General discussion

Locked

VPN IPSec Satellite - Won't play nice

By maxwell edison ·
I have a simple VPN setup for a few remote users. The purpose of the VPN is to simply allow remote access to the company LAN from one's home, and possibly from a laptop on the road. All remote clients up to now have been using either dial-up or broadband for their Internet connection.

At the office end of the VPN is a Linksys BEFVP41 router. A specific VPN tunnel is created at this router for each remote client. (As many as 70 separate tunnels are possible, but I plan to create only about 6.) At the remote client end, I'm using SSH Sentinel IPSec client software. After the SSH software is configured, the remote user opens the VPN connection and simply maps a network drive to the office LAN. It works pretty slick.

One remote user, however, is using a satellite Internet connection, and it just doesn't want to play nice with my plan. I haven't been able to confirmed this, but I suspect that the satellite ISP - DirectWay - has problems with IPSec protocol. Their tech support folks claim that it "should" work with a VPN using IPSec, but it "has to be setup correctly". (Talk about stating the obvious!) However, they can't support VPN connections and won't talk about it at all, so other than saying that it "should" work with IPSec, they aren't any help at all.

(continued in comment...)

This conversation is currently closed to new comments.

39 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

VPN IPSec Satellite - Won't play nice

by maxwell edison In reply to VPN IPSec Satellite - W ...

.....continuation of question:

I've tried using all available encryption options - DES, 3DES, and disabled. I've tried using all available authentication options - MD5, SHA, and disable. Nothing I've tried up to now will work. Why not use a protocol other than IPSec, you might ask? Well, the BEFVP41 router does not support PPTP or L2TP. Use a different ISP, you might suggest. Other than dial-up (which my last option), there are no other Internet options at this particular remote location. And a dedicated T1 line is too expensive.

My bottom line question is this. Does anyone have any ideas on how I might get this satellite remote user connected through the existing BEFVP41 router using IPSec protocol?

Additional question: Any otherideas out there? (Keep in mind that I'd hate to have to change the whole setup - including the remote clients that work - just to accommodate this one problem. But I might have to - this is an IMPORTANT remote user.)

Collapse -

VPN IPSec Satellite - Won't play nice

by maxwell edison In reply to VPN IPSec Satellite - W ...

Point value changed by question poster.

Collapse -

VPN IPSec Satellite - Won't play nice

by maxwell edison In reply to VPN IPSec Satellite - W ...

Point value changed by question poster.

Collapse -

VPN IPSec Satellite - Won't play nice

by Cactus Pete In reply to VPN IPSec Satellite - W ...

I just made a quick check for Directway and IPsec... Seems some people believe that the company closed the ports necessary for IPsec traffic.

If you can call them again [and hopefully get an engineer] see if they can confirm that ports 50/51 and500 are open.

Otherwise, just for this user perhaps, you might get a clunker PC and load Linux on it for his own VPN server... It would cost you another IP address and some space in the closet, but it would be a down and dirty project for you.

Collapse -

VPN IPSec Satellite - Won't play nice

by Cactus Pete In reply to VPN IPSec Satellite - W ...

Some unfortunate information :
http://www.satellite-internet-access.net/Satellite_Internet_VPN.htm

http://tinyurl.com/h033

Collapse -

VPN IPSec Satellite - Won't play nice

by Cactus Pete In reply to VPN IPSec Satellite - W ...

Even worse information:
http://tinyurl.com/h034

Collapse -

VPN IPSec Satellite - Won't play nice

by Cactus Pete In reply to VPN IPSec Satellite - W ...

OK, so my initial poking about shows you likely have a latency issue, but I haven't seen anything that allows you to account for this, or create an allowance for a slow connection.

Collapse -

VPN IPSec Satellite - Won't play nice

by Cactus Pete In reply to VPN IPSec Satellite - W ...

Max - It's a short 'i'.

The Linux box would sit on your lan, not at the client site, and simply would be configured as something other than an IPSec VPN server. I'll poke around some more for appliances that provide this, perhaps there's something pretty cheap.

As for learning Linux, you barely need to anymore, but that's all another story for later.

Collapse -

VPN IPSec Satellite - Won't play nice

by Cactus Pete In reply to VPN IPSec Satellite - W ...

Let me know what you think of something like this:
http://tinyurl.com/h3w0

Collapse -

by maxwell edison In reply to VPN IPSec Satellite - W ...

Thanks for all your comments. I've looked into every one of them, but to no avail. This Direcway satellite system just doesn't want to work with IPSec - at least not with the basic equipment. The high dollar solution I found would have probably worked, but the cost couldn't be justified for this particular location. As an alternate, I'm using a dialup adapter for this VPN connection until broadband cable is installed in the area. Yes, it's slow. but at least it's connected. Thanks again.

Back to Networks Forum
39 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next

Related Discussions

Related Forums