Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Citrix Secure Access VPN keeps disconnecting on DSL 1

Status
Not open for further replies.
ict2000

ict2000

Technical User
Apr 6, 2006
26
0
0
AU
Hi,

I have Windows XP SP2, and DSL at home. When I use Internet alone, there is no issue. When I connect to a remote site using Citrix Secure Access VPN, it connects ok. After a couple of minutes (sometimes it varies), VPN loses connection and internet connection also drops off. VPN then reconnects very quickly, same as the Internet. But the problem is all my Citrix client applications hang and take a long time to reconnect.

What do you suggest to do to fix the disconnection problem? Other people connect to the same VPN site without any problem.

Thanks in advance.
 
Sort by date Sort by votes
Hi Darren,

What MTU size do you think I should set? According to the document, the default MTU for XP is 1400 bytes for VPN connections.

Thanks again for answering the question.
 
Upvote 0 Downvote
Hi Darren,

I followed the second document and got a value of 1464. Then followed the first document from MS to set the MTU of 1464 in the registry. But VPN is still disconnecting.

Should I try lowering the value of 1464 for MTU even further? If you think so, should I decrease by 1 or 10?

Thank you.
 
Upvote 0 Downvote
Hi there,

Try taking the MTU down to 1400 and see what happens.. FYI, I would try increments of 10...

Darren Campbell
Technical Design Architect
 
Upvote 0 Downvote
Hi Darren,

There is still no luck for me. I have tried all these values 1400, 1390 and 1380 for MTU and the disconnection still happens.

I also downloaded DR.TCP utility (as mentioned in FAQ) to set the MTU, but it still does not fix the problem.

What else can I try?
 
Upvote 0 Downvote
I tried Method 1 (EnablePMTUBHDetect) but the disconnection still happens. will try Method 3 and let you know.
 
Upvote 0 Downvote
I have now tried Method 3 to set MTU for the network connection, starting from a value of 1464 and keep decreasing by 10, even sometimes by 40 or 50. But the disconnection problem still happens. It is a frustrating process to do because every time I set a new value for MTU I have to restart the pc and it takes a lot of time.

How far down should I keep going? Is the process going to give me a solution?
 
Upvote 0 Downvote
Take a look at this and see if any of this applys to your setup.
My idea is that you are getting a timeout when your try to launch a particular application. Take a look at where they changed the scope of addresses that the example uses. Are you allowing enough range in your scope to make all the connections that the vpn allows? .
G8orade
 
Upvote 0 Downvote
My setup is very similar to the document, except that I use Symantec Client Firewall, instead of Windows Firewall. My system admin did not require that I had to do anything specific regarding the IP range (as in step 10d.). Thus I do not know what IP range to enter here. Do I have to do that although net6vpn already has Permit All access?

Please note that VPN disconnects even when I do not do anything, not when I try to launch an application.

What else am I missing?
 
Upvote 0 Downvote
If you are using the Symantec Client firewall then I would ask your admin to define the ports that you need open. If you are making the connection and it randomly works then to me its sounding more like an issue with firewall. For example to run a cisco vpn on a windowsxp sp2 machine you would either have to open the ports needed or allow as in the example a scope of addresses. Have you tried disabling the Firewall temporarly and see if the problem goes away.
G8orade
 
Upvote 0 Downvote
I have tried disabling the Firewall and VPN still disconnects.

I suspect there is some conflict in the IP address but I am not an expert in this area. What I found is while VPN connects, in Windows Event Viewer, System log, it shows repeatedly the following Warning every minute:

"Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address xxxxxxxx. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server."

After a while, the following Error occurs in System log:

"Your computer has lost the lease to its IP address x.x.x.x on the Network Card with network address xxxxxxxxxx."

That is when my pc loses connections with the vpn server and the Internet.

Can you tell what is happening here?
 
Upvote 0 Downvote
I would try a static ip locally. But before you do that go to command prompt and at prompt type in ipconfig /all, this should show you the ip address of the machine and the dns servers that are used. Then go to properties on network places and configure ip manually using a number that is greater than the number of your leased ip. example if IP is 192.168.1.25 then use 192.168.1.225. This should get you out of the dhcp scope that most home routers use. Then plug in subnet mask and gateway that matches the ipconfig /all list, next enter the dns numbers. Try this and see if it works.
G8orade
 
Upvote 0 Downvote
I think as a DSL customer, changing a dynamic IP address to a fixed IP is not what my ISP recommends. But I did try applying your method, but an error occurs saying something like "the combination of IP address and subnet mask is invalid.... ". Also I do not have a router, just a DSL modem.
 
Upvote 0 Downvote
And my bet is this. The DSL modem is USB? Does the ISP allow you to go into the DSL modem" Sounds more like a settings issue on the DSL modem. Is this a westel modem? Netopia? or some other brand.
G8orade
 
Upvote 0 Downvote
It is a D-Link Ethernet and USB modem. I called my ISP and they said it could be a problem with the VPN client, Citrix Secure Access and not their problem.

Keep in mind that when I get onto the Internet alone, there is no disconnection issue. The problem only happens when I connect to VPN. I used to connect to another VPN without any problem in the past with the same modem.

What setting on the modem are you talking about?
 
Upvote 0 Downvote
If you were connecting to another vpn was it the same client? Have you uninstalled and reinstalled the client? Was the other vpn client a citrix client? If not then you may have to uninstall it. Citrix sometimes doesnt work well with other clients. ( And same could be said for other clients not working with Citrix) If you were using another vpn client before, then I agree with your ISP that its computer related and not modem specific. But lastly, what is your help-desk saying or offering as a solution? Not once have you mentioned them offering any assistance. Normaly our IT shop gives end users support. I am not familiar with the citrix client but am assuming that its a web based client.
G8orade
 
Upvote 0 Downvote
I am not at all familiar with the Citrix client, but the error messeage provided earlier provides a real clue as to what is going on.

Your DHCP lease is expiring during the connection and your computer is not able to obtain a new lease. Again, no experience with the Citrix client, but I am betting that it is forcing all network traffice (not just TCP/IP) over the VPN. As a result, the DHCP request is being sent to the VPN host network instead of your ISP.

Given the frequency of your problem, it sounds like your ISP is giving a short lease period. As a short term solution, you might try "ipconfig /release" followed by "ipconfig /renew" immediately before you connect to the VPN. As more of a long term solution, adding a router to your setup should also help. This would allow you to set a static private IP on your computer. The router should still be able to connect to the appropriate DHCP server even while you are connected to the VPN, as it would be outside of its scope.

I would think others would be having this problem, but have not heard of it. Perhaps there is a newer version of the client available?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
305
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Question
Best vpn safe and fast
Replies
4
Views
196
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
F
  • Question
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
0
Views
1K
FrankSider12
F
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
125
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top