Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN over GPRS

Status
Not open for further replies.
Minden32

Minden32

Technical User
Feb 25, 2002
20
GB
Hi all, we're having a real nightmare here, we're trying to get the following combination working:
Compaq iPaq H3850 (PPC2002), GSM/GPRS Expansion pack.
Intel 3130 VPN Gateway
movianVPN client
Vodaphone GPRS network using mylan access.
We can connect the VPN client and gateway server and they both negotiate and create a tunnel using the external IP address of 212.183.xxx.xxx (etc), however when we try and ping from the client to the gateway it times out and vice versa. Upon looking at the VPN client status we see there is a different client public IP address of 10.48.0.116, this is then stopping our routing from one end of the tunnel to the other - we don't know where this IP address is coming from! Vodaphone denies all knowledge, Compaq are none the wiser, movian and Intel are convinced it is the carrier, therefore we need some serious sensible help with this - any offers??

Thanks very much in advance.
-Tony
 
Sort by date Sort by votes
I dont quite get what you mean by "a different client public ip"

my understanding for vpn over GPRS access :

Usually GPRS service provider will assign you with a private IP , and your access to internet will be going thru a PAT device. First , your vpn soln should be able tolerate
PAT/NAT by some udp encapsulation mode. I have done some testing using cisco vpn client-gateway over gprs , however i was only successful (a complete exchange of keys and tunnel being setup) for abt 50-60% of the no. of tries carried out. My suspect the problem is in latency and packet loss within GPRS , as traffic is passed thru the air interface. Furthermore GPRS make use of unused timeslots in the GSM network and priority is given for voice traffic , hence if there are a lot of voice calls within a particular area, there will not be much resources left for GPRS . That is the reason why at times our ping gets timed out.

maybe some experts can give a better explanation.

any suggestions is appreciated

 
Upvote 0 Downvote
It's fixed!
Problem....
GPRS provider NATs client device on their network to the Internet.
VPN Gateway not configured to accept this and can only route traffic through tunnel created with public IP address.
Solution.....
Use IPSec Encapsulation, this then allows the tunnel to go over UDP on to client device therefore not requiring full connection orientated tunnel.
 
Upvote 0 Downvote
How did you tell the Movian client to use UDP encapsulation ? I have this working on my laptop but cannot find how to tell the Movian client to do it.
Thanks,
Lopetus
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
667
GlobeTrekkerGal
GlobeTrekkerGal
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
498
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
456
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
410
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top