Office VPN kills wireless connection

Page may contain affiliate links. Please see terms for details.
Gollom

Gollom

MB Enthusiast
SUPPORTER
Joined
May 10, 2006
Messages
9,606
Location
Preston, Lancs
Car
S204 C220CDi Sport ED125 (Mr) Kia Picanto Domino 1.1 (Mrs)
Work laptop runs fine when connected wirelessly outside of the office (and authenticates as I can get my email on Outlook) but when I launch SecureRemote (e.g. I need to be on the corporate network) it seems to kill the wireless connection.

Any ideas what to look at? Only does it on this connection - other wireless connections seem fine
 
Some modems/routers dont like IPSEC over UDP. Secure remote may have a TCP option.
 
Gollom said:
Work laptop runs fine when connected wirelessly outside of the office (and authenticates as I can get my email on Outlook) but when I launch SecureRemote (e.g. I need to be on the corporate network) it seems to kill the wireless connection.

Any ideas what to look at? Only does it on this connection - other wireless connections seem fine
Click to expand...

Does it actually KILL the connection, i.e. the wireless shows up as "Not Connected"
Or, as I suspect, does it simply not pass the traffic?
There was a known issue around this which had several fixes and were all based on the overall packet size.
Some routers do not pass giant ethernet packets which is a problem for securemote. The Checkpoint firewall that SR is connecting to may be set to discard fragmented packets also and it too may have an issue with giant packets, depending on how it is configured..
Now, if your packet size is 1500 bytes (common) then once SR encrypts it (wraps it in an IKE packet) the packet becomes larger than 1500 bytes and thus gets split into 2 packets. The FW sees this as incomplete individual packets and discards them
2 easy fixes. 1st, belkin router is basic and unlikely to have this facility but incase it does, allow packets which conform to the following rules to pass.
Protocols 50 and 51 (IKE and AH)
OR
VPN traffic - some routers like to simplify this but it amounts to the same thing.
Generally speaking the router should be configured to allow all outbound traffic through.

Second, you can reduce the maximum MTU size on your PC. registry editing required. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\adapter ID
Set the value to something like 1454. This will allow plenty of overhead for the encryption.

If this fails you can try asking your firewall chap to look at the logs when you are connecting. He will be able to see all incoming packets and also identify the problem.
Hope this helps
Dom.
 
Many thanks for your time

Kills the connection. I did understand most of what you are saying and am comfortable with using Regedit. Luckily I have admin rights (and what a battle THAT was!)

Will try later in the week. As for asking our internal techies that is probably a no-go as they will simply say that I have caused the problem by "installing stuff" :crazy: In other words they are not 100% confident so blame the user! *(I work for an IT company BTW...:eek: )
 
If it definitely kills the connectionn then you have other issues.
Is this securemote or secureclient? Big difference.
Secureclient has a firewall built in which has a policy pushed to it from teh Checkpoint firewall you are connecting to.
Securemote (later versions) also have mechanisms to stop the piggyback-ing of your VPN connection from connections that may be inbound to your laptop.
1st check. Is SR bound to the correct adapter? (the wireless one, not the wired ethernet port) Check this in th eproperties of your wireless connection and look at the bindings.
2nd check. Does SR work on a wired connection?

Let me know the results and I can advise further.
Dom
 
dsolds said:
If it definitely kills the connectionn then you have other issues.
Is this securemote or secureclient? Big difference.
Secureclient has a firewall built in which has a policy pushed to it from teh Checkpoint firewall you are connecting to.
Securemote (later versions) also have mechanisms to stop the piggyback-ing of your VPN connection from connections that may be inbound to your laptop.
1st check. Is SR bound to the correct adapter? (the wireless one, not the wired ethernet port) Check this in th eproperties of your wireless connection and look at the bindings.
2nd check. Does SR work on a wired connection?

Let me know the results and I can advise further.
Dom
Click to expand...

1) Dammed if I can find bindings! :confused:
2) Yes, works on wired connection
 
Bindings are found under the properties of teh connection. Box looks like this.
bindings.jpg


If it works on the wird connection then I suspect what is required first off is to un-bind securenote from the wired adapter and re-bind it to the wireless adapter.

Let me know how this goes.
Dom
 
Sorry, forgot to mention that all the tick boxes in the middle of this box are the various protocols or services which are BOUND to the adapter, hence the term bindings
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)

Similar threads

airlach
Tactrix Openport 2.0 (aliexpress)
Replies
7
Views
878
DSM10000
DSM10000
st13phil
Anyone with experience of Ubiquiti kit?
Replies
19
Views
6K
Gbrowncls55
Gbrowncls55
AMGeed
Website connection problem.
Replies
9
Views
2K
markmifsud
markmifsud
BTB 500
Slow internet connection - ethernet card problem??
2
Replies
25
Views
3K
BTB 500
BTB 500
M
06 CDI cranks, won't run
Replies
18
Views
1K
Alexandru
Alexandru
Back
Top Bottom