Problem solve Get help with specific problems with your technologies, process and projects.

Troubleshooting VPN connection problems for SMBs

Learn how to help SMBs experiencing problems connecting to their file server through a VPN.

My customer is a small business experiencing problems connecting to their file server through a VPN.

The customer connects easily, but the connection often slows considerably when downloading or uploading (saving) files, when inserting files into an email, etc. Often (20-25 times a day) they have to disconnect and reconnect to the VPN again to make it work faster. The problem is worse around Noon.

They have an ADSL 4096/512 connection that works fine ─ also around Noon ─ surfing the Internet, downloading from ftp, etc.

They are on a LAN (not wireless), but there is a Linksys router connected to the network.

Turning off the firewall doesn't affect the problem.

I experience few or no problems connecting to their VPN from my office or home. I have a 100/10mb connection; not ADSL, but a private network that I share with other people. I use a wireless connection at home, and it seems like the VPN is much more stable.

The strange part is that the VPN is the only network-related element that doesn't work at that office. Any ideas why it is so unstable?

The IPSec specification has a number of ambiguous sections that can cause interoperability problems between implementations. These problems are generally difficult to resolve without watching the VPN in operation. The best way to do this is by examining the logs produced by the VPN and by directly observing its operation with a tool such as tcpdump, Wireshark, EtherPeek or other network trace utility.

You can find guidance on using a line trace tool to track the operation of networking protocols in Rich Stevens' TCP Illustrated, Volume 1 and, in the context of VPNs, my book VPNs Illustrated. One thing to pay particular attention to is the final packet size after the VPN has added its additional headers to the IP datagram. It's important that this size not exceed the interface's MSS as this can cause a significant slowdown.

Dig Deeper on MSPs and cybersecurity

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.