
work great all the time, but I don't want to be in a position in which I
recommend this, she spends big money to buy out of her 12-month contract
with AOL and then it doesn't work.


Well it's especially so with AOL, they seem to like traffic filtering
(HTTP, SMTP etc.) and otherwise generally messing with anything between the
originating PC and it's traffic's destination.


So is anyone using VPN between two DG834Gs successfully, please?
Has anyone had problems with a VPN between routers on different ISPs?
(and did you resolve this by changing ISP?)
Is anyone with an ISP who will stand up & say "hey, we support VPNs?"
(Ha! Yeah, right!)


A&A are geared up to provide proper "technical" tech support and have a no
bull**** policy, i.e. if a staff member doesn't know something they say so,
then find it out. I'm also pretty sure they can help with such issues by
running a packet trace on the line. They also quite often stand up and say
"hey, we support xyz!" where xyz can be all number of things :-)


The two routers are set up with one shifted onto a different subnet from
the default, as described in the manual, then as "mirrors" of each other
using the VPN wizard. They use dyndns accounts to give resolvable
hostnames & often one can ping the other site when the VPN is down.
Because the VPN works (about) half the time I can't see a configuration
issue.


Have you tried taking dyndns out of the equation, just in case? It's
interesting how when it "works", it says the SA is established but then
goes on to say there's no response to "our first IKE message".
What sort of packet loss do you get from one host to the other, does it
seem clear and consistent?

One thing I've found with various router manufacturers is something wrong
that doesn't make sense is often fixed by doing a factory restore to
default settings. Thus the quality of these things is proven ;-)

HTH

Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFD1fp/7uRVdtPsXDkRAt+2AJ9SUWQLdXPEfkJe6jqo9QwFvtPoEwCdEp EL
YDztYdbzJEydF+yITKoBXUo=
=88B3
-----END PGP SIGNATURE-----
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Plusnet's 2mb/s is slower then it's 512 kb/s connection and being5.5 times slower then Pipex - why? Dee uk.telecom.broadband (UK broadband) 52 June 5th 05 11:48 PM
ZEN retention times not.sure uk.telecom.broadband (UK broadband) 0 December 11th 03 10:28 PM
ZEN retention times NAZGUL uk.telecom.broadband (UK broadband) 0 December 11th 03 09:41 PM
Support Resposne Times Kimball K Kinnison uk.telecom.broadband (UK broadband) 3 November 27th 03 09:27 PM


All times are GMT +1. The time now is 11:54 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.