Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Client packet loss

Status
Not open for further replies.
bobbyd

bobbyd

Technical User
Jul 14, 2000
3
0
0
NL
Hi all,

I have setup a vpn solution using Windows 2000 server, and a satellite internet connection. The satellite provider definately accepts vpn connections (they even ask which methodology to allow)

The problem I am experiencing is that when a client connects they are experiencing a 50% packet loss when pinging the internal network. This results in a very slow connection. I have tried the client using a 56k modem and ADSL connection with the same result.

Can anyone help?
 
Sort by date Sort by votes
It sounds like an MTU problem. Read my FAQ, faq463-3139, and see if that helps.

Sc0tt99
 
Upvote 0 Downvote
More info on the MTU setting from NetMax but applies as standard:

We have found that Windows 2000 does not do MTU discovery by default, and it's MTU setting is by default set to 1500.

Most encapsulated protocols will have an MTU that is smaller than 1500 because additional bytes must be added to each packet. IPSEC requires an MTU of <1480. When a VPN concentrator and a Windows 2000 machine begin an IP conversation, MTU discovery should allow the Windows 2000 machine to lower it's MTU setting to the one offered by the concentrator in the MTU Discovery negotiation.

Since the Windows 2000 machine is set to not perform this MTU negotiation, it will continue to send packets that are 1500 bytes. If the Windows 2000 machine sends a packet larger than 1480 bytes, the VPN will be unable to accept the packet and will report this with an ICMP message asking the Windows 2000 machine to fragment packets larger than 1480 bytes. Windows 2000 ignores these ICMP messages.

This problem can be worked around by enabling MTU discovery on your Windows 2000 machines by making a registry entry:

Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, create a DWORD value with the name &quot;EnablePMTUDiscovery&quot;, and the value of &quot;1&quot;.

Modifying your registry is considered advanced configuration for Windows 2000 users and can cause serious problems if done incorrectly. WeThis article is for information purposes only, and we can not recommend your modifying the default behavior of Windows 2000.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
305
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Question
Best vpn safe and fast
Replies
4
Views
193
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
F
  • Question
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
0
Views
1K
FrankSider12
F
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
125
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top